Grazie r16 per tutti i consigli.

Allora, ho scannerizzato HD esterno con antivirus ed ha confermato i 4 file infetti che malaware aveva individuato.
Ho rimontato HD e adesso sto lavorando sul vecchio PC infetto.
Le cose sono già migliorate, sento che siamo vicini alla meta.
Manca la ciliegina sul HD :)
Combofix sono finalmente riuscito a scaricarlo e salvato sul desktop del PC infetto (iconcina rossa sembra il marchio della peugeout).
Si è presentato però un altro problema che vado a scrivere.
Ho disattivato tutto, Comodo (l'antivirus), firewall da pannello impostazione e non ho nessun programma in esecuzione.
Lancio combofix e mi appare una piccola finestra nel centro dello schermo con un progress, finito mi appare questo messaggio:

32788R22FWJFW\iexplore.exe (titolo del popup se si può definire tale)
Palla rossa con la X bianca nel centro con scritto:
Impossibile accedere alla periferica al processo o al file specificato. E' probabile che non si disponga delle autorizzazioni necessarie.

Clicco su OK e mi appare un'altra finestra uguale con il nome del file diverso
32788R22FWJFW\hidec.exe e poi
32788R22FWJFW\n.pif con il solito messaggio sotto.

ho provato a lanciare Combofix con l'antivirus (comodo) abilitato e nel progress subito dopo aver lanciato combofix l'antivirus mi dice che ha rilevato 4 virus che corrispondono al nome dei file che ti ho sopra scritto con in più nircmd.cfxxe. Rimuovo e rilancio combofix e mi rileva un'altra volta i solito 4 files.

Grazie per le info, non finirò mai di farlo... :)

Tutte le operazioni che mi hai descritto r16 sono state eseguite. Posto finalmente il log d combofix.
Per me è come se fosse una pagina araba....... buon analisi e grazie.



ComboFix 10-02-11.04 - Proprietario 12/02/2010 18.10.01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.478.210 [GMT 1:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\Rombo-fix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: F-Secure Anti-Virus 2006 6.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\h8srtkrl32mainweq.dll
c:\documents and settings\All Users\Dati applicazioni\h8srtmainqt.dll
c:\documents and settings\All Users\Dati applicazioni\sysReserve.ini
c:\programmi\3wPlayer
c:\recycler\S-1-5-21-1110412475-1774555873-248915221-1005
c:\recycler\S-1-5-21-507921405-57989841-1417001333-1003
c:\windows\system32\ctfmon .exe
c:\windows\system32\H8SRTjrarsvdymt.dll
c:\windows\system32\H8SRTklrtmasbne.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTwtspwtibcr.dat
c:\windows\system32\H8SRTwxbvpecvko.dat
c:\windows\system32\ISTHTB .exe
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\NeroCheck .exe
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys


((((((((((((((((((((((((( Files Creati Da 2010-01-12 al 2010-02-12 )))))))))))))))))))))))))))))))))))
.

2010-02-11 19:01 . 2010-02-11 19:01 -------- d-----w- c:\windows\system32\MpEngineStore
2010-02-11 18:36 . 2010-02-11 18:36 -------- d-----w- c:\programmi\Prolific Technology Inc
2010-02-11 18:25 . 2010-02-11 18:38 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\MigWiz
2010-02-11 18:19 . 2006-11-02 07:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-02-11 18:19 . 2006-11-02 06:07 581192 ----a-w- c:\windows\system32\WinusbCoInstaller.dll
2010-02-11 18:18 . 2010-02-11 18:18 -------- d-----w- c:\programmi\Microsoft
2010-02-07 10:09 . 2010-02-12 17:21 395745 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-02-07 10:07 . 2010-02-07 10:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo
2010-02-07 10:07 . 2010-02-07 10:07 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-07 10:07 . 2010-02-07 10:07 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-07 10:07 . 2010-02-07 10:07 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-07 10:07 . 2010-02-07 10:07 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-07 10:07 . 2010-02-07 10:07 -------- d-----w- c:\programmi\COMODO
2010-02-07 09:18 . 2010-02-07 09:18 -------- d-----w- c:\programmi\EMCO
2010-01-28 10:24 . 2009-12-17 10:04 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-28 10:24 . 2009-12-17 09:57 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-28 10:24 . 2010-01-28 10:24 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\TuneUp Software
2010-01-28 10:24 . 2010-01-28 10:24 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-01-28 10:23 . 2010-01-28 10:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-01-28 10:23 . 2010-01-28 10:23 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-28 08:36 . 2010-01-28 08:37 -------- d-----w- C:\ba7cf3bcbb828ec771a553
2010-01-28 08:23 . 2010-01-28 08:25 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-28 08:10 . 2008-03-17 10:56 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-01-28 08:10 . 2008-03-17 10:03 101376 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-01-28 08:10 . 2008-03-16 13:47 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-01-28 08:10 . 2008-01-22 14:09 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-01-28 08:10 . 2007-08-09 03:13 24448 ----a-r- c:\windows\system32\drivers\ewdcsc.sys
2010-01-26 22:13 . 2010-01-26 22:13 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Yahoo!
2010-01-26 22:12 . 2010-01-26 22:13 -------- d-----w- c:\programmi\CCleaner
2010-01-25 09:52 . 2010-01-28 08:10 -------- d-----w- c:\programmi\3 Internet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 14:49 . 2006-02-03 03:12 61144 ----a-w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-11 18:36 . 2005-11-28 23:44 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-07 11:30 . 2008-07-12 16:06 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-02-07 11:29 . 2008-07-12 16:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-02-07 10:57 . 2006-02-04 15:12 -------- d-----w- c:\programmi\eMule
2010-02-07 10:06 . 2006-02-05 02:35 -------- d-----w- c:\programmi\Winamp
2010-02-07 10:06 . 2006-02-03 20:09 -------- d-----w- c:\programmi\ArcSoft
2010-01-29 07:43 . 2004-09-06 18:00 84156 ----a-w- c:\windows\system32\perfc010.dat
2010-01-29 07:43 . 2004-09-06 18:00 489410 ----a-w- c:\windows\system32\perfh010.dat
2010-01-28 08:18 . 2006-02-24 20:17 -------- d-----w- c:\programmi\Yahoo!
2010-01-28 08:16 . 2006-10-04 19:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-01-28 08:09 . 2006-10-04 19:55 -------- d-----w- c:\programmi\iPod
2010-01-28 08:05 . 2006-03-27 08:45 -------- d-----w- c:\programmi\Google
2010-01-28 08:04 . 2006-03-18 17:28 -------- d-----w- c:\programmi\Digisoft AntiDialer
2010-01-25 10:09 . 2006-02-19 17:56 -------- d-----w- c:\programmi\ffdshow
2010-01-08 13:38 . 2009-05-21 22:21 9728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe
2010-01-08 13:38 . 2009-05-21 22:21 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe
2010-01-08 13:38 . 2009-05-21 22:21 15360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-05 09:53 . 2004-09-06 17:59 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2004-09-06 17:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2004-09-06 17:57 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-03 21:06 . 2009-03-04 20:46 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Samsung
2010-01-03 21:03 . 2009-03-04 20:39 -------- d-----w- c:\programmi\Samsung
2010-01-03 18:22 . 2006-02-23 20:20 -------- d-----w- c:\programmi\Macrogaming
2009-12-31 16:50 . 2004-09-06 17:59 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 01:19 . 2009-12-30 01:19 -------- d-----w- c:\programmi\MSBuild
2009-12-30 01:19 . 2009-12-30 01:19 -------- d-----w- c:\programmi\Reference Assemblies
2009-12-29 19:08 . 2008-08-24 18:54 -------- d-----w- c:\programmi\DIFX
2009-12-17 07:40 . 2005-11-28 23:13 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-09-06 17:57 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2004-09-06 17:58 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2004-09-06 17:59 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2004-08-19 15:39 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-30 23:08 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-09-06 17:58 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-09-06 17:58 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-09-06 17:57 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-19 15:39 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:54 . 2004-09-06 17:57 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Mobile Partner"="c:\programmi\3 Internet\3 Internet.exe" [2010-01-28 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-02-07 1800464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\EMCO\\Malware Destroyer\\MalwareDestroyer.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [07/02/2010 11.07.40 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [07/02/2010 11.07.40 25160]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 11.01.38 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7.24.44 10064]
S3 CCCP106;110T SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [29/12/2009 20.07.51 36608]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\system32\drivers\SE30bus.sys [03/07/2007 21.02.21 61600]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;c:\windows\system32\drivers\SE30mdfl.sys [03/07/2007 21.06.53 9360]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;c:\windows\system32\drivers\SE30mdm.sys [03/07/2007 21.06.53 97184]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE30mgmt.sys [29/07/2007 10.53.20 88688]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);c:\windows\system32\drivers\se30nd5.sys [29/07/2007 10.54.42 18704]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;c:\windows\system32\drivers\SE30obex.sys [29/07/2007 10.52.09 86560]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);c:\windows\system32\drivers\se30unic.sys [03/07/2007 21.03.30 90800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-07 c:\windows\Tasks\Manutenzione automatica.job
- c:\programmi\TuneUp Utilities 2010\OneClickStarter.exe [2009-12-17 10:08]

2010-02-12 c:\windows\Tasks\Ricerca problemi automatica.job
- c:\programmi\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 10:08]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 18:22
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-284847996-1341765847-2980501759-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=

[HKEY_USERS\S-1-5-21-284847996-1341765847-2980501759-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C402EEC3-3831-1EF7-7361-F5D96693BD2C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kailbamcmicfhlflkbmmcd"=hex:62,61,6b,6b,00,00

[HKEY_USERS\S-1-5-21-284847996-1341765847-2980501759-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F4867600-5AFB-D174-54F3-E9EFFA539D4C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kakocfhfncpknkkffbhcef"=hex:62,61,61,66,00,02
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.EXE'(1600)
c:\windows\system32\WININET.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-12 18:34:07 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-12 17:33

Pre-Run: 124.890.365.952 byte disponibili
Post-Run: 124.787.466.240 byte disponibili

- - End Of File - - F768197AD5F2512B5E11CAFE1727DC7A

Buongiorno, eseguito le ultime indicazione e pronto il nuovo log di combofix.

Problemi che riscontro sono sempre i soliti files che Comodo l'antivirus rileva e io devo ignorare altrimenti combofix non mi parte.
n.pif, hidec.exe, iexplore.exe, nircmd.cfxxe

Posto il log aggiornato dopo le ultime indicazioni.

ComboFix 10-02-11.04 - Gianluka 13/02/2010 8.35.53.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.478.234 [GMT 1:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\Rombo-fix.exe
Opzioni usate :: c:\documents and settings\Proprietario\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: F-Secure Anti-Virus 2006 6.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-01-13 al 2010-02-13 )))))))))))))))))))))))))))))))))))
.

2010-02-12 22:20 . 2010-02-12 22:21 -------- d-----w- c:\windows\system32\NtmsData
2010-02-12 05:55 . 2010-02-12 05:55 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\COMODO
2010-02-12 05:55 . 2010-02-12 17:04 -------- d-----w- C:\32788R22FWJFW.6.tmp
2010-02-12 05:20 . 2010-02-12 22:18 -------- d-----w- C:\32788R22FWJFW.5.tmp
2010-02-12 05:15 . 2010-02-12 05:20 -------- d-----w- C:\32788R22FWJFW.4.tmp
2010-02-12 05:07 . 2010-02-12 22:17 -------- d-----w- C:\32788R22FWJFW.3.tmp
2010-02-12 05:06 . 2010-02-12 05:07 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-02-12 05:01 . 2010-02-12 05:04 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-02-11 19:01 . 2010-02-11 19:01 -------- d-----w- c:\windows\system32\MpEngineStore
2010-02-11 18:36 . 2010-02-11 18:36 -------- d-----w- c:\programmi\Prolific Technology Inc
2010-02-11 18:25 . 2010-02-11 18:38 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\MigWiz
2010-02-11 18:19 . 2006-11-02 07:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-02-11 18:19 . 2006-11-02 06:07 581192 ----a-w- c:\windows\system32\WinusbCoInstaller.dll
2010-02-11 18:18 . 2010-02-11 18:18 -------- d-----w- c:\programmi\Microsoft
2010-02-07 10:09 . 2010-02-13 07:51 532833 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-02-07 10:07 . 2010-02-07 10:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo
2010-02-07 10:07 . 2010-02-07 10:07 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-07 10:07 . 2010-02-07 10:07 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-07 10:07 . 2010-02-07 10:07 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-07 10:07 . 2010-02-07 10:07 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-07 10:07 . 2010-02-07 10:07 -------- d-----w- c:\programmi\COMODO
2010-02-07 09:18 . 2010-02-07 09:18 -------- d-----w- c:\programmi\EMCO
2010-01-28 10:24 . 2009-12-17 10:04 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-28 10:24 . 2009-12-17 09:57 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-28 10:24 . 2010-01-28 10:24 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\TuneUp Software
2010-01-28 10:24 . 2010-01-28 10:24 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-01-28 10:23 . 2010-01-28 10:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-01-28 10:23 . 2010-01-28 10:23 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-28 08:36 . 2010-01-28 08:37 -------- d-----w- C:\ba7cf3bcbb828ec771a553
2010-01-28 08:23 . 2010-01-28 08:25 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-26 22:13 . 2010-01-26 22:13 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Yahoo!
2010-01-26 22:12 . 2010-01-26 22:13 -------- d-----w- c:\programmi\CCleaner
2010-01-25 09:52 . 2010-02-12 22:12 -------- d-----w- c:\programmi\3 Internet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 14:49 . 2006-02-03 03:12 61144 ----a-w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-11 18:36 . 2005-11-28 23:44 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-07 11:30 . 2008-07-12 16:06 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-02-07 11:29 . 2008-07-12 16:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-02-07 10:57 . 2006-02-04 15:12 -------- d-----w- c:\programmi\eMule
2010-02-07 10:06 . 2006-02-05 02:35 -------- d-----w- c:\programmi\Winamp
2010-02-07 10:06 . 2006-02-03 20:09 -------- d-----w- c:\programmi\ArcSoft
2010-01-29 07:43 . 2004-09-06 18:00 84156 ----a-w- c:\windows\system32\perfc010.dat
2010-01-29 07:43 . 2004-09-06 18:00 489410 ----a-w- c:\windows\system32\perfh010.dat
2010-01-28 08:18 . 2006-02-24 20:17 -------- d-----w- c:\programmi\Yahoo!
2010-01-28 08:16 . 2006-10-04 19:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-01-28 08:09 . 2006-10-04 19:55 -------- d-----w- c:\programmi\iPod
2010-01-28 08:05 . 2006-03-27 08:45 -------- d-----w- c:\programmi\Google
2010-01-28 08:04 . 2006-03-18 17:28 -------- d-----w- c:\programmi\Digisoft AntiDialer
2010-01-25 10:09 . 2006-02-19 17:56 -------- d-----w- c:\programmi\ffdshow
2010-01-08 13:38 . 2009-05-21 22:21 9728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe
2010-01-08 13:38 . 2009-05-21 22:21 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe
2010-01-08 13:38 . 2009-05-21 22:21 15360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-05 09:53 . 2004-09-06 17:59 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2004-09-06 17:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2004-09-06 17:57 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-03 21:06 . 2009-03-04 20:46 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Samsung
2010-01-03 21:03 . 2009-03-04 20:39 -------- d-----w- c:\programmi\Samsung
2010-01-03 18:22 . 2006-02-23 20:20 -------- d-----w- c:\programmi\Macrogaming
2009-12-31 16:50 . 2004-09-06 17:59 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 01:19 . 2009-12-30 01:19 -------- d-----w- c:\programmi\MSBuild
2009-12-30 01:19 . 2009-12-30 01:19 -------- d-----w- c:\programmi\Reference Assemblies
2009-12-29 19:08 . 2008-08-24 18:54 -------- d-----w- c:\programmi\DIFX
2009-12-17 07:40 . 2005-11-28 23:13 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-09-06 17:57 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2004-09-06 17:58 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2004-09-06 17:59 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2004-08-19 15:39 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-30 23:08 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-09-06 17:58 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-09-06 17:58 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-09-06 17:57 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-19 15:39 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:54 . 2004-09-06 17:57 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Mobile Partner"="c:\programmi\3 Internet\3 Internet.exe" [2010-01-28 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-02-07 1800464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\EMCO\\Malware Destroyer\\MalwareDestroyer.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [07/02/2010 11.07.40 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [07/02/2010 11.07.40 25160]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 11.01.38 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7.24.44 10064]
S3 CCCP106;110T SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [29/12/2009 20.07.51 36608]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\system32\drivers\SE30bus.sys [03/07/2007 21.02.21 61600]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;c:\windows\system32\drivers\SE30mdfl.sys [03/07/2007 21.06.53 9360]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;c:\windows\system32\drivers\SE30mdm.sys [03/07/2007 21.06.53 97184]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE30mgmt.sys [29/07/2007 10.53.20 88688]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);c:\windows\system32\drivers\se30nd5.sys [29/07/2007 10.54.42 18704]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;c:\windows\system32\drivers\SE30obex.sys [29/07/2007 10.52.09 86560]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);c:\windows\system32\drivers\se30unic.sys [03/07/2007 21.03.30 90800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-12 c:\windows\Tasks\Manutenzione automatica.job
- c:\programmi\TuneUp Utilities 2010\OneClickStarter.exe [2009-12-17 10:08]

2010-02-13 c:\windows\Tasks\Ricerca problemi automatica.job
- c:\programmi\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 10:08]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
TCP: {05AAD002-90F3-461E-A783-0AC393B1239D} = 62.211.69.150 212.48.4.15
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 08:58
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-284847996-1341765847-2980501759-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\WININET.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-13 08:59:36 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-13 07:59

Pre-Run: 124.768.747.520 byte disponibili
Post-Run: 124.753.637.376 byte disponibili

- - End Of File - - 470B37445B299DC9A9CEF193BD157A41

Effettuato tutto, ovviamente prima di partire OTC, Comodo ha rilevato i soliti files.
Dopo di che mi ha chiesto il reboot e così ho fatto.

Questo è il nuovo logfile, ma pensi che il PC sia pulito adesso?? Ha bisogno di nuove operazioni??
Io sono disponibile a tutto, aspetto nuove iniziative.
Grazie molte.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.31.57, on 18/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Proprietario\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Programmi\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 2597 bytes

riguardo al log di HJT corto, guarda il mio:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.45.27, on 19/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alice Total Security\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
H:\CodySafe\Launcher.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
H:\CodySafe\PortableApps\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Alice Total Security\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 2765 bytes

Grazie r16 per l'ultimo post, veramente dettagliato.
Sei stato fantastico, grazie infinite.

Adesso il PC è tornato nelle mani malvagie della mia sorella, appena posso eseguirò le ultime (spero) indicazioni.

Un ultima domanda, da curioso, mi piacerebbe capire (leggere qualkosina a riguardo) come lavora e cosa cerca Hijackthis. Trovo niente in rete?

Grazie ancora a breve posterò nuove notizie...

Ciao ciao

ottimo,grazie r16.come puoi immaginare ne avevo consultate altre,ma questa sembra davvero completa e accessibile,almeno ad una prima occhiata.ho letto solo la prima pagina e sono rimasto allibito....ha una potenzialita' incredibile,non lo immaginavo neppure lontanamente,eppure ho letto almeno altre due guide,solo che si fermavano molto prima,forse nel timore che qualcuno facesse guai.