Ok, scansione effettuata con ComboFix: posto il report
Premetto che tutte le voci cancellate con dicitura HTV, sono relative ad un keylogger che utilizzavo e che, probabilmente, non fu disinstallato degnamente.

ComboFix 10-03-08.02 - io 09/03/2010 14.27.55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.534 [GMT 1:00]
Eseguito da: c:\documents and settings\io\Documenti\Download\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\io\Dati applicazioni\inst.exe
C:\Microsoft
c:\programmi\Cheat Engine\dbk32.sys
c:\programmi\HTV
c:\programmi\HTV\akv.cfg
c:\programmi\HTV\AKV.exe
c:\programmi\HTV\htv.001
c:\programmi\HTV\HTV.002
c:\programmi\HTV\HTV.003
c:\programmi\HTV\HTV.004
c:\programmi\HTV\HTV.005
c:\programmi\HTV\HTV.006
c:\programmi\HTV\HTV.007
c:\programmi\HTV\HTV.008
c:\programmi\HTV\HTV.009
c:\programmi\HTV\HTV.chm
c:\programmi\HTV\HTV.exe
c:\programmi\HTV\menu.gif
c:\programmi\HTV\qs.html
c:\programmi\HTV\tray.gif
c:\programmi\HTV\Uninstall.exe
c:\programmi\webmediaplayer
c:\programmi\webmediaplayer\resources\wmp_translation_file.xml
c:\programmi\webmediaplayer\sqlite3.dll
c:\windows\system32\_004997_.tmp.dll
c:\windows\system32\_004998_.tmp.dll
c:\windows\system32\_004999_.tmp.dll
c:\windows\system32\_005000_.tmp.dll
c:\windows\system32\_005007_.tmp.dll
c:\windows\system32\_005008_.tmp.dll
c:\windows\system32\_005009_.tmp.dll
c:\windows\system32\_005010_.tmp.dll
c:\windows\system32\_005012_.tmp.dll
c:\windows\system32\_005013_.tmp.dll
c:\windows\system32\_005016_.tmp.dll
c:\windows\system32\_005017_.tmp.dll
c:\windows\system32\_005019_.tmp.dll
c:\windows\system32\_005020_.tmp.dll
c:\windows\system32\_005021_.tmp.dll
c:\windows\system32\_005023_.tmp.dll
c:\windows\system32\_005026_.tmp.dll
c:\windows\system32\_005027_.tmp.dll
c:\windows\system32\_005031_.tmp.dll
c:\windows\system32\_005032_.tmp.dll
c:\windows\system32\_005034_.tmp.dll
c:\windows\system32\_005037_.tmp.dll
c:\windows\system32\_005039_.tmp.dll
c:\windows\system32\_005040_.tmp.dll
c:\windows\system32\_005041_.tmp.dll
c:\windows\system32\_005042_.tmp.dll
c:\windows\system32\_005043_.tmp.dll
c:\windows\system32\_005046_.tmp.dll
c:\windows\system32\_005047_.tmp.dll
c:\windows\system32\_005048_.tmp.dll
c:\windows\system32\_005049_.tmp.dll
c:\windows\system32\_005050_.tmp.dll
c:\windows\system32\_005055_.tmp.dll
c:\windows\system32\_005057_.tmp.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Creati Da 2010-02-09 al 2010-03-09 )))))))))))))))))))))))))))))))))))
.

2010-03-08 11:22 . 2010-03-08 11:25 -------- dc-h--w- c:\windows\ie8
2010-03-05 10:03 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-26 22:52 . 2010-03-05 23:08 -------- d-----w- c:\documents and settings\io\Dati applicazioni\vlc
2010-02-26 22:40 . 2010-02-26 22:40 -------- d-----w- c:\documents and settings\io\Dati applicazioni\java
2010-02-26 09:56 . 2010-02-26 09:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IObit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 13:42 . 2008-02-05 00:39 -------- d-----w- c:\documents and settings\io\Dati applicazioni\Skype
2010-03-09 13:34 . 2009-10-25 01:37 -------- d-----w- c:\programmi\Cheat Engine
2010-03-09 10:19 . 2008-04-12 16:57 304160 ----a-w- C:\StiImg.dat
2010-03-09 08:58 . 2008-02-13 10:32 -------- d-----w- c:\documents and settings\io\Dati applicazioni\skypePM
2010-03-08 22:00 . 2008-12-09 18:22 -------- d-----w- c:\documents and settings\io\Dati applicazioni\IObit
2010-03-05 08:04 . 2004-09-07 12:00 84282 ----a-w- c:\windows\system32\perfc010.dat
2010-03-05 08:04 . 2004-09-07 12:00 489370 ----a-w- c:\windows\system32\perfh010.dat
2010-03-04 17:37 . 2008-02-04 00:50 -------- d-----w- c:\documents and settings\io\Dati applicazioni\uTorrent
2010-03-02 18:04 . 2008-02-17 18:54 -------- d-----w- c:\documents and settings\io\Dati applicazioni\dvdcss
2010-02-26 22:41 . 2010-02-26 22:40 49152 ----a-w- c:\documents and settings\io\Dati applicazioni\msnmsgs.exe
2010-02-26 22:41 . 2010-02-26 22:40 49152 ----a-w- c:\documents and settings\io\Dati applicazioni\msnmsgs.exe
2010-02-26 22:40 . 2010-02-26 22:40 49152 ---ha-w- c:\documents and settings\io\Dati applicazioni\java\msnmsgs.exe
2010-02-16 21:20 . 2010-01-24 14:27 -------- d-----w- c:\programmi\JDownloader
2010-02-09 07:33 . 2008-02-04 00:50 -------- d-----w- c:\programmi\uTorrent
2010-02-08 22:21 . 2008-02-10 20:46 -------- d-----w- c:\programmi\Xilisoft
2010-02-05 21:22 . 2010-02-05 21:21 -------- d-----w- c:\documents and settings\io\Dati applicazioni\SecondLife
2010-02-05 21:20 . 2010-02-05 21:19 -------- d-----w- c:\programmi\SecondLife
2010-01-31 16:52 . 2008-03-04 09:57 -------- d-----w- c:\programmi\AV VCS 3.0
2010-01-29 09:48 . 2008-03-03 19:01 -------- d-----w- c:\programmi\Winamp
2010-01-27 17:25 . 2008-12-01 00:26 -------- d-----w- c:\programmi\Google
2010-01-25 20:28 . 2010-01-25 12:02 -------- d-----w- c:\documents and settings\io\Dati applicazioni\Audacity
2010-01-25 12:02 . 2010-01-25 12:01 -------- d-----w- c:\programmi\Audacity 1.3 Beta (Unicode)
2010-01-24 12:39 . 2008-03-15 21:56 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-20 16:31 . 2009-11-10 14:38 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-18 09:25 . 2009-02-26 07:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-01-18 09:17 . 2009-02-25 17:14 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-18 09:04 . 2008-09-07 00:30 1290800 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-13 21:26 . 2009-07-26 17:21 -------- d-----w- c:\programmi\AVS4YOU
2010-01-13 20:59 . 2009-07-26 17:22 -------- d-----w- c:\documents and settings\io\Dati applicazioni\AVS4YOU
2009-12-31 16:50 . 2008-08-20 14:05 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2004-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2008-02-03 22:27 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-08-20 14:05 33280 ----a-w- c:\windows\system32\csrsrv.dll
2008-10-30 01:30 . 2008-10-30 01:30 1128960 --sha-w- c:\programmi\ehthumbs.db
2008-02-14 19:33 . 2008-02-14 19:24 144 --sh--w- c:\windows\SF6E27E39.tmp
.

------- Sigcheck -------

[-] 2008-11-03 . BC7ABE9DD9ED352007AFD184DAE2FFBC . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2008-11-03 . BC7ABE9DD9ED352007AFD184DAE2FFBC . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2008-09-13 . ACC48E560D41AF34AE064B690FB2363B . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2008-02-06 . CE3EC03C9F65302E44AF5C452D20A86F . 360832 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB889527$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-05 7323648]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-08-03 949376]
"Lexmark 1200 Series"="c:\programmi\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\File comuni\\Ahead\\Lib\\NMTvWizard.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero Vision\\NeroVision.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\uusee\\UUSeePlayer.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\io\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\SecondLife\\SLVoice.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [03/08/2008 17.17.30 15424]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [19/06/2009 9.13.59 38144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/11/2009 15.37.42 54752]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [04/03/2008 10.57.12 6852]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [04/02/2008 0.20.49 835200]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 12.29.14 162176]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [04/02/2008 23.36.20 7040]
S2 gupdate1c9534b81c94a38;Google Update Service (gupdate1c9534b81c94a38);c:\programmi\Google\Update\GoogleUpdate.exe [01/12/2008 1.26.51 133104]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys --> c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [?]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys --> c:\windows\system32\DRIVERS\ONDAusbnet.sys [?]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys --> c:\windows\system32\DRIVERS\ONDAusbnmea.sys [?]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys --> c:\windows\system32\DRIVERS\ONDAusbser6k.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [19/06/2009 9.14.05 194304]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2008-12-01 12:49]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2008-12-01 12:49]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1177238915-725345543-1003Core.job
- c:\documents and settings\io\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:31]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1177238915-725345543-1003UA.job
- c:\documents and settings\io\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:31]

2009-11-21 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-03-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {114CCFB4-0892-43E9-9056-101DAE7BC1AD} = 192.168.0.1,212.216.112.112
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} - hxxp://aiuto.alice.it/ata/static/installers/WebflowActiveXInstaller_4-1-5.cab
FF - ProfilePath - c:\documents and settings\io\Dati applicazioni\Mozilla\Firefox\Profiles\6kxk6r81.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\documents and settings\io\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-HTV Agent - c:\programmi\HTV\HTV.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 14:41
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="9EBB4D409D251E6B6579FD96EFF305CA64160EA79BE7F6E3AF2AA428F999C48048A439F4343C3BFA4B26775706635BA6BBAF3E1408149C87589CA648902D3B5B8374A2A024199FF3B700A455ED544CDB10BA5AF853C1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA2D97226D213B555A9C6AECB7A5D14074C23681D91D4DA896755680D61BB844CD30FE31E268D25D01A315780CD7AAF301435C372F14929DE5E57AF2A0DA3B57FDE103E934B383C8354DA5960DDAE0F25F7D064DB6CE1ACAAB18D86A189F68FF8DCEAFB92C0380AF7158A022431C8B74B1CAA48FEB52479514FCFFC6522EF847B223F5DF68B1A03703AC46239244BBF8109CCF0F12527656F054E265B48DA4E80E8FE2815D601E1DF86E091FC3BCE81D7A895E6C3B6968C53890C1AD91399E8B1CD7524B1EE22A16FA08CA9421EFD1C14CBB6B3F08AB4CE7D73DEF430B7211470D2BA9D0648C9857B124AC6D1961870B025B466EF65544DA640F2D51F96F9D24D5EC0E5C0F5541294C96B8B6592EF255ACAEB91282D5F7139D0455F5AAEC36F93374A5184B2B4107E9A1C9D2B27EE25723A87CB74EFCFE351672ABA8CA52DF4BB0C70B8E6DD718BB23BD726C80A8D9C0FD10AAF275B371644AEC7135142FCB3F66F9DF7717825D7DD44ED52D2955CFEF95549DB824539BA97B119193B740CBF28D412F0A3277D895F3605D4D4C97F822F6C70F1BEA38FC706E1EB7D4E4C48F0E696E188EDB5BBF84D7195634EC9ABA161A1FA9B091505787D13E47B837D3164FEF2F4A5B611B7C36F3EEBB6325BAF99F6643D80FE577A4D217DF8CCC7E15D7A6F8A86B5584ADBCBC145280DE7E9E7EC87095A5038CE640946BEF3B0FC767755EBE126AA2199A535F596C1284A05C8E1E2C54E3E3904CAB17955F46C775B3A5F5CE339765257A7686F247E4D285ED9828738648080224A147726ECC5815777C2DB5D7515A381879447447C47C34D351EADDC41517CF812BDB37A258955D09571BB7F6601BC3A81A949B0ACE1D44C0CC43E19D8EE13FC6703D4FE368727D50D9DFBDF6EBA3D4761DC7708D26F877C9FCD5534759E99C5227B354210939918EBC1577740C736938A28054D0946F89DC85346D7B4A35E0F2F8062BAF58447EA52973724E131AE2B7247DB663BBF3D19F132961609CB213A0F3321BF7DB53CC875A13D2731029FC0A5BC179DAA395B771B8F7D60B66315C85474650D9187F9CC20A2B926DCCCF72B404D0822EB944E6AD64F6B0ED83D6263286C5BC4715E74B92E23B7AA69A49962F4813285E73884C24C1B015C5E3125D7C708616AAF2017F3926F7122ADA35A078A26CF3F5A8CE17837E212E886996E9382748966B33ABD04D096D4DC576404D7DBCDCB2856"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(320)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\PAStiSvc.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Lexmark 1200 Series\lxczbmon.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-09 14:48:55 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-09 13:48

Pre-Run: 20.007.477.248 byte disponibili
Post-Run: 20.639.244.288 byte disponibili

- - End Of File - - 56264083ADAC16446503AEB2562E38B3


Inoltre, ho fatto caso che da un pò di giorni internet explorer non mi funziona più (mi si blocca appena lo apro), ma non sò se la cosa si può giustificare a questo virus o meno.
Attendo risposte, scusate se vi dovete leggere tutto stò mega report! :-) grazie

In ordine leggo:

Administrator del gruppo Administrators
ASPNET del gruppo Users
io (sarebbe il mio account) del gruppo Administrators
RemoteUser del gruppo Users

MAGNIFICO!
L'account non compare più...grazie veramente tanto!
E anche ie8 è tornato a funzionare...2 piccioni con una fava :-)

Poichè sono molto appassionato di queste tematiche legate alla sicurezza, mi potreste dire che cosa era quell'account e cosa provocava?Anche perchè negli ultimi giorni ho sentito una marea di casi di infezione di questo tipo. Combofix è la prima volta che lo uso, sembra interessante :-)

diamo anche un occhiata se avesse creato delle cartelle?
devi abilitare la visione di file e cartelle nascosti:start,pannello di controllo,opzioni cartella,visualizzazioni,metti la spunta a
"visualizza file e cartelle nascosti"e leva la spunta a "nascondi i file protetti di sistema"
poi fai start,cerca,e digita helpassistant.
mi sembra di ricordare che in un occasione si erano formate,se non è cosi' chiedo venia.

ciao e grazie r16,di buono c è che ricordavo bene,infatti nel primo post,prima di combo, ipotizzavo che ci fossero problemi all mbr,di gramo c è che
se non ci sei tu col mio aiuto vanno poco distanti!!!!

scusa non ho ben capito, mi hai chiesto un log con il programma su citato? Non è lo stesso di combofix?
Scusa se sono ripetitivo, ma potresti rispondermi al post precedente?sai comè, vorrei capire da dove è saltato fuori questo tipo di account e come prevenirne la sua riformazione. Inoltre: i files con estensione .vir che ha creato combofix, posso cancellarli?
Grazie ancora.

Certo, certo r16...ringrazio ovviamente per prima cosa che siete riusciti ad aiutarmi, poi mi ero permesso di chiedere maggiori informazioni al solo fine di prevenzione.
Comunque posto il log di HJT, vediamo se c'è da fare qualche ulteriore pulizia



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.49.12, on 10/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SmartRAM] "C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202083135508
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://aiuto.alice.it/ata/static/installers/WebflowActiveXInstaller_4-1-5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{114CCFB4-0892-43E9-9056-101DAE7BC1AD}: NameServer = 192.168.0.1,212.216.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{114CCFB4-0892-43E9-9056-101DAE7BC1AD}: NameServer = 192.168.0.1,212.216.112.112
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9534b81c94a38) (gupdate1c9534b81c94a38) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7505 bytes



Grazie ancora, buona giornata a tutti

Allora...ho fatto tutto r16, noto però 2 cose:

1) nella cartella Prefetch non riesco a cancellare il seguente file (anche dopo aver riavviato): MSNBACKUP.EXE-1037CEE4.pf

2) dopo aver inserito la password al mio account, ci mette un bel pò nel caricamento (circa 3 minuti)

mi dici un pò se è tutto normale o posso fare qualche ulteriore operazione?
Per il momento il punto di ripristino non l'ho ancora creato.

Grazie, a presto

allora....
il problema della lentezza all'accesso è scomparso (probabilmente dipende dal fatto che ho solo riavviato in precedenza e mai fatto arresta sistema);
il punto di ripristino è stato, per l'appunto, rispristinato :-)
Ora manca solo quel file che non riesco a cancellare, anche perchè non riesco ad accedere alla modalità provvisoria:
quando all'avvio del pc premo F8, effettivamente mi si presenta una scelta da fare tra l'avvio dal cd o dall'hard disk, però non ho la scelta di partire con modalità provvisoria...sapete perchè? sbaglio procedura?