Giusto.
Ma la primmissima sarebbe scaricarlo su un pc pulito.
E dopo quello che ha trovato Mbam, ulteriori accertamenti mi sembra sensato.

Grazie,
ecco il log di ComboFix:
ComboFix 13-01-15.02 - david 15/01/2013 10.47.00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1549 [GMT 1:00]
Eseguito da: c:\documents and settings\david\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\win.ini
c:\windows\wininit.ini
.
---- Esecuzione precedente -------
.
c:\recycler(2)\S-1-5-21-1060284298-602609370-839522115-1003(2)\INFO2
c:\windows\IsUn0410.exe
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cb1bcd7ed950921f.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-12-15 al 2013-01-15 )))))))))))))))))))))))))))))))))))
.
.
2013-01-09 08:56 . 2013-01-09 08:56 -------- d-----w- c:\programmi\CCleaner
2013-01-08 08:52 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-07 17:22 . 2009-12-09 10:24 2139648 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-01-07 17:22 . 2009-12-09 10:25 2184064 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-01-07 17:22 . 2009-12-09 10:25 2061440 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-01-07 17:22 . 2009-12-09 10:24 2019328 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-01-07 17:21 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 12:10 . 2012-07-03 14:10 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 12:10 . 2011-12-12 21:32 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-15 22:33 . 2011-08-08 05:08 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-11-09 15:31 . 2012-09-25 15:40 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-22 12:02 . 2011-12-23 11:32 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
1999-04-08 10:18 . 2006-01-25 23:16 49152 -c--a-w- c:\programmi\_ISREG32.DLL
2008-10-13 12:37 . 2013-01-11 09:46 1762048 ----a-w- c:\programmi\mozilla firefox\plugins\ConvivaProxy.dll
2008-10-13 12:37 . 2013-01-11 09:46 86070 ----a-w- c:\programmi\mozilla firefox\plugins\pthreadVC2.dll
2013-01-11 09:46 . 2013-01-11 09:46 262704 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-19 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
[-] 2008-07-07 20:31 . A0BACAB8AC1749987550D5C7F6E8D323 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:31 . A0BACAB8AC1749987550D5C7F6E8D323 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[7] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\es.dll
[7] 2005-07-26 04:27 . 4CC4C2B7CCB5FCAEF5B73A26AB914B0D . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-19 13:39 . 16A4DE76313DD3ABF7635565BAAF1512 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll
.
[-] 2008-06-20 . E0723611F1A6CAAA66956AD234781617 . 247296 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[7] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\mswsock.dll
[7] 2004-08-19 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-19 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 15:31 1796552 ----a-w- c:\programmi\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\programmi\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\david\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\david\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\david\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\david\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AVG_UI"="c:\programmi\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"vProt"="c:\programmi\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"ROC_ROC_NT"="c:\programmi\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-25 856160]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\Hewlett-Packard\digital imaging\bin\hpqtra08.exe [2009-11-18 275072]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - c:\programmi\File comuni\Autodesk Shared\acstart16.exe [2005-3-5 10872]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se32.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^david^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\david\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 14:13 54576 ----a-w- c:\programmi\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2005-02-07 09:10 36864 ----a-w- c:\programmi\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWS myPrintMileage Agent]
2004-10-31 04:47 102400 ----a-w- c:\programmi\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
2006-03-02 10:54 290816 ----a-w- c:\programmi\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
2006-04-25 12:09 487424 ----a-r- c:\programmi\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-02-26 08:53 65024 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-11-12 16:57 245760 ----a-w- c:\programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 08:33 892928 ----a-w- c:\programmi\Logitech\iTouch\iTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"gusvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Programmi\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Hewlett-Packard\\HP Deskjet 1280\\Toolbox\\HPWSTBX.exe"=
"c:\\Programmi\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\david\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Programmi\\Hewlett-Packard\\digital imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\Hewlett-Packard\\digital imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hewlett-Packard\\digital imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hewlett-Packard\\digital imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hewlett-Packard\\digital imaging\\bin\\hpqcopy2.exe"=
"c:\\Programmi\\Hewlett-Packard\\digital imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\Hewlett-Packard\\digital imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Hewlett-Packard\\digital imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\Hewlett-Packard\\digital imaging\\bin\\hpqusgm.exe"=
"c:\\Programmi\\Hewlett-Packard\\digital imaging\\bin\\hpqusgh.exe"=
"c:\\Programmi\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Programmi\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG2013\\avgdiagex.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 3.50.26 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [09/08/2012 12.56.44 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 6.30.10 35552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26/06/2010 13.17.27 64288]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12.32.00 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12.32.08 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 6.23.48 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 1.14.38 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [25/09/2012 16.40.54 26984]
R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [03/05/2007 17.19.32 12112]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG2013\avgwdsvc.exe [22/10/2012 13.05.08 196664]
R2 PassThru Service;Internet Pass-Through Service;c:\programmi\HTC\Internet Pass-Through\PassThruSvr.exe [15/09/2011 12.06.04 88576]
R2 SentinelKeysServer;Sentinel Keys Server;c:\programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [22/09/2011 0.03.02 374304]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\programmi\File comuni\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [22/09/2011 292384]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\programmi\File comuni\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [09/11/2012 16.31.08 711112]
R2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [30/08/2012 10.12.25 362104]
S2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG2013\avgidsagent.exe [15/11/2012 23.34.30 5814904]
S2 gupdate1c9fb27aec0ce9c;Servizio di Google Update (gupdate1c9fb27aec0ce9c);c:\programmi\Google\Update\GoogleUpdate.exe [02/07/2009 16.13.35 133104]
S2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/01/2013 9.52.22 398184]
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [08/01/2013 9.52.22 682344]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [31/01/2012 15.09.34 158856]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [10/03/2006 19.16.30 9344]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [25/12/2011 17.11.07 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18.01.52 21248]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/01/2013 9.52.21 21104]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [14/04/2009 18.57.47 167808]
S3 USTOR;U-Storage Controller;c:\windows\system32\drivers\UStork.sys [25/09/2005 23.09.30 19826]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [23/09/2005 17.46.21 258560]
S4 softOSD;softOSD;c:\programmi\softOSD\softOSD.exe [18/12/2010 17.56.34 291384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 12:10]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-02 15:13]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-02 15:13]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programmi\File comuni\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\david\Dati applicazioni\Mozilla\Firefox\Profiles\1v2an2su.David\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B08ad5d3b-3b74-45aa-a6de-12021c013efe%7D&mid=5c2d4baba57047d09826d15a9231cf5a-25d3d61b99827b48410e5f892642c41901954e09&ds=AVG&v=12.2.5.34&lang=it&pr=fr&d=2012-09-25%2017%3A40%3A55&sap=ku&q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEI2FJYA&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 49f872ab0000000000000013d4d526a9
FF - user.js: extensions.incredibar_i.instlDay - 15503
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:59
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyEI2FJYA
FF - user.js: extensions.incredibar_i.upn2n - 92261571812206008
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - (no file)
Notify-dimsntfy - (no file)
MSConfigStartUp-Cobian Backup 8 interface - c:\programmi\Cobian Backup 8\cbInterface.exe
MSConfigStartUp-swg - c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-CANV - c:\windows\IsUn0410.exe
AddRemove-PriMus - c:\windows\ISUN0410.EXE
AddRemove-RealAudio Player - c:\windows\RAUNINST.exe Software\Progressive Networks\RealAudio Player\3.0
AddRemove-Sismur 2.0 - c:\windows\unin0410.exe
AddRemove-{1030DCDC-2425-407d-BEE1-13558B837FCA} - c:\programmi\Hewlett-Packard\Digital Imaging\{1030DCDC-2425-407d-BEE1-13558B837FCA}\setup\hpzscr01.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-15 10:53
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2013-01-15 10:55:22
ComboFix-quarantined-files.txt 2013-01-15 09:55
.
Pre-Run: 54 017 654 784 byte disponibili
Post-Run: 53 984 808 960 byte disponibili
.
- - End Of File - - B0FB2F4B709480154A26A911121F88FE

e quello di HijackThis:

ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.09.33, on 15/01/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\AVG\AVG2013\avgwdsvc.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\windows\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\windows\System32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\Programmi\HTC\Internet Pass-Through\PassThruSvr.exe
C:\windows\System32\svchost.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\windows\system32\svchost.exe
C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\windows\system32\dmwu.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\AVG\AVG2013\avgui.exe
C:\Programmi\AVG Secure Search\vprot.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\notepad.exe
C:\windows\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\wincmd\TOTALCMD.EXE
C:\WINDOWS\system32\calc.exe
C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmi\AutoCAD 2006\acad.exe
C:\DOCUME~1\david\IMPOST~1\Temp\AdskCleanup.0001
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\File comuni\Autodesk Shared\WSCommCntr1.exe
C:\Programmi\wincmd\TOTALCMD.EXE
C:\windows\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programmi\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programmi\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Programmi\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Programmi\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programmi\File comuni\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Servizio di Google Update (gupdate1c9fb27aec0ce9c) (gupdate1c9fb27aec0ce9c) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Programmi\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: WebOptimizer - Unknown owner - C:\windows\system32\dmwu.exe

--
End of file - 6185 bytes

NB: HijackThis mi chiede di essere installato...

Mao non capisco cosa vuoi dire, sei sempre così enigmatico ??
Ha il SP2 perchè non riesce ad installare il SP3 I.E. 7 lo può anche tenere visto che usa Firefox.

Ciao, niente da fare.
Scansione con Cleanup and Repair, disinstalalto firefox, staccato tutto e provato a installare il SP3.
La risposta è sempre la stessa: "il file C://windows/system32/driver/acpi.sys è aperto ed in uso da un altra applicazione"

Per l'aggiornamento devi usare Internet Explorer e non devi avere aperto nessun programma e nemmeno altri browser. Disattiva anche il Firewall. Prova così