Ho controllato il report, devo dire che una cosa simile non l'avevo mai vista, segui questa procedura:

Apri il blocco note e copia/incolla la citazione:

Windows Registry Editor Version 5.00

[-HKCR\CLSID\{544D472F-270B-4614-87E4-CDE0737CD6D8}]

[-HKCR\CLSID\{0CC6DB27-243B-4450-96A7-7E868225858D}]

[-HKCR\CLSID\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"msctrl.exe"=-

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"msscan.exe"=-

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"msiemon.exe"=-

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"msfw.exe"=-

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"mssadv.exe"=-
ci deve essere una riga vuota dopo =- dai un invio

salvalo in c:\ con il nome nome: fix.reg
tipo di file: tutti i file

scarica Avenger

Esegui avenger e nella finestra copia/incolla tutta la citazione:

files to delete:
C:\xrfrouv.txt
C:\Programmi\rhc5a6j0en8p\rhc5a6j0en8p.exe
C:\WINDOWS\system32\lphc1a6j0en8p.exe
C:\Programmi\Microsoft Security Adviser\msctrl.exe
C:\Programmi\Microsoft Security Adviser\msavsc.exe
C:\Programmi\Microsoft Security Adviser\msscan.exe
C:\Programmi\Microsoft Security Adviser\msiemon.exe
C:\Programmi\Microsoft Security Adviser\msfw.exe
C:\Programmi\MSX\MSx.exe
C:\WINDOWS\system32\848700\848700.dll
C:\WINDOWS\system32\MFC71ETP.DLL
C:\Documents and Settings\All Users\Dati applicazioni\ktebktgz\kpcnczun.exe
C:\Programmi\Applications\wcs.exe
C:\Programmi\Applications\iebtm.exe
C:\Programmi\Applications\iebt.dll
C:\WINDOWS\system32\blphc1a6j0en8p.scr
C:\WINDOWS\system32\2.bat
C:\WINDOWS\system32\algg.exe

folders to delete:
C:\WINDOWS\system32\848700
C:\Documents and Settings\All Users\Dati applicazioni\ktebktgz
C:\Programmi\rhc5a6j0en8p
C:\Programmi\Microsoft Security Adviser
C:\Programmi\MSX

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | lphc1a6j0en8p
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | SMrhc5a6j0en8p
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | msctrl.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | msavsc.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | msscan.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | msiemon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | msfw.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mssadv.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ANTIVIRUS

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{0CC6DB27-243B-4450-96A7-7E868225858D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{544D472F-270B-4614-87E4-CDE0737CD6D8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}
HKLM\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run\b64T84iu3u
HKLM\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run\smile
HKLM\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run\start

programs to launch on reboot:
c:\fix.reg
Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato lo trovi in c:\avenger.

Rifai una scansione con malewarebytes e posta i report delle scansioni, come i precedenti.