Ok.
Prova a far partire Combofix.
Miglioramenti?

Disistallalo cosi:
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)
*********************************************************************************************************
Poi lo reistalli :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Fai attenzione:
Durante la fase di scaricamento, prova a RINOMINARLO cambiandogli il nome in COMBO-FIX.EXE

Prova in Mododalità provvisoria.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

mi dice: Combofix ha rilevato che questa macchina non ha la "Console"di ripristino d'emergenza"

Sarebbe nel tuo interesse installarla..vuoi farlo ora?

che faccio?

Fatto ecco il log:

ComboFix 09-04-04.01 - Casa 2009-04-08 18:05:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.511.246 [GMT 2:00]
Eseguito da: c:\documents and settings\Casa\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\Muestras
c:\windows\system32\_000006_.tmp.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-03-08 al 2009-04-08 )))))))))))))))))))))))))))))))))))
.

2009-04-04 23:59 . 2009-04-04 23:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-04-03 20:23 . 2009-04-03 20:23 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-03 20:23 . 2009-04-03 20:23 1,409 --a------ c:\windows\QTFont.for
2009-04-03 03:29 . 2009-04-03 03:29 <DIR> d-------- c:\programmi\Java
2009-04-03 03:29 . 2009-04-03 03:29 410,984 --a------ c:\windows\system32\deploytk.dll
2009-04-03 03:29 . 2009-04-03 03:29 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-04-02 18:59 . 2009-04-02 18:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-04-02 14:07 . 2009-04-02 14:07 <DIR> d-------- c:\programmi\Trend Micro
2009-04-01 02:40 . 2009-04-01 02:40 1,156 --a------ c:\windows\mozver.dat
2009-04-01 02:32 . 2009-04-01 02:32 0 --a------ c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 15:35 196 ----a-w c:\windows\system32\drivers\ALCICH.DAT
2009-04-08 15:30 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\uTorrent
2009-04-08 11:55 --------- d-----w c:\programmi\SlipStream Web Accelerator
2009-04-08 11:55 --------- d-----w c:\programmi\QuickTime
2009-04-08 11:55 --------- d-----w c:\programmi\iTunes
2009-04-08 11:55 --------- d-----w c:\programmi\CANYON CN-WCAM23 PC-Camera
2009-04-07 20:38 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-07 20:38 --------- d-----w c:\programmi\PeerGuardian2
2009-04-07 20:38 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-07 20:36 --------- d-----w c:\programmi\DivX
2009-04-03 12:51 --------- d-----w c:\programmi\eMule
2009-04-02 19:49 --------- d-----w c:\programmi\Yahoo!
2009-04-02 17:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-31 22:32 --------- d-----w c:\programmi\Google
2009-03-07 19:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SlySoft
2009-03-06 00:54 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\dvdcss
2009-03-03 23:52 --------- d-----w c:\programmi\MetMedic
2009-02-10 19:39 --------- d-----w c:\programmi\SlySoft
2009-02-10 19:39 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\SlySoft
2009-02-09 14:56 1,846,272 ----a-w c:\windows\system32\win32k.sys
2006-06-22 11:44 2,078,344 ----a-w c:\programmi\NPSWF32.dll
2006-06-22 11:44 2,078,344 ----a-w c:\documents and settings\All Users\NPSWF32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-03 148888]
"SoundMan"="soundman.exe" [2001-05-29 c:\windows\soundman.exe]
"SMSERIAL"="sm56hlpr.exe" [2004-06-29 c:\windows\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2006-12-05 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
SlipStream Web Accelerator.lnk - c:\programmi\SlipStream Web Accelerator\slipgui.exe [2006-04-04 163840]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:Italian /KBD:2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=

S3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [2006-03-31 45568]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.mini20.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\progra~1\SLIPST~1\sliplsp.dll
TCP: {E3013B6A-62B3-4C79-9E8A-68665EC0D1E9} = 85.37.17.10 85.38.28.86
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Casa\Dati applicazioni\Mozilla\Firefox\Profiles\2y31im8g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 18:06:48
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1645522239-725345543-839522115-1003\Software\Zepter Software\RegLib*6c3518e7\CloneDVDmobile/1]
"1"=dword:49b18e56
"2"=dword:49b1904b
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(756)
c:\progra~1\SLIPST~1\sliplsp.dll
c:\windows\system32\sliprt.dll
.
Ora fine scansione: 2009-04-08 18:09:22
ComboFix-quarantined-files.txt 2009-04-08 16:08:49

Pre-Run: 35,464,007,680 byte disponibili
Post-Run: 35,447,738,368 byte disponibili

118 --- E O F --- 2009-04-04 22:09:57

Ok..ora procedo...avevo scaricato il tool Elibagla perchè tempo fa (parecchi mesi fa) avevo preso il virus bagle da un file di emule (credevo fosse un file zip con un programma e invece era il virus)...

Ecco il file log:

Avira AntiVir Personal
Report file date: mercoledì 8 aprile 2009 19:10

Scanning for 1284893 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : Casa
Computer name : 2002-06

Version information:
BUILD.DAT : 9.0.0.386 17962 Bytes 11/03/2009 15:55:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 10:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 03/03/2009 05:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 05/03/2009 12:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 15:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 26/02/2009 18:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 12/02/2009 09:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 04/03/2009 11:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 25/02/2009 13:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 04/03/2009 11:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 17/02/2009 12:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 05:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 13:55:12

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: c:\programmi\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, A:, E:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: mercoledì 8 aprile 2009 19:10

Starting search for hidden objects.
'33970' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'slipgui.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\' <Primario>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'D:\' <PCVECCHIO>
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Periferica non pronta.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Periferica non pronta.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Periferica non pronta.


End of the scan: mercoledì 8 aprile 2009 19:38
Used time: 28:17 Minute(s)

The scan has been done completely.

3632 Scanned directories
131363 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
131362 Files not concerned
1192 Archives were scanned
1 Warnings
1 Notes
33970 Objects were scanned with rootkit scan
0 Hidden objects were found

Da Installazione Applicazioni, disinstalla le versioni installate di Abobe Reader, Adobe Flash Player (comprese quelle marcate Macromedia) e Javasun .

Dopo la disinstallazione, installa le versioni aggiornate di:
Adobe Reader:
http://www.adobe.com/it/products/acrobat/readstep2.html

Adobe Flash Player:
http://www.adobe.com/it/products/flashplayer/


JAVASun:
http://www.aiutamici.com/software?ID=11134

Poi:
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Finite queste operazioni, riferisci come funziona il pc.

Bravo, era proprio il Dialer.
Combofix praticamente non ha levato niente di importante.
Il problema era il Dialer, che a sua volta aveva infettato AVG, e aveva creato una serie di file (vedi lo script di Avenger) infetti, che bloccavano il pc.

Per eliminare tutti i tool installati fai cosi;
http://pc-system.fr/TC/ToolsCleaner2.exe
Scarica e installa ToolsCleaner
clicca su ricerca (rechercher)
Aspetta...
Clicca su Suppression....
Clicca su "Fichier Temp"
Infine clicca su "Quitter"
Verrà creato un log, che troverai in C:\ con il nome di TCleaner.txt