ok......... ComboFix 08-07-27.1 - Mario Baiardo 2008-07-27 19.20.15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.481 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Mario Baiardo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\winsrc.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-06-27 al 2008-07-27 )))))))))))))))))))))))))))))))))))
.

2008-07-13 15:49 . 2008-07-27 13:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-13 15:49 . 2008-07-13 15:49 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 16:58 --------- d-----w C:\Documents and Settings\Mario Baiardo\Dati applicazioni\Skype
2008-07-27 14:52 --------- d-----w C:\Documents and Settings\Mario Baiardo\Dati applicazioni\skypePM
2008-07-27 14:38 10,801 -c--a-w C:\Programmi\hijackthis.log
2008-07-27 14:21 --------- d-----w C:\Programmi\backups
2008-07-27 12:41 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-07-25 20:57 --------- d-----w C:\Programmi\eMule Extreme
2008-07-24 20:45 --------- d-----w C:\Programmi\AdVantage
2008-07-24 19:45 --------- d-----w C:\Programmi\BFG
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 20:55 --------- d-----w C:\Programmi\Doom 3
2008-06-02 20:40 --------- d-----w C:\Programmi\2K Games
2008-05-30 20:54 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-05-29 20:19 --------- d-----w C:\Programmi\Jewel Quest
2008-05-24 19:10 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-05-24 19:10 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-11 07:00 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-05-11 07:00 22,328 ----a-w C:\Documents and Settings\Mario Baiardo\Dati applicazioni\PnkBstrK.sys
2008-05-11 07:00 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-03 11:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-24 13:42 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-01-07 20:40 401,720 ----a-w C:\Programmi\HiJackThis.exe
2007-08-09 21:07 92,064 -c--a-w C:\Documents and Settings\Mario Baiardo\mqdmmdm.sys
2007-08-09 21:07 9,232 -c--a-w C:\Documents and Settings\Mario Baiardo\mqdmmdfl.sys
2007-08-09 21:07 79,328 -c--a-w C:\Documents and Settings\Mario Baiardo\mqdmserd.sys
2007-08-09 21:07 66,656 -c--a-w C:\Documents and Settings\Mario Baiardo\mqdmbus.sys
2007-08-09 21:07 6,208 -c--a-w C:\Documents and Settings\Mario Baiardo\mqdmcmnt.sys
2007-08-09 21:07 5,936 -c--a-w C:\Documents and Settings\Mario Baiardo\mqdmwhnt.sys
2007-08-09 21:07 4,048 -c--a-w C:\Documents and Settings\Mario Baiardo\mqdmcr.sys
2007-08-09 21:07 25,600 -c--a-w C:\Documents and Settings\Mario Baiardo\usbsermptxp.sys
2007-08-09 21:07 22,768 -c--a-w C:\Documents and Settings\Mario Baiardo\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 06:00 15360]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"DAEMON Tools Lite"="C:\Programmi\DAEMON Tools Lite\daemon.exe" [2007-12-29 14:05 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 06:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AspireService"="C:\Programmi\Acer\Acer eMode Management\AspireService.exe" [2005-06-21 16:39 110592]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920]
"D-Link AirPlus G"="C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" [2007-08-03 12:29 1552384]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 12:49 49152]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 13:22 86016 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 06:00 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2006-10-04 10:32 4943872 C:\Programmi\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programmi\\eMule Extreme\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\K-Lite Codec Pack\\tools\\StatsReader.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmi\\Doom 3\\Doom3.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16525:UDP"= 16525:UDP:Rosso Alice UDP
"42733:TCP"= 42733:TCP:eMule_TCP
"32314:UDP"= 32314:UDP:eMule_UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 08:00]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 int15.sys;int15.sys;C:\Programmi\Acer\eRecovery\int15.sys [2005-01-13 15:46]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 14:17]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 10:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41ef64a0-fd93-11dc-b121-00142a7526c0}]
\Shell\AutoRun\command - K:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - K:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c717da2-be25-11dc-b0a7-00142a7526c0}]
\Shell\Auto\command - ngkymvszf.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ngkymvszf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ee9334e-e5dc-11db-af12-00142a7526c0}]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec285f2b-e5b7-11db-af10-00142a7526c0}]
\Shell\AutoRun\command - K:\autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-03-14 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job - C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe [2008-01-28 12:43]
2008-07-23 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-01-05 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORFÃOS REMOVIDOS - - - -

HKU-Default-RunOnce-IETI - C:\Programmi\Skype\Phone\IEPlugin\unins000.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.alice.it/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmi\PokerStars\PokerStarsUpdate.exe
O17 -: HKLM\CCS\Interface\{C9C8336C-D3A9-49AF-827C-B81D40068478}: NameServer = 212.216.112.112,212.216.112.122

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 19:21:48
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-27 19:22:40
ComboFix-quarantined-files.txt 2008-07-27 17:22:19

Pre-Run: 27,699,179,520 byte disponibili
Post-Run: 27,727,826,944 byte disponibili

177 --- E O F --- 2008-07-10 17:44:11

ok ho fatto come dicevi

Siccome mi fido del saggio Monsee, Ti invito a fare una scansione con detto Tooll:
http://it.pcthreat.com/parasitebyid-6947it.html.
Vorrei sapere cosa ha trovato.
Poi Fixa queste voci di HijackThis:
Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O15 - Trusted Zone: *.rossoalice.virgilio.it
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://mael71m.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mael71m.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Posta anche il log.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Ricordati di rinascondere le cartelle di sistema;
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Aggiorna Java:
http://www.aiutaamici.com/software?ID=11134
Dimmi se il problema si è risolto.
Ciao.