Mi riaggancio a alla discussione precedente ma li non mi fa piu scrivere.
Ecco cosa esce da combofix
Grazie
ComboFix 09-12-20.08 - Emilio 21/12/2009 19.48.25.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1006.660 [GMT 1:00]
Eseguito da: c:\documents and settings\Emilio\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

((((((((((((((((((((((((( Files Creati Da 2009-11-21 al 2009-12-21 )))))))))))))))))))))))))))))))))))
.

2009-12-19 06:51 . 2009-12-19 06:51 -------- d-----w- c:\documents and settings\Emilio\DoctorWeb
2009-12-18 16:02 . 2009-12-18 16:04 -------- d-----w- c:\windows\system32\NtmsData
2009-12-17 07:40 . 1999-11-10 10:05 86016 ----a-w- c:\windows\unvise32qt.exe
2009-12-17 07:39 . 2009-12-18 13:52 -------- d-----w- c:\programmi\QuickTime
2009-12-16 15:30 . 2009-12-16 15:30 -------- d-----w- C:\avira
2009-12-15 04:51 . 2009-12-15 04:51 77312 ----a-w- C:\mbr.exe
2009-12-14 20:07 . 2009-12-14 20:08 -------- d-----w- C:\errori
2009-12-14 19:53 . 2009-12-14 19:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-14 17:30 . 2009-12-16 16:09 -------- d-----w- C:\VEXPLite
2009-12-14 17:29 . 2009-12-14 17:29 -------- d-----w- c:\documents and settings\Emilio\Impostazioni locali\Dati applicazioni\PackageAware
2009-12-14 16:26 . 2009-12-14 16:29 -------- d-----w- c:\programmi\Enigma Software Group
2009-12-14 15:47 . 2009-12-14 15:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-12-13 20:19 . 2008-04-13 18:40 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-13 15:44 . 2009-09-01 10:26 558344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Trend Micro\OE\oe_engine\01\tmaseng.dll
2009-12-13 11:09 . 2009-12-13 15:01 -------- d-----w- C:\pippo
2009-12-12 22:34 . 2009-12-12 22:34 -------- d-----w- c:\documents and settings\Emilio\Dati applicazioni\Malwarebytes
2009-12-12 22:34 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-12 22:34 . 2009-12-12 22:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-12 22:34 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-12 22:34 . 2009-12-12 22:34 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-11 17:50 . 2009-12-11 17:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-11 17:50 . 2009-12-12 21:41 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-12-11 17:50 . 2009-12-12 22:31 -------- d-----w- c:\documents and settings\Emilio\Dati applicazioni\DAEMON Tools Lite
2009-12-11 17:50 . 2009-12-11 17:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-12-11 15:55 . 2009-12-11 15:55 -------- d-----w- c:\programmi\CCleaner
2009-12-06 09:50 . 2009-12-06 09:52 870601 ----a-w- c:\windows\system32\SRPExe.zip
2009-12-06 09:50 . 2009-12-06 09:52 5364858 ----a-w- c:\windows\system32\SRPSig.zip
2009-12-06 06:55 . 2009-12-06 13:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-06 06:49 . 2009-12-06 13:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-12-05 06:40 . 2009-12-05 06:48 -------- d-----w- c:\programmi\RegCleaner
2009-11-25 17:03 . 2005-03-11 17:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-11-25 17:01 . 2009-11-25 17:02 -------- d-----w- C:\ladygaga
2009-11-24 16:42 . 2009-11-24 16:42 -------- d-----w- c:\programmi\Giornata
2009-11-24 16:41 . 2009-11-24 16:41 -------- d-----w- c:\programmi\Settimana

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 15:59 . 2008-08-13 11:30 -------- d-----w- c:\programmi\Trend Micro
2009-12-11 06:24 . 2006-09-18 22:34 85848 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 06:24 . 2006-09-18 22:34 493516 ----a-w- c:\windows\system32\perfh010.dat
2009-12-10 20:38 . 2007-09-22 15:35 -------- d-----w- c:\programmi\Microsoft ActiveSync
2009-12-08 17:20 . 2009-03-17 21:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-12-08 17:20 . 2009-03-17 21:03 -------- d-----w- c:\programmi\File comuni\Nero
2009-12-06 13:11 . 2009-03-16 14:01 -------- d-----w- c:\programmi\Free Video Converter
2009-12-06 13:11 . 2007-01-07 18:45 -------- d-----w- c:\programmi\eMule
2009-12-06 13:11 . 2007-01-02 23:32 -------- d-----w- c:\programmi\comsummer
2009-10-31 05:55 . 2007-07-12 14:41 -------- d-----w- c:\documents and settings\Emilio\Dati applicazioni\ZoomBrowser EX
2009-10-31 05:52 . 2008-07-31 12:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ZoomBrowser
2009-10-30 13:52 . 2009-10-30 13:52 -------- d-----w- c:\documents and settings\Rosanna\Dati applicazioni\Nero
2009-10-29 07:40 . 2006-05-10 05:25 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-09-07 20:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-09-07 20:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-09-07 20:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2004-09-07 20:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-09-07 20:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-09-07 20:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-09-07 20:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
2008-07-29 20:00 1398024 ----a-w- c:\programmi\Trend Micro\Internet Security\UfSeAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Acer Zone\\Picture Slide DVD\\Component\\CLSLDVD.exe"=
"c:\\Programmi\\Acer Zone\\Plug and Record\\Component\\ARAWP.exe"=
"c:\\Programmi\\Acer Zone\\Plug and Record\\Component\\DVAX2Process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"6031:TCP"= 6031:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2865:TCP"= 2865:TCP:Services
"4348:TCP"= 4348:TCP:Services
"7193:TCP"= 7193:TCP:Services
"3647:TCP"= 3647:TCP:Services

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [15/01/2007 7.08.40 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [15/01/2007 7.08.40 5248]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [12/03/2009 19.17.53 91136]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [31/07/2008 13.28.26 22912]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [13/08/2008 12.30.39 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [07/03/2008 10.30.06 36368]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [15/05/2006 19.04.00 892032]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [12/03/2009 19.15.53 23180]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [07/03/2008 10.30.06 333328]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\Emilio\IMPOST~1\Temp\3ee74ac1.nmc\nse\bin\ndiskio.sys --> c:\docume~1\Emilio\IMPOST~1\Temp\3ee74ac1.nmc\nse\bin\ndiskio.sys [?]
S3 UnhookMBRS;UnhookMBRS;\??\c:\docume~1\Emilio\IMPOST~1\Temp\3ee74ac1.nmc\nse\bin\unhookmbrs.sys --> c:\docume~1\Emilio\IMPOST~1\Temp\3ee74ac1.nmc\nse\bin\unhookmbrs.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/12/2009 18.50.48 691696]
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.it/
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 19:57
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86317008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf768cf28
\Driver\ACPI -> ACPI.sys @ 0xf74d9cb8
\Driver\iaStor -> 0x86317008
IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Intel(R) 82566DC Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf72adbb0
PacketIndicateHandler -> NDIS.sys @ 0xf729ca0d
SendHandler -> NDIS.sys @ 0xf72b0b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x02542D6C1
malicious code @ sector 0x02542D6C4 !
PE file found in sector at 0x02542D6DA !

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1360035731-1467615003-4010307876-1005\Software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
@SACL=
"Policy"=dword:00000000

[HKEY_USERS\S-1-5-21-1360035731-1467615003-4010307876-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1360035731-1467615003-4010307876-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1360035731-1467615003-4010307876-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1360035731-1467615003-4010307876-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1360035731-1467615003-4010307876-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2328)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\programmi\Intel\IntelDH\CCU\AlertService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\CAPRPCSK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
c:\programmi\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\programmi\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\Trend Micro\BM\TMBMSRV.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\programmi\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\programmi\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rsvp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-21 20:02:32 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-21 19:02
ComboFix2.txt 2009-12-13 15:00

Pre-Run: 39.030.452.224 byte disponibili
Post-Run: 39.000.936.448 byte disponibili

- - End Of File - - D12E896344A64DCEBA88426E1547F14D