Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.38.27, on 18/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Users\Alessio\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9423 bytes






SCUSATE, ORA DEVO ANDARE VIA, PASSERò DOMANI POMERIGGIO A VEDERE SE QUALCUNO HA RISPOSTO, PER CUI SE AVETE BISOGNO DI QUALCOS'ALTRO VI CHIEDO CORTESEMENTE SE POTETE RIPASSARE ANCHE DOMANI. GRAZIE.

Ciao.
Avrai anche 17 fetecchie nel pc, ma il log non me ne mostra manco una.
Comunque esegui queste indicazioni alla lettera:
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Disabilitiamo il UAC: (user account control)
La disattivazione temporanea di uac serve solo ad evitare inutili blocchi dei programmi per la rimozione dei maleware.
Da start>esegui digita msconfig si apre una finestra, vai nel tabellino TOOLS (strumenti) , vedrai la riga "disable uac" metti il segno di spunta, poi ti farà riavviare e al successivo lancio del sistema dovrebbe essere disabilitato
Per ripristinarlo, quando avremo finito, rifai la stessa procedura al contrario.
*********************************************************************************************************
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
esegui una scansione completa del sistema e, una volta terminata la scansione,posta il log che verrà rilasciato in questa discussione.
Assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati
Prima di fare la scansione AGGIORNALO.
*********************************************************************************************************
Poi, esegui alla lettera queste indicazioni:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic. (non aprirne un'altro per favore)

Quando vedrò i log, sapremo se a squared ce la racconta giusta.

ecco quello di Combofix


ComboFix 08-12-18.03 - Alessio 2008-12-20 10.16.53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.3069.2108 [GMT 1:00]
Eseguito da: c:\users\Alessio\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Alessio\AppData\Local\qmacwwy.dat
c:\users\Alessio\AppData\Local\qmacwwy_nav.dat
c:\users\Alessio\AppData\Local\qmacwwy_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-11-20 al 2008-12-20 )))))))))))))))))))))))))))))))))))
.

2008-12-20 09:38 . 2008-12-20 10:11 121 --a------ c:\windows\bdagent.INI
2008-12-19 21:58 . 2008-12-19 21:58 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-19 21:58 . 2008-12-19 21:58 <DIR> d-------- c:\users\Alessio\AppData\Roaming\Malwarebytes
2008-12-19 21:58 . 2008-12-19 21:58 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-19 21:58 . 2008-12-19 21:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 21:58 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-19 21:58 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-18 19:38 . 2008-12-18 19:38 <DIR> d-------- c:\program files\Trend Micro
2008-12-09 19:37 . 2008-12-09 19:37 <DIR> d-------- C:\ubuntu
2008-12-07 19:53 . 2008-12-07 19:53 196,608 --a------ c:\windows\System32\Ikeext.etl
2008-12-07 19:20 . 2008-12-19 19:55 <DIR> d-------- c:\users\All Users\Spyware Terminator
2008-12-07 19:20 . 2008-12-14 11:34 <DIR> d-------- c:\users\Alessio\AppData\Roaming\Spyware Terminator
2008-12-07 19:20 . 2008-12-19 19:55 <DIR> d-------- c:\programdata\Spyware Terminator
2008-12-07 19:20 . 2008-12-14 11:36 <DIR> d-------- c:\program files\Spyware Terminator
2008-12-07 19:20 . 2008-12-07 19:20 <DIR> d-------- c:\program files\Crawler
2008-12-07 19:20 . 2008-12-07 19:20 141,312 --a------ c:\windows\System32\drivers\sp_rsdrv2.sys
2008-12-04 20:02 . 2008-12-04 20:02 <DIR> d-------- c:\users\All Users\comodo
2008-12-04 20:02 . 2008-12-04 20:02 <DIR> d-------- c:\programdata\comodo
2008-12-04 20:02 . 2008-12-04 20:02 <DIR> d-------- c:\program files\COMODO
2008-12-04 20:02 . 2008-12-04 20:02 143,096 --a------ c:\windows\System32\guard32.dll
2008-12-04 20:02 . 2008-12-04 20:02 97,808 --a------ c:\windows\System32\drivers\cmdguard.sys
2008-12-04 20:02 . 2008-12-04 20:02 25,104 --a------ c:\windows\System32\drivers\cmdhlp.sys
2008-12-04 19:48 . 2008-12-14 09:48 <DIR> d-------- c:\program files\a-squared Anti-Malware
2008-12-04 19:43 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-04 19:43 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-04 19:43 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-04 19:42 . 2008-12-07 17:53 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-04 19:42 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-12-04 19:42 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-12-04 19:42 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-12-04 19:42 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-12-04 19:42 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-12-04 19:37 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-04 19:37 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-04 19:37 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-04 19:37 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-04 19:37 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-04 19:37 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-04 19:37 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-04 19:36 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-04 19:36 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-04 17:15 . 2008-12-04 17:16 <DIR> d-------- c:\users\All Users\Lavasoft
2008-12-04 17:15 . 2008-12-04 17:16 <DIR> d-------- c:\programdata\Lavasoft
2008-12-04 17:15 . 2008-12-04 17:15 <DIR> d-------- c:\program files\Lavasoft
2008-12-04 17:06 . 2008-12-04 17:06 <DIR> d-------- c:\users\All Users\Webroot
2008-12-04 17:06 . 2008-12-04 17:06 <DIR> d-------- c:\users\Alessio\AppData\Roaming\Webroot
2008-12-04 17:06 . 2008-12-04 17:06 <DIR> d-------- c:\programdata\Webroot
2008-12-04 17:06 . 2008-12-04 17:06 <DIR> d-------- c:\program files\Webroot
2008-12-04 16:59 . 2008-12-04 16:59 164 --a------ C:\install.dat
2008-12-04 16:43 . 2008-12-04 16:43 <DIR> d-------- c:\users\All Users\PC Tools
2008-12-04 16:43 . 2008-12-04 16:43 <DIR> d-------- c:\users\Alessio\AppData\Roaming\PC Tools
2008-12-04 16:43 . 2008-12-04 16:43 <DIR> d-------- c:\programdata\PC Tools
2008-12-04 16:43 . 2008-12-04 19:23 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-04 16:43 . 2008-12-04 19:30 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-12-04 15:55 . 2008-12-04 15:55 <DIR> d-------- c:\program files\Panicware
2008-12-04 15:37 . 2008-12-04 15:37 <DIR> d-------- c:\users\All Users\CheckPoint
2008-12-04 15:37 . 2008-12-04 15:37 <DIR> d-------- c:\programdata\CheckPoint
2008-12-04 15:35 . 2008-12-04 16:27 <DIR> d-------- c:\windows\Internet Logs
2008-12-04 15:22 . 2008-12-04 16:13 <DIR> d-------- c:\program files\IP Address Shield
2008-12-03 21:14 . 2008-12-03 21:14 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-12-03 21:14 . 2008-12-03 21:14 <DIR> d-------- c:\users\Alessio\AppData\Roaming\SUPERAntiSpyware.com
2008-12-03 21:14 . 2008-12-03 21:14 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-12-03 21:14 . 2008-12-04 16:07 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-25 15:53 . 2008-11-25 15:53 <DIR> d-------- c:\program files\WEBpatente

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 09:12 --------- d-----w c:\users\Alessio\AppData\Roaming\OpenOffice.org2
2008-12-20 09:11 --------- d-----w c:\program files\Common Files\BitDefender
2008-12-20 08:23 81,984 ----a-w c:\windows\System32\bdod.bin
2008-12-14 10:24 --------- d---a-w c:\programdata\TEMP
2008-12-07 18:37 --------- d-----w c:\users\Alessio\AppData\Roaming\Apple Computer
2008-12-07 18:07 --------- d-----w c:\program files\Microsoft Works
2008-12-07 18:07 --------- d-----w c:\program files\eMule
2008-12-07 18:07 --------- d-----w c:\program files\Common Files\LightScribe
2008-12-07 16:54 --------- d-----w c:\program files\Windows Mail
2008-12-07 16:53 --------- d-----w c:\program files\Smart PC Solutions
2008-12-04 19:52 --------- d-----w c:\programdata\Microsoft Help
2008-12-04 18:26 --------- d-----w c:\program files\CCleaner
2008-12-02 20:48 --------- d-----w c:\program files\Yahoo!
2008-11-02 15:17 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-27 18:56 --------- d-----w c:\users\Alessio\AppData\Roaming\vlc
2008-10-25 19:03 --------- d-----w c:\users\Alessio\AppData\Roaming\Smart PC Solutions
2008-10-24 14:06 --------- d-----w c:\programdata\WindowsSearch
2008-10-23 15:44 --------- d-----w c:\programdata\Office Genuine Advantage
2008-10-22 19:56 --------- d-----w c:\users\Alessio\AppData\Roaming\Nokia
2008-10-22 19:55 --------- d-----w c:\users\Alessio\AppData\Roaming\PC Suite
2008-10-22 19:55 --------- d-----w c:\programdata\PC Suite
2008-10-22 19:53 --------- d-----w c:\program files\Nokia
2008-10-22 19:53 --------- d-----w c:\program files\Common Files\PCSuite
2008-10-22 19:53 --------- d-----w c:\program files\Common Files\Nokia
2008-10-22 19:51 --------- d-----w c:\programdata\Downloaded Installations
2008-10-21 18:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-21 16:26 --------- d-----w c:\program files\Windows Live
2008-10-14 10:21 174 --sha-w c:\program files\desktop.ini
2008-10-14 10:08 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-10-14 10:08 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-14 09:44 47,560 ----a-w c:\windows\System32\SPReview.exe
2008-10-14 09:44 152,576 ----a-w c:\windows\System32\SPWizUI.dll
2008-10-14 09:28 269,312 ----a-w c:\windows\System32\es.dll
2008-10-14 09:12 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-10-14 09:12 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-10-14 09:12 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-10-14 09:12 272,896 ----a-w c:\windows\System32\polstore.dll
2008-10-14 09:11 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-10-14 09:11 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-10-14 09:11 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-14 09:11 28,160 ----a-w c:\windows\System32\Apphlpdm.dll
2008-10-14 09:11 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-14 09:11 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-10-14 09:11 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-14 09:11 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-10-14 09:08 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-10-14 09:08 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-14 09:02 988,216 ----a-w c:\windows\System32\winload.exe
2008-10-14 09:02 927,288 ----a-w c:\windows\System32\winresume.exe
2008-10-14 09:02 615,992 ----a-w c:\windows\System32\ci.dll
2008-10-14 09:02 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-10-14 09:02 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-10-14 09:02 40,960 ----a-w c:\windows\System32\srclient.dll
2008-10-14 09:02 378,368 ----a-w c:\windows\System32\srcore.dll
2008-10-14 09:02 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-10-14 09:02 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-10-14 09:02 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-10-14 09:01 295,936 ----a-w c:\windows\System32\gdi32.dll
2008-10-14 09:01 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-10-14 09:00 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-10-14 09:00 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-10-14 09:00 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-07 1021224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-11-20 2780816]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-12-07 1783808]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 c:\windows\RtHDVCpl.exe]

c:\users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-06-29 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EAE1B1D1-F20E-4AE4-835F-6B233E292BCF}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{070EBF35-E89F-4F64-B24C-FB83C1909463}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{74FE78E6-2356-4621-9B4C-3B2D3B731A33}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{333739F6-A834-4E63-B2D3-45FB41FCB8DA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{42F3D6F0-0586-4D21-87CD-9C902196E226}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0A23BCBD-3906-4AA8-8B85-5A8E8F0C4ABF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2F6CE5DB-4E2C-4500-9BB6-51272FC63846}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{B5CD5F18-F2B4-4A5E-8AD2-26AA6D20722B}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{1C06DD55-1CAF-44B9-9D92-19F84C3B3C7D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{690C52DF-4EA9-4BFF-85D1-1BEC5E395751}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{04C50527-09C6-4A39-8588-0691F510B5A1}c:\\program files\\smart pc solutions\\1-2-3 spyware free\\spywarefree.exe"= UDP:c:\program files\smart pc solutions\1-2-3 spyware free\spywarefree.exe:Protecting from spyware and adware can be easy and effective!
"UDP Query User{343CA3A3-A241-419C-9B5A-98DE2CB8272C}c:\\program files\\smart pc solutions\\1-2-3 spyware free\\spywarefree.exe"= TCP:c:\program files\smart pc solutions\1-2-3 spyware free\spywarefree.exe:Protecting from spyware and adware can be easy and effective!
"{96FA06A8-2608-454C-B9D2-30904A226832}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{CAEDE52B-AD6B-4F26-AB5D-2B4F58680D4A}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{5C57E508-6A43-46E1-A188-003D50F1926D}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{FEC7914A-0AD7-4F21-B03A-A51E1A0604A5}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-12-04 97808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-12-04 25104]
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-07 141312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-14 33752]

*Newly Created Service* - PROCEXP90
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 10:18:37
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2008-12-20 10.23.26
ComboFix-quarantined-files.txt 2008-12-20 09:23:24

Pre-Run: 85.079.810.048 byte disponibili
Post-Run: 84,627,779,584 byte disponibili

229 --- E O F --- 2008-12-14 08:49:15

Ciao
Malwarebytes non ha trovato niente.
Combofix, qualcosa .(non 17 virus)
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Come funziona il pc?

Ciao.
Se il pc và bene è chiaro che a-squared dà i numeri.
La connessione/broswer internet non dovrebbe dipendere da qualche virus.
Malwarebytes non ha trovato niente.
Il log di HJT, non presenta grosse anomalie.