Ho scaricato combofix è fatto quanto mi hai suggerito...ecco il testo di combofix.txt ciao e grazie:


ComboFix 10-05-29.05 - Roberto 30/05/2010 12.36.11.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.2550.1641 [GMT 2:00]
Eseguito da: c:\users\Roberto\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081125-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081125-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\%appdata%
c:\windows\system32\nt2uahu.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll
D:\resycled

.
((((((((((((((((((((((((( Files Creati Da 2010-04-28 al 2010-05-30 )))))))))))))))))))))))))))))))))))
.

2010-05-30 10:43 . 2010-05-30 11:01 -------- d-----w- c:\users\Roberto\AppData\Local\temp
2010-05-30 10:43 . 2010-05-30 10:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-30 10:43 . 2010-05-30 10:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-30 09:57 . 2010-05-30 09:57 388096 ----a-r- c:\users\Roberto\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-30 06:48 . 2010-05-30 06:48 -------- d-----w- c:\users\Roberto\AppData\Local\Nero
2010-05-30 06:34 . 2010-05-30 06:34 -------- d-----w- c:\users\Roberto\AppData\Roaming\Nero
2010-05-30 06:18 . 2010-05-30 06:18 -------- d-----w- c:\programdata\Nero
2010-05-30 06:17 . 2010-05-30 06:17 -------- d-----w- c:\program files\Common Files\Nero
2010-05-30 05:54 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-30 05:54 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-30 05:53 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-05-30 05:53 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-30 05:52 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-26 00:59 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 16:48 . 2010-05-25 16:48 -------- d-----w- c:\program files\WinDjView
2010-05-14 05:30 . 2010-05-14 05:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-12 08:21 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-07 04:58 . 2010-05-07 04:58 1024 ----a-w- c:\windows\system32\qgq9svo.dll
2010-05-07 04:58 . 2010-05-07 04:58 1024 ----a-w- c:\windows\system32\grcauth2.dll
2010-05-07 04:58 . 2010-05-07 04:58 1024 ----a-w- c:\windows\system32\grcauth1.dll
2010-05-07 04:58 . 2010-05-07 04:58 1024 ----a-w- c:\windows\system32\clauth2.dll
2010-05-07 04:58 . 2010-05-07 04:58 1024 ----a-w- c:\windows\system32\clauth1.dll
2010-05-07 04:58 . 2009-04-10 21:28 16 ---h--w- c:\windows\system32\ubl9clt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 10:50 . 2008-04-16 08:35 716986 ----a-w- c:\windows\system32\perfh010.dat
2010-05-30 10:50 . 2008-04-16 08:35 141462 ----a-w- c:\windows\system32\perfc010.dat
2010-05-30 10:43 . 2009-06-14 22:16 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-30 09:54 . 2008-10-22 20:56 1 ----a-w- c:\users\Roberto\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-30 09:44 . 2008-10-16 13:26 118152 ----a-w- c:\users\Roberto\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-30 09:42 . 2008-04-15 22:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-30 09:25 . 2008-10-16 14:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-30 09:17 . 2009-11-20 16:35 -------- d-----w- c:\program files\Pinnacle
2010-05-30 09:17 . 2008-12-05 19:54 -------- d-----w- c:\programdata\Pinnacle
2010-05-30 05:40 . 2010-04-17 23:34 -------- d-----w- c:\users\Roberto\AppData\Roaming\uTorrent
2010-05-27 20:14 . 2010-05-27 20:14 -------- d-----w- c:\users\Roberto\AppData\Roaming\FreeAudioPack
2010-05-27 20:14 . 2010-05-27 20:14 -------- d-----w- c:\program files\Free Audio Pack
2010-05-17 13:09 . 2009-01-10 20:41 -------- d-----w- c:\programdata\Messenger Plus!
2010-05-17 13:09 . 2009-01-10 20:33 -------- d-----w- c:\program files\Messenger Plus! Live
2010-05-14 05:31 . 2008-10-16 14:16 -------- d-----w- c:\program files\Common Files\Java
2010-05-12 10:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 10:18 . 2008-04-15 23:14 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-02 16:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 22:17 . 2010-03-16 13:51 680 ----a-w- c:\users\Roberto\AppData\Local\d3d9caps.dat
2010-04-29 13:39 . 2009-02-16 16:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-02-16 16:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 06:21 . 2008-10-16 15:35 -------- d-----w- c:\program files\CCleaner
2010-04-21 13:58 . 2010-04-21 13:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-04-21 13:32 . 2010-04-21 13:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-21 13:29 . 2010-04-21 13:29 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-04-21 13:29 . 2010-04-21 13:29 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-21 13:29 . 2010-04-21 13:29 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-21 13:29 . 2010-04-21 13:29 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-21 13:28 . 2010-04-21 13:29 34429264 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_wu_eng.exe
2010-04-21 13:28 . 2010-04-21 13:28 -------- d-----w- c:\programdata\Installations
2010-04-21 13:20 . 2010-04-21 13:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-04-17 23:35 . 2010-04-17 23:35 -------- d-----w- c:\program files\uTorrent
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-03-24 11:05 . 2009-01-25 20:02 119984 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 23:33 . 2010-03-13 23:33 236159 ----a-w- c:\windows\EasyGifAnimator_Toolbar_Uninstaller_1146.exe
2010-03-05 14:01 . 2010-04-14 20:58 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-09-09 04:20 . 2009-07-30 13:01 88 --sh--r- c:\windows\System32\A0AF200A94.sys
2009-09-09 04:21 . 2009-07-30 13:01 2516 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe" [2005-02-16 221184]
"Google Update"="c:\users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-31 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-02 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-8 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-8 110592]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 715568]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-16 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- d:\malwarebytes' anti-malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7a,c5,d9,6c,9a,2c,ca,01

R3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\DRIVERS\pcam800.sys [2002-07-27 210792]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-24 721904]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3164792623-1878068956-1559805306-1003Core.job
- c:\users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-31 19:45]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3164792623-1878068956-1559805306-1003UA.job
- c:\users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-31 19:45]

2010-05-24 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-08-30 07:22]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://it.intl.acer.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: yahoo
Trusted Zone: yahoo.it
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-TQ566808 - E:\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 13:01
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8574D1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x89babd24
\Driver\ACPI -> acpi.sys @ 0x807c2d68
\Driver\atapi -> 0x8574d1f8
\Driver\iaStor -> iaStor.sys @ 0x82afa580
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3244)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Ora fine scansione: 2010-05-30 13:05:42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-05-30 11:05

Pre-Run: 18.098.954.240 byte disponibili
Post-Run: 17.797.943.296 byte disponibili

- - End Of File - - 4C0E208D4E363B0B9B7C1F2076F299E6

eppure avevo detto di scaricarlo sul desktop....va beh

controlliamo l'mbr anche se credo che non e' infettato facciamo un controllo

scarica MBR:EXE in C:\

VAI IN PROVVISORIA

Da Start - Esegui - digita C:\mbr.exe e clicca su OK


posta il rapporto che trovi in C:\ come mbr.log

L'MBR è a posto.
Attendo shapiro.
@shapi: malwarebytes?