Ciao.
Se il tuo amico non ha la connessione, è un pò difficile che possa scaricare programmi di difesa.
Comunque digli di eliminare queste voci di HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL.
Poi deve rifare la scansione con Malwarebytes, e finita la scansione cliccare su "Rimuovi Selezionati".
Ovviamente i file devono essere selezionati.((devono avere la sunta nel quadrettino che c'è sulla sinistra del file infetto.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riposta un nuovo log di HijackThis .

fatto,
Malwarebytes lo elimina ma si ripresenta


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.57.44, on 07/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Kevin\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8218 bytes

r16 ecco il log

ComboFix 09-01-07.01 - Kevin 2009-01-07 22.27.27.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.3062.1718 [GMT 1:00]
Eseguito da: c:\users\Kevin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-12-07 al 2009-01-07 )))))))))))))))))))))))))))))))))))
.

2009-01-07 21:45 . 2008-01-24 03:25 188,416 --a------ c:\windows\System32\igfxres.dll
2009-01-07 20:25 . 2009-01-07 20:39 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-01-07 20:25 . 2009-01-07 20:39 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-01-07 00:55 . 2009-01-07 00:55 <DIR> d-------- c:\users\Kevin\AppData\Roaming\URSoft
2009-01-07 00:55 . 2009-01-07 20:38 <DIR> d-a------ c:\users\All Users\TEMP
2009-01-07 00:55 . 2009-01-07 20:38 <DIR> d-a------ c:\programdata\TEMP
2009-01-07 00:55 . 2009-01-07 01:04 <DIR> d-------- c:\program files\Your Uninstaller 2008
2009-01-07 00:48 . 2009-01-07 00:52 <DIR> d-------- c:\users\Kevin\x Pulizia x
2009-01-06 19:02 . 2009-01-06 19:02 <DIR> d-------- c:\users\Kevin\AppData\Roaming\Malwarebytes
2009-01-06 19:02 . 2009-01-06 19:02 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-06 19:02 . 2009-01-06 19:02 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-06 19:02 . 2009-01-06 20:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 19:02 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-06 19:02 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-06 18:33 . 2009-01-06 18:33 <DIR> d-------- c:\users\Kevin\AppData\Roaming\Template
2009-01-06 18:33 . 2009-01-06 18:35 74 --a------ c:\users\Kevin\AppData\Roaming\wklnhst.dat
2009-01-06 18:30 . 2009-01-06 18:30 <DIR> d-------- c:\program files\Trend Micro
2009-01-06 15:50 . 2009-01-06 15:50 <DIR> d-------- c:\users\Kevin\AppData\Roaming\aAvgApi
2009-01-05 23:06 . 2009-01-06 15:47 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-01-05 23:06 . 2009-01-05 23:06 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-01-05 23:06 . 2009-01-05 23:06 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-01-05 23:05 . 2009-01-05 23:05 <DIR> d-------- c:\users\All Users\avg8
2009-01-05 23:05 . 2009-01-05 23:05 <DIR> d-------- c:\programdata\avg8
2009-01-05 23:05 . 2009-01-05 23:05 <DIR> d-------- c:\program files\AVG
2009-01-05 00:22 . 2009-01-05 00:27 <DIR> d-------- c:\program files\Unlocker
2009-01-05 00:13 . 2009-01-07 20:20 <DIR> d-------- c:\program files\emule0.49b-Xtreme7.1
2009-01-04 21:49 . 2009-01-04 21:49 <DIR> d-------- c:\users\andrea\Searches
2009-01-04 21:49 . 2009-01-04 21:49 <DIR> d-------- c:\users\andrea\Saved Games
2009-01-04 21:49 . 2009-01-04 21:49 <DIR> d-------- c:\users\andrea\Pictures
2009-01-04 21:49 . 2009-01-04 21:49 <DIR> d-------- c:\users\andrea\Documents
2009-01-04 21:45 . 2009-01-04 21:45 <DIR> d-------- c:\users\andrea\Contacts
2009-01-04 21:44 . 2009-01-07 22:22 <DIR> d-------- c:\users\andrea
2009-01-04 19:10 . 2009-01-05 00:05 <DIR> d-------- c:\program files\7-Zip
2009-01-04 18:01 . 2009-01-04 18:01 <DIR> d-------- c:\users\Kevin\AppData\Roaming\CyberLink
2009-01-03 22:26 . 2009-01-03 22:26 <DIR> d-------- c:\users\All Users\Nokia
2009-01-03 22:26 . 2009-01-03 22:26 <DIR> d-------- c:\programdata\Nokia
2009-01-01 01:53 . 2009-01-01 01:53 <DIR> d-------- c:\program files\vanBasco's Karaoke Player
2008-12-29 13:09 . 2008-12-29 13:09 <DIR> d-------- c:\users\Kevin\AppData\Roaming\Media Player Classic
2008-12-28 14:52 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-28 14:48 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-28 14:44 . 2008-06-26 02:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2008-12-28 14:44 . 2008-06-26 02:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2008-12-28 14:44 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-28 14:44 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-28 14:44 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-28 14:44 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-28 14:44 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-28 14:44 . 2008-04-23 05:41 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-28 14:43 . 2008-06-26 04:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2008-12-28 14:39 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-28 14:39 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-28 14:39 . 2008-06-19 04:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-28 14:39 . 2008-06-26 04:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-28 14:39 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-28 14:39 . 2008-04-18 06:48 269,312 --a------ c:\windows\System32\es.dll
2008-12-28 14:39 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-28 14:34 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-28 14:34 . 2008-02-29 08:11 988,216 --a------ c:\windows\System32\winload.exe
2008-12-28 14:34 . 2008-02-29 08:11 927,288 --a------ c:\windows\System32\winresume.exe
2008-12-28 14:34 . 2008-02-22 06:05 615,992 --a------ c:\windows\System32\ci.dll
2008-12-28 14:34 . 2008-02-29 07:53 378,368 --a------ c:\windows\System32\srcore.dll
2008-12-28 14:34 . 2008-02-29 05:12 318,464 --a------ c:\windows\System32\rstrui.exe
2008-12-28 14:34 . 2008-02-29 07:53 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2008-12-28 14:34 . 2008-02-29 07:53 40,960 --a------ c:\windows\System32\srclient.dll
2008-12-28 14:34 . 2008-02-29 08:14 19,000 --a------ c:\windows\System32\kd1394.dll
2008-12-28 14:34 . 2008-02-29 05:12 14,848 --a------ c:\windows\System32\srdelayed.exe
2008-12-28 14:34 . 2008-02-29 07:35 6,656 --a------ c:\windows\System32\kbd106n.dll
2008-12-28 14:32 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-28 14:32 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-28 14:32 . 2008-05-08 22:59 430,080 --a------ c:\windows\System32\vbscript.dll
2008-12-28 14:32 . 2008-05-08 22:59 180,224 --a------ c:\windows\System32\scrobj.dll
2008-12-28 14:32 . 2008-05-08 22:59 172,032 --a------ c:\windows\System32\scrrun.dll
2008-12-28 14:32 . 2008-05-08 22:59 155,648 --a------ c:\windows\System32\wscript.exe
2008-12-28 14:32 . 2008-05-08 22:58 135,168 --a------ c:\windows\System32\wshom.ocx
2008-12-28 14:32 . 2008-05-08 22:58 135,168 --a------ c:\windows\System32\cscript.exe
2008-12-28 14:32 . 2008-05-10 02:33 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2008-12-28 14:32 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-28 14:32 . 2008-05-08 22:59 90,112 --a------ c:\windows\System32\wshext.dll
2008-12-28 14:31 . 2008-04-10 06:12 738,304 --a------ c:\windows\System32\inetcomm.dll
2008-12-28 13:10 . 2008-12-28 13:10 <DIR> d-------- c:\users\Kevin\AppData\Roaming\Nseries
2008-12-28 13:08 . 2008-12-28 13:08 <DIR> d-------- c:\users\Kevin\AppData\Roaming\PC Suite
2008-12-28 13:08 . 2008-12-28 13:08 <DIR> d-------- c:\users\All Users\PC Suite
2008-12-28 13:08 . 2008-12-28 13:08 <DIR> d-------- c:\programdata\PC Suite
2008-12-28 03:17 . 2008-02-10 12:53 17,730,504 --a------ c:\windows\eRy.exe
2008-12-28 03:17 . 2007-04-26 16:02 294 --a------ c:\windows\offline.reg
2008-12-28 03:17 . 2004-06-14 01:24 30 --a------ c:\windows\SetPanel.ini
2008-12-28 03:17 . 2008-12-28 03:17 3 --a------ c:\windows\AFirst.cmd
2008-12-28 03:16 . 2008-01-24 03:29 65,536 --a------ c:\windows\SetSpkDefault.exe
2008-12-28 03:16 . 2002-11-14 15:32 55,808 --a------ c:\windows\devcon.exe
2008-12-28 03:16 . 2008-12-27 17:37 2,032 --a------ c:\windows\CLEANUP.CMD
2008-12-28 03:16 . 2004-10-01 21:32 92 --a------ c:\windows\CLEANUP.INI
2008-12-28 01:02 . 2008-12-28 01:02 <DIR> d-------- c:\users\Kevin\AppData\Roaming\Nokia
2008-12-28 01:00 . 2008-12-28 01:00 <DIR> d-------- c:\users\All Users\Installations
2008-12-28 01:00 . 2008-12-28 01:00 <DIR> d-------- c:\programdata\Installations
2008-12-28 01:00 . 2008-12-28 01:00 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-28 00:57 . 2009-01-04 23:43 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-28 00:55 . 2009-01-04 23:43 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-12-28 00:55 . 2008-12-28 00:55 <DIR> d-------- c:\program files\DIFX
2008-12-28 00:55 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-12-28 00:53 . 2008-02-01 15:17 90,624 --a------ c:\windows\System32\nmwcdcls.dll
2008-12-28 00:52 . 2009-01-04 23:43 <DIR> d-------- c:\program files\Nokia
2008-12-28 00:42 . 2008-12-28 00:42 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-27 22:40 . 2009-01-05 21:59 <DIR> d-------- c:\program files\CCleaner
2008-12-27 22:22 . 2008-12-27 22:22 <DIR> d-------- c:\users\Kevin\AppData\Roaming\vlc
2008-12-27 22:22 . 2008-12-27 22:22 <DIR> d-------- c:\program files\VideoLAN
2008-12-27 20:40 . 2008-12-27 20:40 <DIR> d-------- c:\users\Kevin\AppData\Roaming\Yahoo!
2008-12-27 20:40 . 2008-12-27 20:40 <DIR> d-------- c:\users\All Users\Yahoo! Companion
2008-12-27 20:40 . 2008-12-27 20:40 <DIR> d-------- c:\programdata\Yahoo! Companion
2008-12-27 19:30 . 2008-12-27 19:34 <DIR> d-------- c:\users\All Users\eMule
2008-12-27 19:30 . 2008-12-27 19:34 <DIR> d-------- c:\programdata\eMule
2008-12-27 19:29 . 2008-12-27 19:29 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-12-27 19:29 . 2007-09-28 17:07 3,596,288 --a------ c:\windows\System32\qt-dx331.dll
2008-12-27 19:29 . 2007-07-25 14:24 1,559,040 --a------ c:\windows\System32\xvidcore.dll
2008-12-27 19:29 . 2007-09-28 17:05 739,840 --a------ c:\windows\System32\divx.dll
2008-12-27 19:29 . 2006-09-24 16:11 389,120 --a------ c:\windows\System32\lameACM.acm
2008-12-27 19:29 . 2007-03-10 12:51 282,624 --a------ c:\windows\System32\xvidvfw.dll
2008-12-27 19:29 . 2004-01-25 17:18 217,088 --a------ c:\windows\System32\yv12vfw.dll
2008-12-27 19:29 . 2007-09-04 17:56 164,352 --a------ c:\windows\System32\unrar.dll
2008-12-27 19:29 . 2007-09-21 01:52 118,784 --a------ c:\windows\System32\ac3acm.acm
2008-12-27 19:29 . 2007-09-28 17:05 81,920 --a------ c:\windows\System32\dpl100.dll
2008-12-27 19:29 . 2007-07-29 16:51 7,680 --a------ c:\windows\System32\ff_vfw.dll
2008-12-27 19:29 . 2007-07-10 17:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest
2008-12-27 19:29 . 2007-10-03 16:03 414 --a------ c:\windows\System32\lame_acm.xml
2008-12-27 19:26 . 2008-12-27 19:26 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-27 19:25 . 2003-06-19 01:31 17,920 --a------ c:\windows\System32\mdimon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 19:49 --------- d-----w c:\programdata\Microsoft Help
2009-01-07 14:49 --------- d-----w c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-01-05 22:14 --------- d-----w c:\programdata\McAfee
2009-01-05 21:08 --------- d-----w c:\program files\Acer GameZone
2009-01-04 22:43 --------- d-----w c:\program files\Common Files\muvee Technologies
2008-12-28 16:41 --------- d-----w c:\programdata\SiteAdvisor
2008-12-28 15:22 --------- d-----w c:\program files\Windows Mail
2008-12-27 17:56 --------- d-----w c:\programdata\CyberLink
2008-12-27 16:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 16:42 --------- d-----w c:\program files\Acer Arcade Deluxe
2008-12-27 16:34 --------- d-sh--w c:\programdata\Preferiti
2008-12-27 16:34 --------- d-sh--w c:\programdata\Modelli
2008-12-27 16:34 --------- d-sh--w c:\programdata\Menu Avvio
2008-12-27 16:34 --------- d-sh--w c:\programdata\Documenti
2008-12-27 16:34 --------- d-sh--w c:\programdata\Dati applicazioni
2008-12-27 16:34 --------- d-sh--w c:\program files\File comuni
2008-12-27 16:29 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-12-27 16:29 315,392 ----a-w c:\windows\HideWin.exe
2008-12-27 16:28 --------- d-----w c:\program files\Intel
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2009-01-07_22.24.43,76 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-07 20:47:22 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-07 21:24:43 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-07 21:24:43 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-07 20:47:17 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-07 21:24:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-07 21:24:38 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-12-27 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"PLFSet"="c:\windows\PLFSet.dll" [2007-12-14 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-24 133656]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-05 1261336]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-04 399504]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-14 535336]
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-07-25 951600]
SETAUDIO.EXE [2008-04-04 20480]
SETRES.EXE [2008-04-04 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2958235293-3932816444-4186616660-1000]
"EnableNotificationsRef"=dword:00000007

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{97CA8B48-19BC-4B94-AE51-F935D6FC545F}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{3E62AD61-DBB0-455E-AB7E-42ED940B3C3D}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{D68CB044-2502-4D88-B11A-A2067B1E14B1}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{B99CEF3F-C7EF-4CCA-B3F6-A337A49B608D}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{3DD9CB57-77B5-4965-BA0B-4B5DF0BC5649}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8280F994-1653-4E76-A5C7-B592332BBA79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{04828BE2-646C-45C6-BA59-99A280F942E0}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{358E1308-DAB4-4996-9818-F1AED9A79BDB}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{B73A2118-5C24-42EC-8511-EC878DCDAA80}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{0719C9D4-910D-41D7-B5F1-91215A613CC4}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{DF05DB7C-EB1C-4838-99D6-4F1132E8E4EF}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{57689C69-06C1-485A-BF57-EB4C9CD0CF90}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{28EED5A6-D56F-4568-B6F8-5178B40F3201}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{0B194348-4A15-4CAE-9265-ECBB78826FE4}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{3AFC448A-488C-4101-B4D8-0759341DA991}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{6F6C9963-F3C6-432E-8240-1D649EC59A58}c:\\program files\\emule0.49b-xtreme7.1\\emule.exe"= UDP:c:\program files\emule0.49b-xtreme7.1\emule.exe:eMule
"UDP Query User{F2789B2F-491F-4BFD-AF5F-42F6A3DCD805}c:\\program files\\emule0.49b-xtreme7.1\\emule.exe"= TCP:c:\program files\emule0.49b-xtreme7.1\emule.exe:eMule
"{9B3D14E8-FD25-4C92-B635-806A598AF262}"= Disabled:UDP:c:\program files\eMule\emule.exe:eMuleMorphXT
"{6B6B2FCE-9E84-4D63-91C5-7141B95B15CE}"= Disabled:TCP:c:\program files\eMule\emule.exe:eMuleMorphXT

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-01-05 97928]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [2009-01-06 15504]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2008-04-15 43008]
R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-12-27 17:42:04 41456]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-05 231704]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-06 170640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-04-15 179712]
S4 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.msn.it/
mStart Page = hxxp://it.intl.acer.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 22:28:24
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'Explorer.exe'(3476)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Ora fine scansione: 2009-01-07 22.29.11
ComboFix-quarantined-files.txt 2009-01-07 21:29:08
ComboFix2.txt 2009-01-07 21:25:22

Pre-Run: 82.551.910.400 byte disponibili
Post-Run: 82,521,817,088 byte disponibili

285 --- E O F --- 2008-12-28 13:56:37

ciao, cattiva connessione e cattiva navigazione internet (mi dice)
comunque Malwarebytes non riesce ad eliminare l'infezione
che si può fare?

non posso aggiornarlo, va bene lo stesso?

fatto

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK

---

07/01/2009 - 23:16:50

[SCANSIONE DEL REGISTRO]
{9CB65201-89C4-402c-BA80-02D8C59F9B1D} Infetto da BHO.Ask.A
* * * RIMOSSO * * *
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} Infetto da BHO.Ask.A
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

[SCANSIONE DELLA MEMORIA]
OK

---

07/01/2009 - 23:21:33

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Infetto da BHO.Ask.A
* * * RIMOSSO * * *
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Infetto da BHO.Ask.A
* * * RIMOSSO * * *

[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[E:]


[F:]
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 104078.
Files Totali: 104078.
Chiavi Registro rimosse: 0.
Virus Rimossi: 2.

Ciao.
Finiamo l'opera.
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Non ho visto un antivirus attivo nel log, (a parte Virit).
Consiglio di installarne 1.
Ricordati di Riattivare il UAC (User Account Control)
Se vuole disistallare Virit fai: Start\Tutti Programmi, e trovi il suo Unistall.
Ciao.

Ciao.
Il log è a posto.
No, non è possibile eliminare quelle fastidiose finestre.
Solo disattivando il UAC spariscono.
Ma ti sconsiglio di tenerlo disattivato, in quanto il UAC, previene modifiche non autorizzate al computer.
E' per questo motivo che continua a chiedere l'autorizzazione dell'utente ogni volta che si apre un programma.
E' pur sempre una protezione per il computer, anche se fastidiosa.
Inoltre protegge il MASTER BOOT RECORD (MBR) dai rootkit, e non è poco.
Ciao.

Figurati, di niente.
Ciao!