Dopo avere acceso il PC quando voglio accedere a forefox mi compare una sfinestra che ho postato in questo

topichttp://forum.aiutamici.com/yaf_postst66375_search-settin.aspx

mi scuso se non metto qui la foto ma l'ho già cestinata.
Ho seguito il consiglio datomo e scaricato il programma HijchThis.
Incollo di seguito loa pagina del blocco note ottenuta dall'avvio del programma.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.58.46, on 14/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Servizio di Google Update (gupdate1ca6e80a302b9dd) (gupdate1ca6e80a302b9dd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 6761 bytes

Cordialità Ermanno

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina gli eventuali file infetti rilevati.
Posta il log.

Poi:

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

fdaccc non devi intrometterti in una discussione quando uno degli esperti sono già intervenuti nell'aiuto, non siamo mica alla fiera per contrattare chi offre di più, cosi facciamo solo confusione all'amico che ha chiesto aiuto.

---

alfonso_aiutamici@hotmail.it

E' sensato, ma ogni meccanico ha un suo modo di operare, dando doppie risposte l'amico può andare in confusione, se fai caso io mi intrometto solo se vedo che la discussione attende ulteriore risposta, trattando l'argomento in due o più persone non è la cosa giusta da fare.

---

alfonso_aiutamici@hotmail.it

Non è che io abbia capito molto ma ho cercato di seguire le istruzioni date.
durante la scanzione con combFix.exe mi sono comparsi diversi avvisi dell'antivirus e ho lasciato perdere com consigliato. Successivamente il programma non andava avnti, forse per i troppi avvisie ho cliccato su ignora. alla fine mi si è creato un documento blocco note che ccopie incollo:
Cordialtà Ermanno

............................................



ComboFix 10-01-14.06 - Ermanno 18/01/2010 12.17.19.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3070.2323 [GMT 1:00]
Eseguito da: c:\users\Ermanno\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

----- BITS: Possibili siti infetti -----

hxxp://i565.photobucket.com
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2009-12-18 al 2010-01-18 )))))))))))))))))))))))))))))))))))
.

2010-01-18 11:48 . 2010-01-18 11:50 -------- d-----w- c:\users\Ermanno\AppData\Local\temp
2010-01-18 11:48 . 2010-01-18 11:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-18 11:48 . 2010-01-18 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-17 03:36 . 2010-01-17 03:36 -------- d-----w- c:\program files\Microsoft
2010-01-17 03:35 . 2010-01-17 03:36 -------- d-----w- c:\program files\Windows Live
2010-01-17 03:35 . 2010-01-17 03:35 -------- d-----w- c:\windows\PCHEALTH
2010-01-14 20:56 . 2010-01-14 20:56 -------- d-----w- c:\program files\Trend Micro
2010-01-12 23:35 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:35 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-12-27 13:02 . 2009-12-27 13:02 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-27 13:00 . 2009-12-28 15:12 -------- d-----w- c:\users\Ermanno\AppData\Roaming\DAEMON Tools Lite
2009-12-27 13:00 . 2009-12-27 13:00 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-23 16:27 . 2009-12-23 16:27 -------- d-----w- c:\program files\Application Updater
2009-12-22 06:23 . 2010-01-11 12:21 -------- d-----w- c:\users\Ermanno\AppData\Local\Ahead
2009-12-22 06:23 . 2009-12-22 06:23 -------- d-----w- c:\program files\NeroInstall.bak
2009-12-22 06:21 . 2009-12-22 06:21 -------- d-----w- c:\users\Ermanno\AppData\Roaming\Nero
2009-12-22 06:18 . 2009-12-27 08:39 -------- d-----w- c:\program files\Common Files\Nero
2009-12-22 06:18 . 2009-12-27 08:37 -------- d-----w- c:\programdata\Nero
2009-12-22 06:18 . 2009-12-22 06:18 -------- d-----w- c:\program files\Nero
2009-12-21 23:04 . 2009-12-21 23:04 -------- d-----w- c:\users\Ermanno\AppData\Roaming\DeepBurner
2009-12-21 23:04 . 2009-12-21 23:04 -------- d-----w- c:\program files\Astonsoft
2009-12-21 08:18 . 2010-01-18 06:48 -------- d-----w- c:\users\Ermanno\AppData\Roaming\BitTorrent
2009-12-21 08:18 . 2009-12-21 08:18 -------- d-----w- c:\program files\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 11:48 . 2009-06-10 15:03 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-18 11:10 . 2009-06-10 06:18 -------- d-----w- c:\users\Ermanno\AppData\Roaming\Skype
2010-01-18 11:08 . 2009-06-13 17:11 -------- d-----w- c:\users\Ermanno\AppData\Roaming\skypePM
2010-01-18 06:47 . 2009-11-23 16:16 -------- d-----w- c:\users\Ermanno\AppData\Roaming\vlc
2010-01-18 00:14 . 2009-06-16 06:10 1 ----a-w- c:\users\Ermanno\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-17 12:23 . 2009-12-06 18:54 -------- d-----w- c:\users\Ermanno\AppData\Roaming\dvdcss
2010-01-13 18:03 . 2008-04-16 11:21 662846 ----a-w- c:\windows\system32\perfh010.dat
2010-01-13 18:03 . 2008-04-16 11:21 120326 ----a-w- c:\windows\system32\perfc010.dat
2010-01-13 07:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-27 13:06 . 2009-08-18 04:16 1356 ----a-w- c:\users\Ermanno\AppData\Local\d3d9caps.dat
2009-12-27 08:28 . 2009-07-06 11:11 -------- d-----w- c:\program files\Alice MOBILE E1692
2009-12-27 08:23 . 2009-02-16 18:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-27 08:23 . 2009-02-16 18:41 -------- d-----w- c:\programdata\CyberLink
2009-12-27 08:23 . 2009-02-16 18:40 -------- d-----w- c:\program files\CyberLink
2009-12-27 08:21 . 2009-02-16 18:40 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2009-12-23 16:26 . 2009-07-17 17:36 -------- d-----w- c:\program files\Free Video Converter
2009-12-22 07:26 . 2009-12-17 23:38 -------- d-----w- c:\program files\eMule
2009-12-22 07:26 . 2009-11-17 10:54 -------- d-----w- c:\program files\DivX
2009-12-22 07:26 . 2009-02-16 20:48 -------- d-----w- c:\programdata\P4G
2009-12-21 08:17 . 2009-12-19 08:34 -------- d-----w- c:\program files\uTorrent
2009-12-21 08:17 . 2009-07-17 11:07 -------- d-----w- c:\users\Ermanno\AppData\Roaming\uTorrent
2009-12-15 23:30 . 2009-06-06 15:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-15 15:47 . 2009-06-06 15:12 102024 ----a-w- c:\users\Ermanno\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:57 . 2009-12-14 07:42 -------- d-----w- c:\users\Ermanno\AppData\Roaming\Orbit
2009-12-14 07:42 . 2009-12-14 07:42 -------- d-----w- c:\users\Ermanno\AppData\Roaming\GrabPro
2009-12-10 22:00 . 2009-09-10 16:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-09 14:48 . 2009-02-16 19:40 -------- d-----w- c:\program files\Google
2009-12-02 21:11 . 2009-12-02 21:11 -------- d-----w- c:\users\Ermanno\AppData\Roaming\Video DVD Maker FREE
2009-12-02 21:08 . 2009-12-02 21:08 -------- d-----w- c:\program files\Video DVD Maker
2009-12-02 19:13 . 2009-12-02 19:13 -------- d-----w- c:\programdata\Pinnacle
2009-11-25 22:29 . 2009-11-25 22:29 -------- d-----w- c:\programdata\Socusoft
2009-11-25 16:07 . 2009-11-25 09:51 -------- d-----w- c:\program files\E.M. Youtube Video Download Tool
2009-11-25 16:06 . 2009-11-25 09:53 0 ----a-w- c:\windows\system32\Infob.dat
2009-11-25 16:06 . 2009-11-25 09:53 0 ----a-w- c:\windows\system32\Infoa.dat
2009-11-25 09:51 . 2009-11-25 09:51 305 ----a-w- c:\windows\system32\treeinfo.dat
2009-11-23 11:30 . 2009-11-23 11:30 -------- d-----w- c:\program files\Avira
2009-11-22 21:32 . 2009-10-17 13:00 -------- d-----w- c:\users\Ermanno\AppData\Roaming\FreeVideoConverter
2009-11-22 08:56 . 2009-11-22 08:56 -------- d-----w- c:\program files\Free Audio Pack
2009-11-21 06:40 . 2009-12-09 17:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 17:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 17:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 17:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 19:41 . 2009-08-04 10:56 -------- d-----w- c:\programdata\Apple Computer
2009-11-17 14:39 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 12:23 . 2006-01-31 08:42 1135104 ----a-w- c:\program files\Reflet.exe
2009-11-09 12:31 . 2009-12-10 02:02 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 02:02 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 02:02 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-05 14:21 . 2009-10-01 17:13 422261 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-11-05 14:21 . 2009-10-01 17:13 2093431 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-11-05 14:21 . 2009-10-01 17:13 364916 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-11-05 14:21 . 2009-10-01 17:13 184694 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-11-02 19:42 . 2009-10-02 21:59 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 13:38 . 2009-10-01 17:13 528764 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-10-29 09:17 . 2009-11-25 16:47 2048 ----a-w- c:\windows\system32\tzres.dll
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-02-16 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-02-16 33136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-04 548864]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-16 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9b,76,f2,e2,de,22,ca,01

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [16/02/2009 21.44.13 15416]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16/12/2009 17.38.20 375296]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [10/06/2009 10.16.35 5120]
R3 OxUSBTIMOUT;OxUSBTIMOUT;c:\windows\System32\drivers\OxUSBTIMOUT.sys [07/06/2007 6.48.34 34152]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [20/06/2007 4.12.17 47616]
S2 gupdate1ca6e80a302b9dd;Servizio di Google Update (gupdate1ca6e80a302b9dd);c:\program files\Google\Update\GoogleUpdate.exe [26/11/2009 11.10.09 133104]
S3 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 3.23.43 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 10:10]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 10:10]

2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{5FEEA278-E9E9-494E-A234-C55128FED9FB}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.ask.com/?o=13928&l=dis
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ermanno\AppData\Roaming\Mozilla\Firefox\Profiles\l810xmfd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 12:50
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\ADSM_PData_0150

Scansione completata con successo
Files nascosti: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys halmacpi.dll >>UNKNOWN [0x855221F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a9aed24
\Driver\ACPI -> acpi.sys @ 0x807b8d68
\Driver\atapi -> 0x855221f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(2376)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-18 12:55:45 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-18 11:55
ComboFix2.txt 2009-11-23 10:46

Pre-Run: 83.812.814.848 byte disponibili
Post-Run: 83.392.180.224 byte disponibili

- - End Of File - - AF092A65EBA4F7087363C02FB0CC5CF3

Ciao.
Ti sei dimenticato di postare il log di Malwarebytes.

ti ha chiesto questo,aggiornalo prima della scansione completa

http://www.aiutamici.com/software?id=80346



bentornato r16

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

Allora crea un semplice file di testo (Block Note) sul desktop.
http://windows.microsoft.com/it-IT/windows-vista/Open-Notepad
E copia e incolla lo script.
Lo salvi con il nome di CFScript.txt
Tieni premuto il tasto sinistro del Mouse sopra il file di testo e lo trascini sopra l'icona di Combofix.

Il log non è completo.
Manca tutta la parte centrale e finale.