Olimpo Informatico

[Alby-berto]

Salve e da un po di giorni ke mentre navigo su internet mi si aprono delle fineste pubblicitarie con scritto "Ads by adssite"... ho provato a disinstallare dal pannello di controllo un file chiamato cosi ma il problema persiste!
vi prego potete aiutarmi???
Se volete ke vi mandi il log di hijackthis dovreste spiegarmi come si fa xke lo feci gia una volta ma nn mi ricordo più... please aiutatemi
Grazie

[Alby-berto]

Nessuno mi puo aiutare???

[Alby-berto]

ho provato a utilizzare quel programma nn so se ho fatto bene la scansione... vedete qualcosa ke nn va?

Logfile of HijackThis v1.99.1
Scan saved at 0.01.24, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\V0220Mon.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ManyCam 2.1\ManyCam.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Java\jre1.5.0_09\bin\jucheck.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alberto\Documenti\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://it.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: rightonads optimizer - {7D9362F8-77D8-4b29-97B5-621D550890C0} - C:\WINDOWS\system32\gzmrt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nswE9.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: BSWORLD.COM Toolbar - {79b870fe-070a-4aec-8a9a-d3d351a1eac8} - C:\Programmi\BSWORLD.COM\tbBSWO.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programmi\TextAloud\TAForIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [au] "C:\Programmi\Dealio\DealioAu.exe"
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ManyCam] "C:\Programmi\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programmi\Dealio\res\DealioSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} (BLZPlayerAxCtrl Class) - http://visualizzamms.net.vodafone.it/mms/EmblazePCPlayerActiveXs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[Sante62]

Ciao Alby-berto e benvenuto...
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria;
Avvia Hijackthis, seleziona a sinistra queste righe e clicca poi su fix Cheched rispondendo si:

[Alby-berto]

Stavo leggendo la pagina su combofix e dice ke bisogna disabilitare l'antivirus! ... nn so come si fa

[Sante62]

Purtroppo non ho sottomano Nod32 (mi pare che possiedi questo giusto?);
vicino all'orologio dovrebbe esserci un'icona riferita all'antivirus;
cliccaci sopra col tasto destro del mouse e dal menu che compare individuerai facilmente la voce per disabilitarlo....

[Alby-berto]

Ecco l'ultima scansione con hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 8.07.26, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\V0220Mon.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\ManyCam 2.1\ManyCam.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Java\jre1.5.0_09\bin\jucheck.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Alberto\Documenti\ALBY\JackSMS.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alberto\Documenti\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://it.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: BSWORLD.COM Toolbar - {79b870fe-070a-4aec-8a9a-d3d351a1eac8} - C:\Programmi\BSWORLD.COM\tbBSWO.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programmi\TextAloud\TAForIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [au] "C:\Programmi\Dealio\DealioAu.exe"
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ManyCam] "C:\Programmi\ManyCam 2.1\ManyCam.exe"
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programmi\Dealio\res\DealioSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} (BLZPlayerAxCtrl Class) - http://visualizzamms.net.vodafone.it/mms/EmblazePCPlayerActiveXs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe




Ecco la scansione di ComboFix

ComboFix 08-02-20.1 - Alberto 2008-02-11 8.12.01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.154 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Alberto\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\~.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-01-20 al 2008-02-20 )))))))))))))))))))))))))))))))))))
.

2008-02-11 02:31 . 2005-12-09 01:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-02-11 02:31 . 2005-12-09 01:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-02-11 02:31 . 2005-12-09 00:55 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-02-11 02:31 . 2005-12-09 00:50 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-02-11 02:31 . 2005-12-09 01:29 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-02-11 02:31 . 2005-12-09 01:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-02-11 02:31 . 2005-12-09 00:55 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2008-02-11 02:31 . 2005-12-09 01:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\ATI
2008-02-11 02:31 . 2005-12-09 00:55 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-02-07 13:57 . 2008-02-07 13:57 46,300 --a------ C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
2008-02-06 10:18 . 2008-02-07 13:57 80,090 --a------ C:\WINDOWS\system32\adssite-remove.exe
2008-02-06 10:18 . 2008-02-06 10:19 40,724 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2008-02-06 05:03 . 2008-02-06 10:18 <DIR> d-------- C:\Documents and Settings\Alberto\Shared
2008-02-06 05:03 . 2008-02-06 10:19 <DIR> d-------- C:\Documents and Settings\Alberto\Incomplete
2008-02-06 05:03 . 2008-02-06 09:14 <DIR> d-------- C:\Documents and Settings\Alberto\Dati applicazioni\FileVOoM
2008-02-06 05:00 . 2008-02-06 05:00 <DIR> d-------- C:\Programmi\iPod Download
2008-01-31 18:45 . 2008-01-31 18:45 <DIR> d-------- C:\Programmi\Shareaza Applications
2008-01-31 18:45 . 2008-01-31 22:18 <DIR> d-------- C:\Documents and Settings\Alberto\Dati applicazioni\Shareaza
2008-01-31 18:45 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-01-31 18:13 . 2008-01-31 18:33 <DIR> d-------- C:\Documents and Settings\Alberto\Dati applicazioni\BitTorrent
2008-01-31 18:12 . 2008-01-31 18:12 <DIR> d-------- C:\Programmi\DNA
2008-01-31 18:12 . 2008-02-11 02:30 <DIR> d-------- C:\Documents and Settings\Alberto\Dati applicazioni\DNA
2008-01-31 17:51 . 2008-01-31 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-01-31 17:51 . 2008-02-01 04:14 <DIR> d-------- C:\Documents and Settings\Alberto\Dati applicazioni\Azureus
2008-01-31 17:50 . 2008-02-07 13:59 <DIR> d-------- C:\Programmi\Azureus
2008-01-26 22:24 . 2008-01-26 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MondoAbaco

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 14:39 --------- d-----w C:\Programmi\MSN Messenger
2008-02-06 04:02 --------- d-----w C:\Programmi\Java
2008-01-15 17:14 --------- d-----w C:\Programmi\iTunes
2008-01-15 16:45 --------- d-----w C:\Programmi\Digital Music Studio
2008-01-04 11:50 --------- d-----w C:\Programmi\Messenger Plus! Live
2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-12-07 02:04 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-06-29 14:40 92,064 ----a-w C:\Documents and Settings\Alberto\mqdmmdm.sys
2007-06-29 14:40 9,232 ----a-w C:\Documents and Settings\Alberto\mqdmmdfl.sys
2007-06-29 14:40 79,328 ----a-w C:\Documents and Settings\Alberto\mqdmserd.sys
2007-06-29 14:40 66,656 ----a-w C:\Documents and Settings\Alberto\mqdmbus.sys
2007-06-29 14:40 6,208 ----a-w C:\Documents and Settings\Alberto\mqdmcmnt.sys
2007-06-29 14:40 5,936 ----a-w C:\Documents and Settings\Alberto\mqdmwhnt.sys
2007-06-29 14:40 4,048 ----a-w C:\Documents and Settings\Alberto\mqdmcr.sys
2007-06-29 14:40 25,600 ----a-w C:\Documents and Settings\Alberto\usbsermptxp.sys
2007-06-29 14:40 22,768 ----a-w C:\Documents and Settings\Alberto\usbsermpt.sys
2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{79B870FE-070A-4AEC-8A9A-D3D351A1EAC8}
{F053C368-5458-45B2-9B4D-D8914BDDDBFF}

[HKEY_CLASSES_ROOT\clsid\{79b870fe-070a-4aec-8a9a-d3d351a1eac8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{79B870FE-070A-4AEC-8A9A-D3D351A1EAC8}"= C:\Programmi\BSWORLD.COM\tbBSWO.dll [2006-08-03 10:20 1035344]

[HKEY_CLASSES_ROOT\clsid\{79b870fe-070a-4aec-8a9a-d3d351a1eac8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ManyCam"="C:\Programmi\ManyCam 2.1\ManyCam.exe" [2007-04-24 08:08 1515520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 14:45 90112 C:\WINDOWS\SOUNDMAN.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-09-13 06:00 544768 C:\WINDOWS\sm56hlpr.exe]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28 49152]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"DXDllRegExe"="dxdllreg.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-05-18 17:27 949376]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-07-17 09:41 180269]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]
"au"="C:\Programmi\Dealio\DealioAu.exe" [ ]
"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 18:01 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"NWEReboot"="" []
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ATI CATALYST System Tray.lnk - C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe [2005-08-12 14:43:58 45056]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-07-22 16:50:16 577597]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568]

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-03 22:00]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 13:17]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 13:00]
R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58]
R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27a760e6-6e8b-11dc-80c9-00e1a7767681}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-08 21:04:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 08:16:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-02-19 20.21.56
ComboFix-quarantined-files.txt 2008-02-19 19:21:53
.
2008-02-09 10:03:31 --- E O F ---


Ecco il link della scansione con gmer AUTOSTART
http://www.freefilehosting.net/download/3c9f7


Questa invece è la scansione con ROOTKIT
http://www.freefilehosting.net/download/3c9f8

Spero di aver fatto tutto bene!!! P.S. anke la scansione con gmer l'ho effettuata con l'antivirus disabilitato, è giusto?
Fatemi sapere se è tutto a posto!

Grazie mille
P.s.2 : nn mi si aprono + quelle pagine pubblicitarie! grazie ancora!

[Sante62]

Si, le scansioni vanno sempre fatte con l'antivirus disabilitato.
I log di GMER sembrano a posto...
Avvia HJT e fixa queste altre righe:

[Alby-berto]

La bsworld toolbar la utilizzo

ecco il log di hjt

Logfile of HijackThis v1.99.1
Scan saved at 21.18.57, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\V0220Mon.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\ManyCam 2.1\ManyCam.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Java\jre1.5.0_09\bin\jucheck.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\Alberto\Documenti\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://it.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: BSWORLD.COM Toolbar - {79b870fe-070a-4aec-8a9a-d3d351a1eac8} - C:\Programmi\BSWORLD.COM\tbBSWO.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programmi\TextAloud\TAForIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [au] "C:\Programmi\Dealio\DealioAu.exe"
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ManyCam] "C:\Programmi\ManyCam 2.1\ManyCam.exe"
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programmi\Dealio\res\DealioSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} (BLZPlayerAxCtrl Class) - http://visualizzamms.net.vodafone.it/mms/EmblazePCPlayerActiveXs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

QUesto è il risultato di The avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\q^kipwvf

*******************

Script file located at: \??\C:\WINDOWS\vbuijatn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\AdssiteSocial-uninstall.exe deleted successfully.
File C:\WINDOWS\system32\adssite-remove.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


E questo è il log di Norman Malware cleaner
Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/02/13 17:04:03

Norman Scanner Engine Version: 5.91.10
Nvcbin.def Version: 5.90.00, Date: 2008/02/13 17:04:03, Variants: 1304976

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 2
Logged on user: COMPUTER\Alberto

Removed hosts entry: 127.0.0.1 bin.errorprotector.com
Removed hosts entry: 127.0.0.1 br.errorsafe.com
Removed hosts entry: 127.0.0.1 br.winantivirus.com
Removed hosts entry: 127.0.0.1 br.winfixer.com
Removed hosts entry: 127.0.0.1 cdn.drivecleaner.com
Removed hosts entry: 127.0.0.1 cdn.errorsafe.com
Removed hosts entry: 127.0.0.1 cdn.winsoftware.com
Removed hosts entry: 127.0.0.1 de.errorsafe.com
Removed hosts entry: 127.0.0.1 de.winantivirus.com
Removed hosts entry: 127.0.0.1 download.cdn.drivecleaner.com
Removed hosts entry: 127.0.0.1 download.cdn.errorsafe.com
Removed hosts entry: 127.0.0.1 download.cdn.winsoftware.com
Removed hosts entry: 127.0.0.1 download.errorsafe.com
Removed hosts entry: 127.0.0.1 download.systemdoctor.com
Removed hosts entry: 127.0.0.1 download.winantispyware.com
Removed hosts entry: 127.0.0.1 download.windrivecleaner.com
Removed hosts entry: 127.0.0.1 download.winfixer.com
Removed hosts entry: 127.0.0.1 drivecleaner.com
Removed hosts entry: 127.0.0.1 dynamique.drivecleaner.com
Removed hosts entry: 127.0.0.1 errorprotector.com
Removed hosts entry: 127.0.0.1 errorsafe.com
Removed hosts entry: 127.0.0.1 es.winantivirus.com
Removed hosts entry: 127.0.0.1 fr.winantivirus.com
Removed hosts entry: 127.0.0.1 fr.winfixer.com
Removed hosts entry: 127.0.0.1 go.drivecleaner.com
Removed hosts entry: 127.0.0.1 go.errorsafe.com
Removed hosts entry: 127.0.0.1 go.winantispyware.com
Removed hosts entry: 127.0.0.1 go.winantivirus.com
Removed hosts entry: 127.0.0.1 hk.winantivirus.com
Removed hosts entry: 127.0.0.1 instlog.errorsafe.com
Removed hosts entry: 127.0.0.1 instlog.winantivirus.com
Removed hosts entry: 127.0.0.1 instlog.winfixer.com
Removed hosts entry: 127.0.0.1 jsp.drivecleaner.com
Removed hosts entry: 127.0.0.1 kb.errorsafe.com
Removed hosts entry: 127.0.0.1 kb.winantivirus.com
Removed hosts entry: 127.0.0.1 nl.errorsafe.com
Removed hosts entry: 127.0.0.1 se.errorsafe.com
Removed hosts entry: 127.0.0.1 secure.drivecleaner.com
Removed hosts entry: 127.0.0.1 secure.errorsafe.com
Removed hosts entry: 127.0.0.1 secure.winantispam.com
Removed hosts entry: 127.0.0.1 secure.winantispy.com
Removed hosts entry: 127.0.0.1 secure.winantivirus.com
Removed hosts entry: 127.0.0.1 support.winantivirus.com
Removed hosts entry: 127.0.0.1 trial.updates.winsoftware.com
Removed hosts entry: 127.0.0.1 ulog.winantivirus.com
Removed hosts entry: 127.0.0.1 utils.errorsafe.com
Removed hosts entry: 127.0.0.1 utils.winantivirus.com
Removed hosts entry: 127.0.0.1 utils.winfixer.com
Removed hosts entry: 127.0.0.1 winantispyware.com
Removed hosts entry: 127.0.0.1 winantivirus.com
Removed hosts entry: 127.0.0.1 winfixer.com
Removed hosts entry: 127.0.0.1 winfixer2006.com
Removed hosts entry: 127.0.0.1 winsoftware.com
Removed hosts entry: 127.0.0.1 www.drivecleaner.com
Removed hosts entry: 127.0.0.1 www.errorprotector.com
Removed hosts entry: 127.0.0.1 www.errorsafe.com
Removed hosts entry: 127.0.0.1 www.systemdoctor.com
Removed hosts entry: 127.0.0.1 www.utils.winfixer.com
Removed hosts entry: 127.0.0.1 www.win-anti-virus-pro.com
Removed hosts entry: 127.0.0.1 www.win-virus-pro.com
Removed hosts entry: 127.0.0.1 www.winantispam.com
Removed hosts entry: 127.0.0.1 www.winantispy.com
Removed hosts entry: 127.0.0.1 www.winantispyware.com
Removed hosts entry: 127.0.0.1 www.winantivirus.com
Removed hosts entry: 127.0.0.1 www.winantiviruspro.com
Removed hosts entry: 127.0.0.1 www.windrivecleaner.com
Removed hosts entry: 127.0.0.1 www.windrivesafe.com
Removed hosts entry: 127.0.0.1 www.winfixer.com
Removed hosts entry: 127.0.0.1 www.winfixer2006.com
Removed hosts entry: 127.0.0.1 www.winsoftware.com

Scan started: 20/02/2008 18:34:18


Scanning running processes and process memory...

Number of processes/threads found: 505
Number of processes/threads scanned: 505
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 6s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Alberto\Desktop\cerimonia\Alicia_Keys-As_I_Am-www.livedown.org.rar/CMT (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alberto\Documenti\eMule\Incoming\James_Blunt-All_The_Lost_Souls-2007-FNT.rar/CMT (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alberto\Documenti\eMule\Incoming\James_Blunt-All_The_Lost_Souls-2007-FNT.rar/RR (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Alberto\Documenti\Video\cacca\015.part/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\ALBUM - Justine Timberlake - Futuresex - Lovesounds - 2CD - 2006 - 50K4 + Cover.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\Shakira.-.Fijacion.Oral.vol..1.-.2005.-.Mp3-VBRkbps.-.Cover.-.EMG.-.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\SHAKIR~1.RAR/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\VA-Festivalbar_2007_Compilation_Blu-2007-SAW.rar/CMT (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Incoming\VA-Festivalbar_2007_Compilation_Blu-2007-SAW.rar/RR (Error whilst scanning file: I/O Error)

C:\Programmi\eMule\Temp\056.part/CMT (Error whilst scanning file: I/O Error)

C:\QooBox\Quarantine\C\WINDOWS\system32\~.exe.vir (Infected with W32/PolyCrypt.A)
Deleted file

C:\WINDOWS\svchost.dll (Infected with W32/Adclicker.AVY)
Deleted file

Scanning: c:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 154472
Number of archives unpacked: 6366
Number of files scanned: 154442
Number of files not scanned: 30
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 39m 26s

è ok?

[Alby-berto]

[b]La bsworld toolbar la utilizzo

Edit: logs rimossi perchè postati due volte...

Bene, sono state tolte altre schifezze...
Adesso collegati a Kaspersky online scanner
Quando sta scaricando i file necessari, disattiva momentaneamente l'antivirus. Non appena inizia la scansione del PC disconnettiti da internet.
Alla fine carica il risultato su www.freefilehosting.net, riportando quì il link che ti viene assegnato come indicato quì

[Sante62]

Procedi come indicato sopra....