credo tu abbia un virus..
qui e' tutto a posto..

scarica

spybot seatch and destroy

e' gratuito e lancialo..

Massimiliano, ho fatto come hai detto la scansione tutto ok, però mi compaiono sempre i messaggi doppi e quel cavolo di link in Handy.com sponsored links, non so che fare?

Ciao truzzeddu

Fai così:
Disattiva momentaneamente l'antivirus
Scarica Combofix:


Se usi Xp, doppio clic su Combofix.exe
Se usi Vista eseguilo come amministratore
tasto destro sull'icona rossa, esegui come...


Lascia lavorare il programma senza interferire......Finito
Allega il rapporto che trovi in C:\ComboFix.txt nella tua risposta.

Ok ho fatto il rapporto è questoComboFix 10-05-07.07 - Admin 08/05/2010 14.04.41.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.490 [GMT 2:00]
Eseguito da: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100507-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

C:\Documents
c:\programmi\Dealio Toolbar
c:\programmi\Dealio Toolbar\FF\chrome.manifest
c:\programmi\Dealio Toolbar\FF\chrome\content\chevron.js
c:\programmi\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\login.js
c:\programmi\Dealio Toolbar\FF\chrome\content\login.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\parser.js
c:\programmi\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\programmi\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\programmi\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\programmi\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\target.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\programmi\Dealio Toolbar\FF\components\config.ini
c:\programmi\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\programmi\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\programmi\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\programmi\Dealio Toolbar\FF\install.rdf
c:\programmi\Dealio Toolbar\IE\4.0.2\config.ini
c:\programmi\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\programmi\Dealio Toolbar\Res\amazon.gif
c:\programmi\Dealio Toolbar\Res\apple.gif
c:\programmi\Dealio Toolbar\Res\barnes.gif
c:\programmi\Dealio Toolbar\Res\bestbuy.gif
c:\programmi\Dealio Toolbar\Res\dealio_logo.gif
c:\programmi\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\programmi\Dealio Toolbar\Res\ebay.gif
c:\programmi\Dealio Toolbar\Res\icon_settings.gif
c:\programmi\Dealio Toolbar\Res\macys.gif
c:\programmi\Dealio Toolbar\Res\newegg.gif
c:\programmi\Dealio Toolbar\Res\overstock.gif
c:\programmi\Dealio Toolbar\Res\search-button-hover.gif
c:\programmi\Dealio Toolbar\Res\search-button.gif
c:\programmi\Dealio Toolbar\Res\search-chevron-hover.gif
c:\programmi\Dealio Toolbar\Res\search-chevron.gif
c:\programmi\Dealio Toolbar\Res\search_amazon.gif
c:\programmi\Dealio Toolbar\Res\search_dealio.gif
c:\programmi\Dealio Toolbar\Res\search_ebay.gif
c:\programmi\Dealio Toolbar\Res\search_yahoo.gif
c:\programmi\Dealio Toolbar\Res\target.gif
c:\programmi\Dealio Toolbar\Res\walmart.gif
c:\programmi\Dealio Toolbar\Res\widgets.xml
c:\programmi\Dealio Toolbar\SeARchsettings.dll
c:\programmi\Dealio Toolbar\SearchSettings.exe
c:\programmi\Dealio Toolbar\SearchSettingsRes409.dll
c:\programmi\Dealio Toolbar\sscfg.ini
c:\programmi\Dealio Toolbar\SSFF\chrome.manifest
c:\programmi\Dealio Toolbar\SSFF\chrome\content\plugin.js
c:\programmi\Dealio Toolbar\SSFF\chrome\content\plugin.xul
c:\programmi\Dealio Toolbar\SSFF\chrome\content\protection.js
c:\programmi\Dealio Toolbar\SSFF\chrome\content\utils.js
c:\programmi\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\programmi\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.properties
c:\programmi\Dealio Toolbar\SSFF\chrome\skin\yahoo.xml
c:\programmi\Dealio Toolbar\SSFF\components\IFBHOSearch.xpt
c:\programmi\Dealio Toolbar\SSFF\components\IFBHOSearchHelperEngine.xp t
c:\programmi\Dealio Toolbar\SSFF\components\IFHelperPreferences.xpt
c:\programmi\Dealio Toolbar\SSFF\components\SearchSettingsFF.dll
c:\programmi\Dealio Toolbar\SSFF\components\sscfg.ini
c:\programmi\Dealio Toolbar\SSFF\install.rdf
c:\programmi\Dealio Toolbar\WidgiHelper.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-04-08 al 2010-05-08 )))))))))))))))))))))))))))))))))))
.

2010-05-07 16:14 . 2010-05-07 18:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-07 16:14 . 2010-05-07 16:22 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-04-21 14:06 . 2010-04-21 14:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\UDL
2010-04-21 14:02 . 2010-04-21 14:02 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-04-21 13:48 . 2010-04-21 14:03 -------- d-----w- c:\programmi\EPSON Print CD
2010-04-21 13:45 . 2007-01-11 04:02 113664 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2010-04-21 13:45 . 2010-04-21 14:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2010-04-21 13:45 . 2004-09-10 18:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-04-21 13:45 . 2007-12-07 00:08 86528 ----a-w- c:\windows\system32\E_FLBCKE.DLL
2010-04-21 13:45 . 2007-12-07 00:01 78848 ----a-w- c:\windows\system32\E_FD4BCKE.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-05-08 11:38 . 2009-04-15 08:37 -------- d-----w- c:\documents and settings\Admin\Dati applicazioni\OpenOffice.org2
2010-04-21 14:09 . 2009-04-10 06:31 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-21 14:06 . 2009-04-09 14:07 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-04-21 14:04 . 2010-04-21 13:46 -------- d-----w- c:\programmi\EPSON
2010-04-21 13:46 . 2010-04-21 13:46 -------- d-----w- c:\documents and settings\Admin\Dati applicazioni\InstallShield
2010-03-10 06:15 . 2004-08-19 15:39 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:16 . 2004-08-19 15:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-03 23:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 2004-08-19 15:34 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 15:34 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-10 19:42 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-19 15:39 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 23:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP0.dll" [2010-03-22 2349080]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w- c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
2010-03-22 12:54 2349080 ----a-w- c:\programmi\PHPNukeIT\tbPHP0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4d02e7e6-5930-4b51-b9b0-9f21b3789400}"= "mscoree.dll" [2008-07-25 282112]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP0.dll" [2010-03-22 2349080]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}"= "c:\programmi\PHPNukeIT\tbPHP0.dll" [2010-03-22 2349080]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr. exe" [2003-06-24 126976]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2003-06-24 561152]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"MobileConnect"="c:\programmi\Vodafone\Vodafon e Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2009-10-11 149280]
"OpwareSE2"="c:\programmi\ScanSoft\OmniPageSE2.0\O pwareSE2.exe" [2003-05-08 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Admin\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.0.lnk - c:\programmi\OpenOffice.org 2.0\program\quickstart.exe [2006-1-25 61440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Digital Line Detect.lnk - c:\programmi\Digital Line Detect\DLG.exe [2009-4-10 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/04/2009 17.57.21 114768]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [08/01/2010 1.51.02 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [09/04/2009 17.57.21 20560]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/11/2008 11.39.20 14336]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [17/07/2008 9.04.00 8064]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [04/08/2009 11.44.57 110080]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [04/08/2009 11.44.32 104960]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [05/09/2008 15.57.00 59648]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [08/09/2008 9.40.00 105984]
S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [08/09/2008 8.05.00 18816]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [04/08/2009 11.43.55 7680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2010-05-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2010-05-08 c:\windows\Tasks\User_Feed_Synchronization-{F94C3F37-FEC8-4C27-878A-BB4FC6032F41}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\i1ywi6ti.def ault\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.nims.it:8440/Web/
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - plugin: c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.5.1\Plugins\npyb rowserplus_2.5.1.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npigl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\programmi\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
Toolbar-Locked - (no file)
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\programmi\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
HKCU-Run-msnmsgr - c:\programmi\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-SearchSettings - c:\programmi\Dealio Toolbar\SearchSettings.exe
AddRemove-igLoader - c:\programmi\igLoader\uninstall.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\programmi\NOS\bin\getPlus_Helper.dll



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 14:08
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
Ora fine scansione: 2010-05-08 14:11:09
ComboFix-quarantined-files.txt 2010-05-08 12:11

Pre-Run: 44.275.363.840 byte disponibili
Post-Run: 44.739.014.656 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 877A41F817C57B4F5CDB93BA33DE21E7
:

Potevi allegare il file con gestione allegati...........[:D]

Un momento che te lo controllo.

Salva il documento che ti allego
apri il blocco note copia e salva questo testo, chiamandolo CFScript
col mouse trascina il file CFScript.txt sull'icona rossa di combofix

lascia lavorare il programma
finito verrà creato un nuovo log combofix.txt, postalo

Esegui una scansione completa con Malwarebytes ed allega il report.

Scarica ElistarA
doppio clic per eseguirlo
clicca su "si" alle richieste di pulizia
nella schermata principale clicca su "explorar"
allega il risultato. (il log con le informazioni di ciò che è stato effettuato lo trovate in C:\InfoSat.txt)

Intanto grazie per la cortesia ho fatto quello che mi hai chiesto,

OK

Mi faresti cortesemente vedere il log di Malwarebytes?
Hai trascinato il file CFScript.txt sull'icona rossa di combofix? se si, puoi eliminare combofix e la sua cartella che trovi in C.\qboox.

Per eliminare i messaggi doppi vai sotto a sinistra che sicuramente ai messo provetta backup cambia e metti default autunno o l'altro e vedrei che risolvi

Anche io ho provato a cambiare il default passando da quello Autunno a quello provetta backup, mi dava tutti i messaggi doppi in lettura, tornato a quello Autunno è tornato tutto normale

Si, evidentemente c'è uno script in quella skin creato a quello scopo. [:-bunny]

@truzzeddu, prosegui con le operazioni, i tool eseguiti hanno fatto il proprio dovere.

Vediamo cosa dice Malwarebytes, poi dai una ripulita ai file temporanei con TFC by OldTimer e con OTC che servirà a disinstallare i tool usati.

Aggiorna anche Avast con l'ultima versione disponibile.

Maria grazie! ho risolto! non mi appare più neanche la pubblicità di google!
Duca grazie anche a te! siete stati gentilissimi.
Era tutta colpa del provetta backup!

Ops.. tolgo subito..
in realta' quella skin non doveva essere visibile..

---------- Messaggio inserito alle 02:24 PM ---------- il messaggio prcedente inserito alle 02:22 PM ----------

Duca.. grazie del tuo supporto..
puoi contattarmi in pvt?
volevo farti una proposta di collaborazione :)

prestare attenzione anche all'antivirus Malwarebytes Security. deve trovare e rimuovere virus sul PC -