nel mio pc la pagina iniziale cambia sempre e poi s autoistallano varie cose...aiutatemi:
Logfile of HijackThis v1.99.1
Scan saved at 0.48.46, on 06/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pianetazzurro.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://products.webroot.com/disp0201.php?pc=andrc=&ps=F&oc=22&mjv=3&mnv=0&bld=129&cd=&dcc=&drc=&mo=&sid=&lang=en&sn=6q5ss&sc=Trojan:20Horse
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Programmi\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [InstaFinderK] C:\Programmi\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Programmi\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdd_4.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmd_4.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrd_4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\jtn6075se.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Window Svhost System - Unknown owner - C:\WINDOWS\system32\rvssis.exe

Crea una nuova cartella in C:\Programmi ed inserisci al suo interno l'eseguibile di hijackThis, solo in questo modo potrai avere file di backup corretti.

Mandami, per cortesia, zippati i seguenti file a www.suspectfile.com
Grazie
MyToolBar.dll
InstaFinderK_inst.exe
SemanticInsight.exe
kybrdd_4.exe
nwnmd_4.exe
dfndrd_4.exe
rvssis.exe

Scarica, installa ed aggiorna Ewido
http://www.ewido.net/en/
e
CCleaner
http://www.ccleaner.com/

Vai in Pannello di controllo>Installazione Applicazioni e disinstalla, se presenti, questi programmi e le relative cartelle in C:\Programmi
INSTAFINK
RXToolBar
ToolBar888
Apri hijackthis, esegui una scansione e metti la spunta al fianco dei valori. Chiudi tutti i programmi, browser compreso, clicca su Fix checked:

R3 - Default URLSearchHook is missing
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [InstaFinderK] C:\Programmi\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Programmi\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdd_4.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmd_4.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrd_4.exe
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\jtn6075se.dll (file missing)
O23 - Service: Window Svhost System - Unknown owner - C:\WINDOWS\system32\rvssis.exe

Riavvia in modalità provvisoria ed elimina le cartelle, se ancora presenti:
C:\Programmi\<b>ToolBar888</b>C:\Programmi\<b>INSTAFINK</b>C:\Programmi\<b>RXToolBar</b>
Elimina i file:
kybrdd_4.exe
nwnmd_4.exe
dfndrd_4.exe
rvssis.exe ==> quest'ultimo potresti non visualizzarlo perchè nascosto, in questo caso in seguito utilizzeremo un file batch per renderlo visibile

sempre dalla provvisoria effettua una scansione con Ewido
finita la scansione apri CCleaner, clicca su Opzioni>Avanzate e togli la spunta da "Cancella file in Windows Temp solo se più vecchi di 48 ore".
Esegui ora la scansione cliccando, dalla finestra principale su "Avvia Cleaner".

Riavvia in modalità normale.
posta un nuovo log di HJT

stasera appena torno da lavoro lo faccio...grazie mille...ma perdonate la mia ignoranza...dove trovo questi file?MyToolBar.dll
InstaFinderK_inst.exe
SemanticInsight.exe
kybrdd_4.exe
nwnmd_4.exe
dfndrd_4.exe
rvssis.exe
devo cercarli in C:/programmi?

perdonami...ma come attivo l'opzione per visuallizzare i file e le cartelle nascosti ?

ok..grazie...stasera appena torno a casa lo faccio!