Salve, ho bisogno di aiuto, mi è capitato di scaricare per sbaglio un file .exe contraffatto di un programma, che malauguratamente l'ho aperto e in un istante l'icona è sparita dal nulla. Ora a intervalli a ogni 5 minuti mi si apre di continuo a mia insaputa il brower di internet explorer col seguente indirizzo http://xxxxxxxx che di solito appare la pubblicità tipo "gioca al casinò cliccate quà cliccate là" ecc... che sarò costretto a chiuderla e dopo un pò riappare.
Come posso eliminarla? Mi potete aiutare?

puoi postare un log di hjt?
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php#

quando lo scarichi ricorda di metterlo nel percorso C:\PROGRAMMI

Posto il Log Hijackthis. Mi correggete per favore?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:26:55, on 22/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Microsoft Office\Office\OSA.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: xxx.xx.60.1 SEGRET_PRI
O1 - Hosts: xxx.xx.60.4 tritisrv
O1 - Hosts: xxx.xx.10.1 SISTINF_PRI
O1 - Hosts: xxx.xx.120.1 intranet_pri
O1 - Hosts: xxx.xx.110.1 llpp_pri
O1 - Hosts: xxx.xx.50.1 RAONE_PRI
O1 - Hosts: xxx.xx.90.2 ANPRIA
O1 - Hosts: xxx.xx.90.3 ANARIB
O1 - Hosts: xxx.xx.90.4 ANAPRIC
O1 - Hosts: xxx.xx.60.2 CMLTWEBSRV
O1 - Hosts: xxx.xx.60.3 cmltdatasrv
O1 - Hosts: xxx.xx.40.10 icisrv_bdc
O1 - Hosts: xxx.xx.50.130 mcpri
O1 - Hosts: xxx.xx.90.15 webarafe
O2 - BHO: (no name) - {047F6338-5F07-4D2B-9ED7-E3F1084DCB5b} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {6C350DFC-885F-4296-82E3-6428DD982099} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {973F40B1-6B0E-48B8-A9CE-306A21D9AD34} - (no file)
O2 - BHO: {1db2e1a3-6e89-133a-1034-c516c891c5bb} - {bb5c198c-615c-4301-a331-98e63a1e2bd1} - C:\WINDOWS\system32\ykwnqf.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LEONE.IT
O17 - HKLM\Software\..\Telephony: DomainName = LEONE.IT
O17 - HKLM\System\CCS\Services\Tcpip\..\{64F13738-EC6F-46E0-B678-9E310A7DB32F}: NameServer = 212.XX.96.1,XXX.96.XX.2,XX.50.50.130,XXX.50.50.131
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LEONE.IT
O17 - HKLM\System\CS1\Services\Tcpip\..\{64F13738-EC6F-46E0-B678-9E310A7DB32F}: NameServer = 212.6XX.96.1,XX.96.XX.2,XX.50.50.1XX,XX0.50.50.131
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wzzsip.dll,avgrsstx.dll
O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll
O20 - Winlogon Notify: yaywtUlK - yaywtUlK.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 6767 bytes

Problema risolto! Grazie shapiro.