Logfile of HijackThis v1.98.2
Scan saved at 9.38.45, on 16/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\iosdt\iosdt.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Spyware Stormer\SpywareStormer.Exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Paolo\Impostazioni locali\Temporary Internet Files\Content.IE5\IBWZ8B0V\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ezrourzhnfuykzxosyacxzidv.uk/Xl7cofugyp31PGNzBhnpTuG31pmbt2H0AdN2uauPR3KK3qUg/iAA9XyjvCX9neVP.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Virgilio
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B446F18-7340-1360-B05C-E12137B97B00} - C:\DOCUME~1\Paolo\DATIAP~1\CDROMM~1\FiveBits.exe
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MMTray] C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Atom Itch Mapi Thunk] C:\Documents and Settings\All Users\Dati applicazioni\FACEGREATATOMITCH\third 64.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Spyware Stormer] C:\Programmi\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [sect bias] C:\DOCUME~1\Paolo\DATIAP~1\PINGTI~1\optionbendsecond.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://gw.virgilio.it/6brand.home
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.notrace.it/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6829D984-0E87-45CB-85D5-EE45ECAD3D93}: NameServer = 151.99.229.225,151.99.250.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{6829D984-0E87-45CB-85D5-EE45ECAD3D93}: NameServer = 151.99.229.225,151.99.250.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{6829D984-0E87-45CB-85D5-EE45ECAD3D93}: NameServer = 151.99.229.225,151.99.250.2

Grazie mille

Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
C:\WINDOWS\System32\iosdt\iosdt.exe
-
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ezrourzhnfuykzxosyacxzidv.uk/Xl7cofugyp31PGNzBhnpTuG31pmbt2H0AdN2uauPR3KK3qUg/iAA9XyjvCX9neVP.jpg
-
O2 - BHO: (no name) - {2B446F18-7340-1360-B05C-E12137B97B00} - C:\DOCUME~1\Paolo\DATIAP~1\CDROMM~1\FiveBits.exe
-
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
-
O4 - HKLM\..\Run: [Atom Itch Mapi Thunk] C:\Documents and Settings\All Users\Dati applicazioni\FACEGREATATOMITCH\third 64.exe
-
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [sect bias] C:\DOCUME~1\Paolo\DATIAP~1\PINGTI~1\optionbendsecond.exe
-
O14 - IERESET.INF: START_PAGE_URL=http://gw.virgilio.it/6brand.home
-
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.notrace.it/scan/Msie/bitdefender.cab
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
iosdt.exe
MsgPlus.exe
FiveBits.exe
third 64.exe
optionbendsecond.exe
==================================

al termine utilizza i programma AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

---

alfonso_aiutamici@hotmail.it

Grazie mille...ho fatto tutto anche se due righe non comparivano più ne in modalità provvisoria ne in modalità normale..
Poi dei file che mi hai detto di cercare e cancellare ne erano presenti solo 2 su 6.

Grazie mille ancora
Paolo