Logfile of HijackThis v1.99.1
Scan saved at 14.39.59, on 21/05/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\RealVNC\WinVNC\winvnc.exe
C:\WINNT\System32\rundll32.exe
D:\HiJack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D12F839-D7AC-49F2-99CB-68340A3D459D} - C:\WINNT\System32\glhe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll,DllInstall
O4 - Startup: Run VNC Server.lnk = C:\Programmi\RealVNC\WinVNC\winvnc.exe
O4 - Startup: WinMX.lnk = C:\Programmi\WinMX\WinMX.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://it.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://it.msn.com
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.yeak.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O18 - Filter: text/html - {366EE813-99BC-4CE9-BBF0-9E513F4F21B9} - C:\WINNT\System32\glhe.dll
O18 - Filter: text/plain - {366EE813-99BC-4CE9-BBF0-9E513F4F21B9} - C:\WINNT\System32\glhe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
-
O2 - BHO: (no name) - {1D12F839-D7AC-49F2-99CB-68340A3D459D} - C:\WINNT\System32\glhe.dll
-
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll,DllInstall
-
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.yeak.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O18 - Filter: text/html - {366EE813-99BC-4CE9-BBF0-9E513F4F21B9} - C:\WINNT\System32\glhe.dll
O18 - Filter: text/plain - {366EE813-99BC-4CE9-BBF0-9E513F4F21B9} - C:\WINNT\System32\glhe.dll
-
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
se.dll
spage.html
glhe.dll
==================================

SVUOTA LA CARTELLA
C:\DOCUME~1\Pc1\IMPOST~1\Temp


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA


al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.

---

Collaboratore Aiutamici