Ciao ho fatto tutto quello che mi hai detto ed ho eliminato le cose che mi diceva di eliminare.Poi ho rifatto il log e ho rifatto il tutto ma una stringa riappare sempre anche se l'operazione lo ripetuta piu volte quella è sempre lì ti aggiungo un nuovo log e ti dico quale stringa è.
Logfile of HijackThis v1.99.0
Scan saved at 22.26.53, on 10/04/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAMMI\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAMMI\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAMMI\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSIMPL.EXE
C:\WINDOWS\SYSTEM\DMSADMINS.EXE
C:\WINDOWS\SYSTEM\QWINNTA.EXE
C:\WINDOWS\SYSTEM\SESMGR.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ActiveX Control - {45E70580-A892-11D9-96AE-444553540000} - C:\WINDOWS\SYSTEM\MSHSH.DLL
O2 - BHO: IE SP2 AddOn - {4AE8C280-A892-11D9-96AE-444553540000} - C:\WINDOWS\SYSTEM\SPPMP.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ashWebSv.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAMMI\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAMMI\HP\HPCORETECH\COMP\HPUIPROT.DLL
<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
ciao, nessuno piu' esperto d me ti ha ancora risposto.
Ok vediamo di autarti.
incolla il tuo log a questo indirizzo nella finestra bianca, poi clicca su analizza
uscira' una analisi con quello che non va'
http://www.hijackthis.de/index.phpLa stringa che non si elimina è la seguente:
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
ciao a presto
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>