Ciao pidue ho fatto tutto quello che mi hai consigliato ma ho notato che i file eliminati con HijackThis si ripresentano inesorabilmente al successivo esame (scannerizzamento!!)col programma. Non sono riuscito ad eliminare il file C:\WINNT\shell.exe perchè è utilizzato da windows. Devo anche dire che nel computer sono attivate una serie di limitazioni che mi impediscono di fare molte operazioni e mi ordinano di rivolgermi all'amministratore del sistema, che poi sarei io stesso. Cose da pazzi!! Molte cartelle importanti non appaiono più, come il pannello di controllo. Sono nei guai. Ti riinvio il log di HijackThis, programma che risiede in una sua cartella nel disco C. Grazie ancora per quanto potrai fare, jjmmy
Logfile of HijackThis v1.99.1
Scan saved at 13.56.57, on 05/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\mgabg.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.exe
C:\WINNT\shell.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Garzanti Linguistica\Italiano Clic\vb\ItaTray.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Everyday Auto Backup\AutoBackup.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.unipr.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\shell.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Italiano clic] C:\PROGRA~1\Garzanti Linguistica\Italiano Clic\vb\ItaTray.exe /w
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Printer] C:\WINNT\system32\printer.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Everyday Auto Backup] C:\Programmi\Everyday Auto Backup\AutoBackup.exe /1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINNT\system32\spoolvs.exe
O4 - Startup: Collegamento a freepopsd.exe.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: Collegamento a Microsoft Outlook.lnk = ?
O4 - Startup: Collegamento a Smc.exe.lnk = C:\Programmi\Sygate\SPF\Smc.exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download using Download &Express - C:\PROGRAMMI\DOWNLOAD EXPRESS\Add_Url.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{338CD1F2-9515-4121-A307-391048F28098}: NameServer = 160.78.48.10,192.135.11.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{338CD1F2-9515-4121-A307-391048F28098}: NameServer = 192.135.112.20,160.78.40.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{338CD1F2-9515-4121-A307-391048F28098}: NameServer = 160.78.48.10,192.135.11.20
O17 - HKLM\System\CS4\Services\Tcpip\..\{338CD1F2-9515-4121-A307-391048F28098}: NameServer = 160.78.48.10,192.135.11.20
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - (no file)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: Spooler di stampa (Spooler) - Unknown owner - C:\WINNT\system32\spoolsv.exe (file missing)
O23 - Service: Microsoft Service Manager (winmdgr) - Sygate Technologies, Inc. - (no file)