Esegui 
![[cry+]](http://www.megalab.it/forum/images/smilies/cry.gif "Piangere a dirotto")
purtroppo nonostante che search&destroy e ad-aware dicono che li tolgono, ricompaiono sempre.
che devo fare??
dopo aver letto un vostro articolo mi suggerite di postare l' Hijackthis
eccolo qui di seguito subito dopo aver eseguito search&destroy :
Logfile of HijackThis v1.99.1
Scan saved at 14.00.47, on 09/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
C:\Programmi\Panicware\Pop-Up Stopper Anti-Spyware\PWISVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Programmi\Panicware\Pop-Up Stopper Anti-Spyware\PUSAS.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rsvp.exe
C:\Programmi\WinMX\WinMX.exe
C:\Documents and Settings\Administrator\Desktop\Files per Ripristinare il PC\CONDIVISI\WINMX\[AMICI DI PETRO]MXMoni130ITA\MXMoni130ITA\MXMoniE.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\appyj.exe
C:\WINDOWS\ipgn.exe
C:\Documents and Settings\Administrator\Desktop\Caccia ai VIRUS\HijackThis.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Panicware BHO Class - {00000000-6C30-11D8-9363-000AE6309658} - C:\Programmi\Panicware\Pop-Up Stopper Anti-Spyware\PWIBHO.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {226F805F-8E96-0121-4596-E21EA0B40429} - (no file)
O2 - BHO: (no name) - {44B06760-8B11-338A-B7AC-7C1CD277B316} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {9E15F239-C4F7-8EB8-6033-C3BB100C2276} - C:\WINDOWS\system32\msff.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Class - {C6A53716-4EDC-CC43-99E1-9DBC615B7F1D} - C:\WINDOWS\system32\ntvd32.dll (file missing)
O2 - BHO: Class - {D40655FE-E21F-1542-6249-715743732B2D} - C:\WINDOWS\system32\ntgz.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Programmi\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Pop-Up Stopper Anti-Spyware Toolbar - {E4CAA75E-9B5F-45EB-8E4E-8B743B44F171} - C:\Programmi\Panicware\Pop-Up Stopper Anti-Spyware\PWITB.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [appyj.exe] C:\WINDOWS\system32\appyj.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Pop-Up_Stopper_Anti-Spyware] C:\Programmi\Panicware\Pop-Up Stopper Anti-Spyware\PUSAS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0767868265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0D3091D-23BD-46AA-AE55-E7A51D944CE3}: NameServer = 193.70.152.15 193.70.152.25
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Pop-Up Stopper Anti-Spyware Service (PWISVC) - Panicware, Inc. - C:\Programmi\Panicware\Pop-Up Stopper Anti-Spyware\PWISVC.EXE
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
*************************************************************
e questo e' di StartupTracker
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
appyj.exe C:\WINDOWS\system32\appyj.exe
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ATICCC "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
Collegamento alla pagina delleHDAShCut.exe
Babylon Client C:\Programmi\Babylon\Babylon.exe -AutoStart
SweetIM C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
gcasServ "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
APVXDWIN "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
QuickTime Task "C:\Programmi\QuickTime\qttask.exe" -atboottime
ipgn.exe C:\WINDOWS\ipgn.exe
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SweetIM C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
Pop-Up_Stopper_Anti-Spyware C:\Programmi\Panicware\Pop-Up Stopper Anti-Spyware\PUSAS.EXE
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Start Menu - Current User --
No Items Found
-- Start Menu - All Users --
No Items Found
-- Disabled Items --
No Items Found
-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --
Explorer.exe
-- Running Processes --
System Idle Process
System
smss.exe \SystemRoot\System32\smss.exe
csrss.exe C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe winlogon.exe
services.exe C:\WINDOWS\system32\services.exe
lsass.exe C:\WINDOWS\system32\lsass.exe
ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe C:\WINDOWS\system32\svchost -k DcomLaunch
TPSrv.exe "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe"
svchost.exe C:\WINDOWS\system32\svchost -k rpcss
svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe C:\WINDOWS\system32\svchost.exe -k LocalService
PNmSrv.exe "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE"
PWISVC.EXE "C:\Programmi\Panicware\Pop-Up Stopper Anti-Spyware\PWISVC.EXE"
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
ati2evxx.exe Ati2evxx.exe -Client
explorer.exe C:\WINDOWS\Explorer.EXE
CLI.exe "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
SweetIM.exe "C:\Programmi\Macrogaming\SweetIM\SweetIM.exe"
gcasServ.exe "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
ApVxdWin.exe "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
PUSAS.EXE "C:\Programmi\Panicware\Pop-Up Stopper Anti-Spyware\PUSAS.EXE"
msnmsgr.exe "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
inetinfo.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe
PavFnSvr.exe "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe"
PavPrSrv.exe "C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe"
gcasDtServ.exe "C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe" -Embedding
PAVSRV51.EXE "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe"
AVENGINE.EXE "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\\AVENGINE.EXE"
PsImSvc.exe "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe"
tcpsvcs.exe C:\WINDOWS\system32\tcpsvcs.exe
svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc
WebProxy.exe "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe" oso_XGCGLR
explorer.exe "C:\WINDOWS\explorer.exe"
alg.exe C:\WINDOWS\System32\alg.exe
CLI.exe "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" -hide Dashboard
notepad.exe "notepad.exe" C:\Documents and Settings\Administrator\Desktop\Logo_Chat.txt
rsvp.exe C:\WINDOWS\system32\rsvp.exe
WinMX.exe "C:\Programmi\WinMX\WinMX.exe"
MXMoniE.exe "C:\Documents and Settings\Administrator\Desktop\Files per Ripristinare il PC\CONDIVISI\WINMX\[AMICI DI PETRO]MXMoni130ITA\MXMoni130ITA\MXMoniE.exe"
msimn.exe "C:\Programmi\Outlook Express\msimn.exe"
IEXPLORE.EXE "C:\Programmi\Internet Explorer\iexplore.exe" -Embedding
appyj.exe "C:\WINDOWS\system32\appyj.exe" /r
ipgn.exe C:\WINDOWS\ipgn.exe
Avciman.exe "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe"
psimreal.exe "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe"
wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe
StartupTracker3.exe "C:\Documents and Settings\Administrator\Desktop\StartupTracker3.exe"
-- Running Services --
Spero possiate aiutarmi
![[applauso]](http://www.megalab.it/forum/images/smilies/clapping.gif "Applauso")
