allora.... ecco il log fatto con hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 14.55.49, on 11/09/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\Programmi\File comuni\Symantec Shared\ccProxy.exe
F:\Programmi\Norton Internet Security\ISSVC.exe
F:\WINNT\system32\svchost.exe
F:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
F:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
F:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\spoolsv.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\System32\mgabg.exe
F:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\system32\stisvc.exe
F:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\mspmspsv.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\System32\PDesk\PDesk.exe
F:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
F:\Programmi\File comuni\Symantec Shared\ccApp.exe
F:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\Programmi\Java\j2re1.4.2_11\bin\jusched.exe
F:\WINNT\Mixer.exe
F:\Programmi\ewido anti-spyware 4.0\ewido.exe
F:\WINNT\system32\ctfmon.exe
F:\PVSW\Bin\W3DBSMGR.EXE
F:\Programmi\MailWasher\MailWasher.exe
F:\Programmi\Mozilla Firefox\firefox.exe
F:\Programmi\Norton Internet Security\Norton AntiVirus\OPScan.exe
F:\Programmi\Norton Internet Security\ccEmFlSv.exe
F:\Programmi\WinRAR\WinRAR.exe
F:\DOCUME~1\BILLGA~1\IMPOST~1\Temp\Rar$EX00.866\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.credem.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmi\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] F:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] F:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [ccApp] "F:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programmi\Java\j2re1.4.2_11\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [!ewido] "F:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Free Internet Window Washer] F:\PROGRA~1\FREEIN~1\Clearpch.exe -Start
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = F:\PVSW\Bin\W3DBSMGR.EXE
O8 - Extra context menu item: &Cerca con Google -
res://f:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano -
res://f:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso -
res://f:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili -
res://f:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina -
res://f:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINNT\system32\msjava.dll
O16 - DPF: FIRMAWIN -
https://smallweb.credem.it/SmallWeb/applet/FIRMAWIN.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) -
https://java.sun.com/products/plugin/au ... s-i586.cab
O23 - Service: Abilitazione SISTEMI su f spring - Unknown owner - f:\spring\SRVANY.EXE (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - F:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - F:\WINNT\System32\mgabg.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - F:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - F:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe