Ciao, da alcuni giorni mi sono accorto di avere nella cartella temp di windows (2000 sp4) un file impossibile da rimuovere, il cui nome cambia ad ogni avvio. Entrando in modalità provvisoria con prompt dei comandi riesco a rimuovere il file, ma poi questo ricompare all'avvio successivo. L'icona del file rappresenta un simpatico cagnolino

Ho eseguito avast, ad-aware, spybot, CWShredder, Trojan Remover, Stinger ma niente, nessuno di questi è riuscito a dirmi cosa sia quel file...

posto un log di HijackThis, dove in grassetto compare il file anomalo:
codice:
Logfile of HijackThis v1.99.1
Scan saved at 11.14.18, on 12/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Programmi\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\TEMP\WED69D.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.apv/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyapv:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.apv;10.*.*.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O14 - IERESET.INF: START_PAGE_URL=http://it.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://it.msn.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe