MegaLab.it

Ho più di un processo winlogon.exe attivo quindi il 100% della CPU. Per favore mi date una mano??
Grazie mille.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:00, on 23/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\Programmi\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Navision Attain\Database Server\SERVER.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\spnsrvnt.exe
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\system32\msdtc.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
C:\Programmi\McAfee\ProtectionPilot\1.1.1\srvmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\winlogon.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\mdm.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://channel21.int.rit.gm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://intouch.rit.gm.com;http://www.g ... com/;https:\\www.csipac.com;https://portal.opel-vis.de/standard/login.do
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON-OFFICINA] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P14 "EPSON-OFFICINA" /O24 "\\10.50.131.232\epsonoff" /M "Stylus DX3800"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKUS\S-1-5-21-1202660629-2146441571-839522115-1110\..\Run: [internat.exe] internat.exe (User 'srvac-sql2000')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\rnr20.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5751559460
O16 - DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} (WebClientLoader Control) - https://southern.gmbpi.com/MetisWebClie ... Loader.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/ssl/inquiero/ ... 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C78A07-BA16-4E3F-8540-F3B568A14A18}: NameServer = 151.99.125.2,212.131.30.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domit0012.gl
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7366 bytes

Virus ?? Worm ??

Scansionato con Avast! e Spybot Search & Destroy ???

direi che si vedono un paio di problemi.
Cancella il file che ti ho indicato in rosso, poi usando lspfix
http://cexx.org/lspfix.htm
rimuovi le voci non valide viste nel 010.

vmanetworking ha scritto:C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\rnr20.dll' missing

volevo ringraziarvi per l'aiuto contunerò dommatina provando a sistemare il mio server.
Ciao

Aiutatemi..sono disperato.
Grazie

posta un nuovo log di hijackthis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:14, on 24/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://channel21.int.rit.gm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://intouch.rit.gm.com;http://www.g ... com/;https:\\www.csipac.com;https://portal.opel-vis.de/standard/login.do
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON-OFFICINA] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P14 "EPSON-OFFICINA" /O24 "\\10.50.131.232\epsonoff" /M "Stylus DX3800"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\msafd.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5751559460
O16 - DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} (WebClientLoader Control) - https://southern.gmbpi.com/MetisWebClie ... Loader.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/ssl/inquiero/ ... 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C78A07-BA16-4E3F-8540-F3B568A14A18}: NameServer = 151.99.125.2,151.99.125.3,212.131.30.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domit0012.gl
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 5672 bytes
ver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7366 bytes

Grazie

i logs di hijackthis vanno fatti in modalità normale...rifallo perpiacere,...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:34, on 24/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\Programmi\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\spnsrvnt.exe
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINNT\system32\cmd.exe
C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://channel21.int.rit.gm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://intouch.rit.gm.com;http://www.g ... com/;https:\\www.csipac.com;https://portal.opel-vis.de/standard/login.do
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON-OFFICINA] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P14 "EPSON-OFFICINA" /O24 "\\10.50.131.232\epsonoff" /M "Stylus DX3800"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKUS\S-1-5-21-1202660629-2146441571-839522115-1110\..\Run: [internat.exe] internat.exe (User 'srvac-sql2000')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5751559460
O16 - DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} (WebClientLoader Control) - https://southern.gmbpi.com/MetisWebClie ... Loader.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/ssl/inquiero/ ... 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C78A07-BA16-4E3F-8540-F3B568A14A18}: NameServer = 151.99.125.2,151.99.125.3,212.131.30.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domit0012.gl
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7146 bytes
Ho il server completamente bloccato..cpu oltre il 100%..

fixa queste:

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domit0012.gl

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:34, on 24/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\Programmi\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\spnsrvnt.exe
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINNT\system32\cmd.exe
C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://channel21.int.rit.gm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://intouch.rit.gm.com;http://www.g ... com/;https:\\www.csipac.com;https://portal.opel-vis.de/standard/login.do
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON-OFFICINA] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P14 "EPSON-OFFICINA" /O24 "\\10.50.131.232\epsonoff" /M "Stylus DX3800"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKUS\S-1-5-21-1202660629-2146441571-839522115-1110\..\Run: [internat.exe] internat.exe (User 'srvac-sql2000')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5751559460
O16 - DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} (WebClientLoader Control) - https://southern.gmbpi.com/MetisWebClie ... Loader.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/ssl/inquiero/ ... 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C78A07-BA16-4E3F-8540-F3B568A14A18}: NameServer = 151.99.125.2,151.99.125.3,212.131.30.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domit0012.gl
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7146 bytes

Non riesco ad uscire ancora su internet..
Ti prego aiutami.
Grazie

le voci sono ancora lì...prova a fixarle in modalità provvisoria...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:32, on 24/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\Programmi\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\taskmgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://channel21.int.rit.gm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://intouch.rit.gm.com;http://www.g ... com/;https:\\www.csipac.com;https://portal.opel-vis.de/standard/login.do
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON-OFFICINA] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P14 "EPSON-OFFICINA" /O24 "\\10.50.131.232\epsonoff" /M "Stylus DX3800"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKUS\S-1-5-21-1202660629-2146441571-839522115-1110\..\Run: [internat.exe] internat.exe (User 'srvac-sql2000')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5751559460
O16 - DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} (WebClientLoader Control) - https://southern.gmbpi.com/MetisWebClie ... Loader.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/ssl/inquiero/ ... 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C78A07-BA16-4E3F-8540-F3B568A14A18}: NameServer = 151.99.125.2,151.99.125.3,212.131.30.42
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 6587 bytes

Che faccio??

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehostinge posta qui il link che ti viene assegnato.

Scusami ma non riesco ad eseguire la scansione perché da internet explorer...
Gli dò fuoco??

scarica systemscan

fai la scansione e al termine carica il file log su www.freefilehosting.net e e postane il link

Il link che mi hai inviato non mi fà accedere alla pagina..hai qualche altro link dove ti posso inviare il log sel systemscan??
Grazie

vmanetworking ha scritto:Il link che mi hai inviato non mi fà accedere alla pagina..hai qualche altro link dove ti posso inviare il log sel systemscan??
Grazie

http://www.wikifortio.com/

Ore 17.40 ancora sta girando sul server..nell'eventualità mi converrebbe ripristinare il SO Windows2000 dal CD??

Buongiorno a tutti ragazzi finalmente systemscan ha prodotto il log il link è http://www.freefilehosting.net/download/NDA3MjM=

Grazie...