Grazie mille.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:00, on 23/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\Programmi\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Navision Attain\Database Server\SERVER.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\spnsrvnt.exe
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\system32\msdtc.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
C:\Programmi\McAfee\ProtectionPilot\1.1.1\srvmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\winlogon.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\mdm.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://channel21.int.rit.gm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://intouch.rit.gm.com;http://www.g ... com/;https:\\www.csipac.com;https://portal.opel-vis.de/standard/login.do
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON-OFFICINA] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P14 "EPSON-OFFICINA" /O24 "\\10.50.131.232\epsonoff" /M "Stylus DX3800"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKUS\S-1-5-21-1202660629-2146441571-839522115-1110\..\Run: [internat.exe] internat.exe (User 'srvac-sql2000')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\rnr20.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5751559460
O16 - DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} (WebClientLoader Control) - https://southern.gmbpi.com/MetisWebClie ... Loader.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/ssl/inquiero/ ... 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C78A07-BA16-4E3F-8540-F3B568A14A18}: NameServer = 151.99.125.2,212.131.30.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domit0012.gl
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe
--
End of file - 7366 bytes