Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.45.44, on 25/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Norman\Npm\Bin\Elogsvc.exe
C:\Programmi\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Norman\Npm\Bin\Zanda.exe
C:\Programmi\Norman\npm\bin\nvoy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Norman\Npm\Bin\scheduler.exe
C:\Programmi\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Norman\Nse\Bin\NSESVC.EXE
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\System32\reader_s.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\servises.exe
C:\Documents and Settings\kekko\reader_s.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Norman\Nvc\Bin\Nip.exe
C:\Programmi\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Programmi\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmi\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programmi\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\kekko\reader_s.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Programmi\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240112301625
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.quinordest.it/traffico/AxisCamControl.ocx
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Programmi\LSI SoftModem\agrsmsvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmi\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Programmi\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmi\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programmi\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programmi\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmi\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programmi\Norman\npm\bin\nvoy.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programmi\Norman\Npm\Bin\scheduler.exe

--
End of file - 9114 bytes

ciao

dal log si vedono delle infezioni


Scarica Avenger

http://swandog46.geekstogo.com/avenger.zip

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe
Ora incolla queste righe nella box bianca che si è aperta:


files to delete:
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\kekko\reader_s.exe
C:\WINDOWS\system32\svchost.exe:exe.exe









Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.


scarica questo programma e fai una scansione completa rimuovendo quello che trova

http://software.aiutamici.com/software?ID=11397



Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked





Appena finito posta un log aggiornato di hjt