Logfile of HijackThis v1.99.0
Scan saved at 15.25.26, on 08/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\netstub.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\msc32.exe
C:\WINNT\system32\apphost.exe
C:\WINNT\si.exe
C:\WINNT\system32\scvhvst.exe
C:\WINNT\SYSCFG16.EXE
C:\WINNT\system32\lsass32.exe
C:\WINNT\system32\MoneyMgr32.exe
C:\WINNT\system32\msc23.exe
C:\WINNT\system32\winampa.exe
C:\Documents and Settings\Administrator\Dati applicazioni\sgrunt\IE4321.exe
C:\WINNT\system32\firewalled.exe
C:\WINNT\system32\mssrvs.exe
C:\WINNT\system32\WireConnect.exe
C:\WINNT\system32\svhost.exe
C:\WINNT\system32\msgfix.exe
C:\WINNT\system32\Nxcxtpr.exe
C:\WINNT\system32\nese.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\netstub.exe
C:\WINNT\system32\apphost.exe
C:\Documents and Settings\Administrator\Dati applicazioni\rois.exe
C:\WINNT\system32\scvhvst.exe
C:\WINNT\system32\winampa.exe
C:\WINNT\system32\servenxpp.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\firewalled.exe
C:\WINNT\system32\svhost.exe
C:\WINNT\system32\WireConnect.exe
C:\WINNT\system32\msgfix.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\WINNT\system32\syswork.exe
C:\WINNT\system32\netreg.exe
C:\Programmi\ThinkPad\Utilities\tponscr.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NetStubler] netstub.exe
O4 - HKLM\..\Run: [Bcvsrv32] msc32.exe
O4 - HKLM\..\Run: [Configuration] apphost.exe
O4 - HKLM\..\Run: [REGRUN] C:\WINNT\si.exe
O4 - HKLM\..\Run: [Microsoft Office Studio] scvhvst.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [Dll loader Windows] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [lsass32] lsass32.exe
O4 - HKLM\..\Run: [MoneyMgr32.exe] MoneyMgr32.exe
O4 - HKLM\..\Run: [msc23] msc23.exe
O4 - HKLM\..\Run: [Configurationz Loaderz] winampa.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Administrator\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [Computing Technologie Firewall] firewalled.exe
O4 - HKLM\..\Run: [mssrvs01] mssrvs.exe
O4 - HKLM\..\Run: [wuauclt] c:\winnt\system32\drivers\start.bat
O4 - HKLM\..\Run: [Wireless Conections] WireConnect.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] svhost.exe
O4 - HKLM\..\Run: [Configuration Loader] msgfix.exe
O4 - HKLM\..\Run: [winapildr] C:\windows\system\fuck.bat
O4 - HKLM\..\Run: [Microsoft Office] Nxcxtpr.exe
O4 - HKLM\..\Run: [NDIS Adapter] servenxpp.exe
O4 - HKLM\..\Run: [Help Temp Files] netreg.exe
O4 - HKLM\..\Run: [Working System Analyzer] syswork.exe
O4 - HKLM\..\Run: [Microsoft Neser Experience] nese.exe
O4 - HKLM\..\RunServices: [Bcvsrv32] msc32.exe
O4 - HKLM\..\RunServices: [NetStubler] netstub.exe
O4 - HKLM\..\RunServices: [Configuration] apphost.exe
O4 - HKLM\..\RunServices: [Microsoft Office Studio] scvhvst.exe
O4 - HKLM\..\RunServices: [lsass32] lsass32.exe
O4 - HKLM\..\RunServices: [MoneyMgr32.exe] MoneyMgr32.exe
O4 - HKLM\..\RunServices: [msc23] msc23.exe
O4 - HKLM\..\RunServices: [Configurationz Loaderz] winampa.exe
O4 - HKLM\..\RunServices: [Computing Technologie Firewall] firewalled.exe
O4 - HKLM\..\RunServices: [mssrvs01] mssrvs.exe
O4 - HKLM\..\RunServices: [Wireless Conections] WireConnect.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] svhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] msgfix.exe
O4 - HKLM\..\RunServices: [Microsoft Office] Nxcxtpr.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] servenxpp.exe
O4 - HKLM\..\RunServices: [Help Temp Files] netreg.exe
O4 - HKLM\..\RunServices: [Working System Analyzer] syswork.exe
O4 - HKLM\..\RunServices: [Microsoft Neser Experience] nese.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] servenxpp.exe
O4 - HKLM\..\RunOnce: [Working System Analyzer] syswork.exe
O4 - HKLM\..\RunOnce: [Help Temp Files] netreg.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NetStubler] netstub.exe
O4 - HKCU\..\Run: [Configuration] apphost.exe
O4 - HKCU\..\Run: [Sesa] C:\Documents and Settings\Administrator\Dati applicazioni\rois.exe
O4 - HKCU\..\Run: [Microsoft Office Studio] scvhvst.exe
O4 - HKCU\..\Run: [Help Temp Files] netreg.exe
O4 - HKCU\..\Run: [Configurationz Loaderz] winampa.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Computing Technologie Firewall] firewalled.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] svhost.exe
O4 - HKCU\..\Run: [Wireless Conections] WireConnect.exe
O4 - HKCU\..\Run: [Configuration Loader] msgfix.exe
O4 - HKCU\..\Run: [Internet Explorer] IE.EXE
O4 - HKCU\..\Run: [Microsoft Office] Nxcxtpr.exe
O4 - HKCU\..\Run: [NDIS Adapter] servenxpp.exe
O4 - HKCU\..\Run: [Working System Analyzer] syswork.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] servenxpp.exe
O4 - HKCU\..\RunOnce: [Help Temp Files] netreg.exe
O4 - HKCU\..\RunOnce: [Working System Analyzer] syswork.exe
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {31F11DFA-3A23-4BC0-89B4-2FB3FB43525B} (Pro_Web016.ProWeb016) - http://sessogratis.net/ProWeb016.CAB
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4595
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C7CF4846-0324-4B83-B810-C4BF61029E02} (Pro_Web04.ProWeb604) - http://67.15.5.151/ProWeb604.CAB
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1019465.exe
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://195.225.169.17/access/dia/adult.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/closer/close.exe
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programmi\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: fbxqz - Unknown - \\37.255.16.214\admin$\dnssvc32.exe (file missing)
O23 - Service: IBM PM Service - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: mmswzw - Unknown - \\37.9.234.82\ADMIN$\mssrvs32.exe (file missing)
O23 - Service: rjkpr - Unknown - \\37.9.234.82\ADMIN$\MoneyMgr32.exe (file missing)
O23 - Service: srdumfx - Unknown - \\37.9.234.82\ADMIN$\mssrvs32.exe (file missing)

Ciao Faccino

il sistema e molto infetto, esegui queste operazioni

scarica i programmi AD-AWARE e SPYBOT da questo indirizzo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N
installali e aggiornali

poi riavvia il computer in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

e in modalità provvisoria fai ripetute scansioni con Adaware e Spybot e con un programma Antivirus

riavvia in modalità provvisoria e fai nuovamente le scansioni, fino a che questi programmi non eliminano tutti i problemi

quindi rimandami il log di Hijack da fare in modalità normale.

---

Collaboratore Aiutamici