Riposto l'hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 21.47.11, on 30/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
e:\programmi\NortonUtilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINNT\Explorer.EXE
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\WINNT\system32\rundll32.exe
E:\Programmi\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\taskmgr.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRar\WinRAR.exe
C:\WINNT\system32\mshta.exe
C:\WINNT\regedit.exe
G:\navsetup.exe
C:\WINNT\system32\msiexec.exe
C:\Programmi\WinRar\WinRAR.exe
C:\Programmi\Winamp\Winamp.exe
C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\Rar$EX69.8860\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts file is located at: C:\WINNT\System32\drivers\etc\hosts
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [APVXDWIN] "e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Programmi\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mov: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3282539265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - e:\programmi\NortonUtilities\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - e:\Prog\Kerio\Personal Firewall\persfw.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\programmi\Norton Speed Disk\nopdb.exe
--------------------------------------------------------------------------------------
E riporto anche la startuplist...fosse mai che proprio lì stesse l'indicazione giusta!
StartupList report, 30/11/2005, 21.42.31
StartupList version: 1.52.2
Started from : C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\Rar$EX69.8860\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
e:\programmi\NortonUtilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINNT\Explorer.EXE
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\WINNT\system32\rundll32.exe
E:\Programmi\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\taskmgr.exe
e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRar\WinRAR.exe
C:\WINNT\system32\mshta.exe
C:\WINNT\regedit.exe
G:\navsetup.exe
C:\WINNT\system32\msiexec.exe
C:\Programmi\WinRar\WinRAR.exe
C:\Programmi\Winamp\Winamp.exe
C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\Rar$EX69.8860\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
EPSON CardMonitor.lnk = C:\Programmi\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
nwiz = nwiz.exe /install
AdslTaskBar = rundll32.exe stmctrl.dll,TaskBar
Synchronization Manager = mobsync.exe /logon
APVXDWIN = "e:\Programmi\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
--------------------------------------------------
Shell & screensaver key from C:\WINNT\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Task Scheduler jobs:
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[Checkers Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/ms ... b31267.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINNT\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/Shar ... vSniff.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINNT\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdat ... /opuc3.cab
[InstallFromTheWeb ActiveX Control]
InProcServer32 = C:\WINNT\Downloaded Program Files\iftw.dll
CODEBASE = http://tw.msi.com.tw/autobios/client/iftwclix.cab
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/Shar ... /cabsa.cab
[MUWebControl Class]
InProcServer32 = C:\WINNT\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftup ... 3282539265
[HouseCall Control]
InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
[MessengerStatsClient Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Me ... b31267.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan ... asinst.cab
[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/C ... 4603935185
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/msnme ... loader.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab
[McFreeScan Class]
InProcServer32 = C:\WINNT\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcafee.com/molbin/iss-l ... cfscan.cab
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\_iu14D2N.tmp|||P
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\system32\webcheck.dll
SysTray: stobject.dll
--------------------------------------------------
End of report, 7.099 bytes
Report generated in 0,313 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
New.net l'ho già disinstallato e riavviato...nada.
Ciao