Olimpo Informatico

[agatina]

sono utente adsl tele2. da ieri (temo di essere stato infettato) la connessione cade ogni 10-15 secondi e nella sezione connessioni internet oltre a evidenziarmi quella che uso (modem trust ecc ecc) mi appare una misteriosa "connessione predefinita", che, anche dopo al rimozione, si ripresenta. ho usato norton, spybot, adware, ma senza esito. giorni fa qualcosa mi cambiava ogni volta il codice utente adsl e dovevo ogni volta reinserirlo, ma poi usando cccleaner non si era piu' verificato. stavolta no. che sara' mai?

[chemicalbit]

Post aun log di HijackThis

[agatina]

ecco il log:
Logfile of HijackThis v1.99.1
Scan saved at 18.38.43, on 29/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\elenina\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINDOWS\System32\ipv6monl.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [msnup] C:\WINDOWS\System32\msnup.exe
O4 - HKLM\..\RunServices: [Microsoft Update] psconv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: Systemcheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinDlService - Unknown owner - C:\Documents and Settings\elenina\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe

[dasio78]

Ciao Agatina!!!

Aspettiamo che arrivino i super esperti a controllare il tuo log.

Nel frattempo ho individuato alcune voci che mi sembrano sospette:

O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINDOWS\System32\ipv6monl.dll

O16 - DPF: {33331111-1111-1111-1111-611111193423} -

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O20 - AppInit_DLLs:

O21 - SSODL: Systemcheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll

O23 - Service: WinDlService - Unknown owner - C:\Documents and Settings\elenina\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe

Vediamo cosa ne dicono i ghostbusters!!!

[aris73]

tutto corretto ma deve anche eliminare
C:\WINDOWS\System32\ipv6monl.dll
C:\WINDOWS\System32\vbsys2.dll

[bdoriano]

Versione definitiva (spero!)
Avvia il pc in modalità provvisoria
Esegui hijackthis
Clicca su do a system scan only
Metti il segno di spunta a queste righe:

[agatina]

fatto
ecco il log aggiornato:

Logfile of HijackThis v1.99.1
Scan saved at 17.41.47, on 31/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\elenina\Impostazioni locali\Temp\Directory temporanea 3 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

[Orange]

ciao, agatina, benvenuta anche dalla parte mia!

il log risulta pulito. riscontri ancora problemi?
segui il consiglio di Bdoriano: installa SP2 al più presto.

[valen-tina]

ho anche io lo stesso problema con istant access dialer D.....xò sn 1 completa ignorante in materia e nn ho capito niente di qnt scritto sopra...c'è qlcn che me lo può spiegare in parole povere?

[bdoriano]

Ciao valen-tina
Scarica questo programma e salvalo in una sua cartella (non sul desktop e non come file temporaneo).
Avvia il programma e clicca su do a system scan and save a log file.
Alla fine della scansione ti si apre il blocco note, seleziona tutto il contenuto e copialo qui, che gli diamo un'occhiata.

[valen-tina]

Ecco qua cs mi è uscito spero che voi riusciate ad aiutarmi:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.06.26, on 31/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Symantec Shared\ccProxy.exe
c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
c:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
c:\Programmi\File comuni\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\funk.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\LeechGet 2004\LeechGet.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\LeechGet 2004\bak\LeechGet.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
C:\my music 2\progr antivirus\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 207.210.117.60 www.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [funk] funk.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Programmi\Nortek Mouse Application\MouseDrv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [LeechGet] "C:\Programmi\LeechGet 2004\LeechGet.exe" -intray
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Scarica con il Wizard di LeechGet - file://C:\Programmi\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Scarica con LeechGet - file://C:\Programmi\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Scarica con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
O8 - Extra context menu item: Scarica pagina con LeechGet - file://C:\Programmi\LeechGet 2004\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E0B1C43-A040-4C0E-BBA0-1B299F8E0081}: NameServer = 193.70.152.15 193.70.152.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9463 bytes

[Orange]

ciao, valen-tina, benvenuta!

disattiva il ripristino di configurazione
avvia in modalità provvisoria
avvia HiJack, seleziona 2Do a system scan only", metti la spunta alle voci segnalate e premi "Fix checked"

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [funk] funk.exe
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com

trova e cancella C:\WINDOWS\system32\funk.exe

scarica FindAWF e Avenger.

avvia FindAWF, si aprirà una finestra dos
premi invio e attendi l'apertura di una pagina del blocco notes
copia il suo contenuto e mettilo qui

[valen-tina]

accidenti che casino...spero di riuscirci e di nn combinare altri casini.
Cmq x scaricare quelle 2 cose ed aliminare C:\WINDOWS\system32\funk.exe lo posso fare subito o lo devo fare in modalità provvisoria dopo aver eseguito il HiJackThis

[bdoriano]

Devi procedere nell'ordine indicato da Orange:
- prima esegui hjt dalla modalità provvisoria
- sistemi le voci che ti ha indicato
- riavvia il pc in modalità normale
- scarichi i findAWF e Avenger
- esegui findAWF e posti qui il log generato

[valen-tina]

ok spero di aver fatto tutto bene...questo è il responso di FindAWF:


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\HP\KBD\BAK

11/02/2003 21.02 61.440 KBD.EXE
1 File 61.440 byte
2 Directory 16.269.176.832 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\D-TOOLS\BAK

27/12/2003 20.43 81.920 daemon.exe
1 File 81.920 byte
2 Directory 16.269.176.832 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\LEECHG~1\BAK

11/01/2004 21.26 642.560 LeechGet.exe
1 File 642.560 byte
2 Directory 16.269.172.736 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 16.269.172.736 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\NORTEK~1\BAK

08/09/2005 16.51 503.808 MouseDrv.exe
1 File 503.808 byte
2 Directory 16.269.172.736 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\SYMNET~1\BAK

05/04/2005 22.51 95.960 SNDMon.exe
1 File 95.960 byte
2 Directory 16.269.172.736 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\WINDOWS\SMINST\BAK

14/04/2004 21.43 233.472 RECGUARD.EXE
1 File 233.472 byte
2 Directory 16.269.172.736 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\WINDOWS\SYSTEM\BAK

07/05/1998 17.04 52.736 hpsysdrv.exe
1 File 52.736 byte
2 Directory 16.269.172.736 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\WINDOWS\SYSTEM32\BAK

07/06/2004 19.44 659.456 hphmon06.exe
20/05/2004 10.47 249.856 keyhook.exe
09/07/2001 12.50 155.648 NeroCheck.exe
16/10/2002 17.57 81.920 ps2.exe
4 File 1.146.880 byte
2 Directory 16.269.172.736 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

12/08/2005 14.43 45.056 cli.exe
1 File 45.056 byte
2 Directory 16.269.172.736 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

24/06/2004 22.10 339.968 atiptaxx.exe
1 File 339.968 byte
2 Directory 16.269.172.736 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

07/10/2004 10.25 70.760 ccApp.exe
1 File 70.760 byte
2 Directory 16.269.168.640 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\HP\{AAC4F~1\BAK

07/06/2004 19.53 49.152 hphupd06.exe
1 File 49.152 byte
2 Directory 16.269.168.640 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\MACROG~1\SWEETIM\BAK

01/01/2006 19.57 40.960 SweetIM.exe
1 File 40.960 byte
2 Directory 16.269.168.640 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK

01/01/2004 13.25 32.881 jusched.exe
1 File 32.881 byte
2 Directory 16.269.168.640 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\PROGRA~1\HELPAN~1\PAVILION\XPHWWBF4\PLUGIN\BIN\BAK

01/01/2004 15.16 159.744 pchbutton.exe
1 File 159.744 byte
2 Directory 16.269.168.640 byte disponibili
Il volume nell'unit? C ? HP_PAVILION
Numero di serie del volume: BC69-D948

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

11/09/2003 05.00 99.840 E_S4I0H2.EXE
1 File 99.840 byte
2 Directory 16.269.168.640 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

23568 29 May 2007 "C:\hp\KBD\KBD.EXE"
61440 11 Feb 2003 "C:\hp\KBD\bak\KBD.EXE"
23568 29 May 2007 "C:\Programmi\D-Tools\daemon.exe"
81920 27 Dec 2003 "C:\Programmi\D-Tools\bak\daemon.exe"
23568 29 May 2007 "C:\Programmi\LeechGet 2004\LeechGet.exe"
642560 11 Jan 2004 "C:\Programmi\LeechGet 2004\bak\LeechGet.exe"
23568 29 May 2007 "C:\Programmi\Nortek Mouse Application\MouseDrv.exe"
503808 8 Sep 2005 "C:\Programmi\Nortek Mouse Application\bak\MouseDrv.exe"
23568 29 May 2007 "C:\Programmi\SymNetDrv\SNDMon.exe"
95960 5 Apr 2005 "C:\Programmi\SymNetDrv\bak\SNDMon.exe"
23568 29 May 2007 "C:\WINDOWS\SMINST\RECGUARD.EXE"
233472 14 Apr 2004 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
23568 29 May 2007 "C:\WINDOWS\system\hpsysdrv.exe"
52736 7 May 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
23568 29 May 2007 "C:\WINDOWS\system32\hphmon06.exe"
659456 7 Jun 2004 "C:\WINDOWS\system32\bak\hphmon06.exe"
23568 29 May 2007 "C:\WINDOWS\system32\keyhook.exe"
249856 20 May 2004 "C:\WINDOWS\system32\bak\keyhook.exe"
23568 29 May 2007 "C:\WINDOWS\system32\NeroCheck.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
23568 29 May 2007 "C:\WINDOWS\system32\ps2.exe"
81920 16 Oct 2002 "C:\hp\drivers\keyboard\PS2.EXE"
81920 16 Oct 2002 "C:\WINDOWS\system32\bak\ps2.exe"
23568 29 May 2007 "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe"
45056 12 Aug 2005 "C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe"
23568 29 May 2007 "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
339968 24 Jun 2004 "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
23568 29 May 2007 "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
70760 7 Oct 2004 "C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe"
58488 24 Aug 2004 "C:\MP3\Norton\Norton2005\Support\ccCommon\ccCommon\ccApp.exe"
23568 29 May 2007 "C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
49152 7 Jun 2004 "C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe"
23568 29 May 2007 "C:\Programmi\Macrogaming\SweetIM\SweetIM.exe"
40960 1 Jan 2006 "C:\Programmi\Macrogaming\SweetIM\bak\SweetIM.exe"
23568 29 May 2007 "C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe"
32881 1 Jan 2004 "C:\Programmi\Java\j2re1.4.2_03\bin\bak\jusched.exe"
23568 29 May 2007 "C:\Programmi\Help and Support Additions\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe"
159744 1 Jan 2004 "C:\Programmi\Help and Support Additions\Pavilion\XPHWWBF4\plugin\bin\bak\pchbutton.exe"
159744 1 Jan 2004 "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe"
99840 11 Sep 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\E_S4I0H2.EXE"
23568 29 May 2007 "C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE"
99840 11 Sep 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I0H2.EXE"


end of report

[Orange]

ciao.

dopo aver scaricato The Avenger, scompattalo sul desktop
avvia Avenger
Seleziona "Input Script Manually"
Clicca sulla lente d'ingrandimento
Ti si apre la finestra "View/edit script"
All'interno del box bianco, copia e incolla il seguente codice:

Citazione:

Files to delete: C:\hp\KBD\KBD.EXE C:\Programmi\D-Tools\daemon.exe C:\Programmi\LeechGet 2004\LeechGet.exe C:\Programmi\Nortek Mouse Application\MouseDrv.exe C:\Programmi\SymNetDrv\SNDMon.exe C:\WINDOWS\SMINST\RECGUARD.EXE C:\WINDOWS\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\system32\ps2.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe C:\Programmi\Help and Support Additions\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE Files to move: C:\hp\KBD\bak\KBD.EXE | C:\hp\KBD\KBD.EXE C:\Programmi\D-Tools\bak\daemon.exe | C:\Programmi\D-Tools\daemon.exe C:\Programmi\LeechGet 2004\bak\LeechGet.exe | C:\Programmi\LeechGet 2004\LeechGet.exe C:\Programmi\Nortek Mouse Application\bak\MouseDrv.exe | C:\Programmi\Nortek Mouse Application\MouseDrv.exe C:\Programmi\SymNetDrv\bak\SNDMon.exe | C:\Programmi\SymNetDrv\SNDMon.exe C:\WINDOWS\SMINST\bak\RECGUARD.EXE | C:\WINDOWS\SMINST\RECGUARD.EXE C:\WINDOWS\system\bak\hpsysdrv.exe | C:\WINDOWS\system\hpsysdrv.exe C:\WINDOWS\system32\bak\hphmon06.exe | C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\bak\keyhook.exe | C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\system32\bak\ps2.exe | C:\WINDOWS\system32\ps2.exe C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe | C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe | C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe | C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe | C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe C:\Programmi\Macrogaming\SweetIM\bak\SweetIM.exe | C:\Programmi\Macrogaming\SweetIM\SweetIM.exe C:\Programmi\Java\j2re1.4.2_03\bin\bak\jusched.exe | C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe C:\Programmi\Help and Support Additions\Pavilion\XPHWWBF4\plugin\bin\bak\pchbutton.exe | C:\Programmi\Help and Support Additions\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I0H2.EXE | C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo manualmente

rifai il log con FindAWF e mettilo qui insieme con il log di Avenger

[agatina]

purtroppo non ho ancora fatto a tempo a scaricare sp2 che ho la netta impressione che, dopo un inizio apparentemente normale, ci sia ancora qualche problemino. mi connetto ma norton mi avvisa di un fantomatico "new network" che crea sul pannello di controllo una nuova connessione predefinita. il nuovo log che ho trovato è questo:

Logfile of HijackThis v1.99.1
Scan saved at 3.36.13, on 01/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\elenina\Impostazioni locali\Temp\Directory temporanea 6 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c220 -w90
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O15 - Trusted Zone: *.p0rt2.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

[valen-tina]

eseguito cm da vostra richiesta

[Orange]

allora, valen-tina, sembra che l'operazione è andata a buon fine.
ora puoi eliminare la connessione che ha creato dialer.

[valen-tina]

grazie tante.....x il fatto che il mio modem si chiamava StarModem ADSL USB MODEM ed invece adesso è StarModem ADSL USB MODEM DIAL-UP....fa qualche differenza?