Salve a tutti ho un problema che non risolvere, una strano dialer ad un certo punto mi appare una finestrella con scritto 0001 con una connessione strana e dei vari pop up,ho letto le altre discussioni ma non trovo nulla di simile, oltre a quello ogni volta che apro una pagina di mozzilla mi si apre un sotto pop up che poi si chiude in automatico, ho provato Avg antispyware,avast antivirus,addware S&D ho trovato varie cose tutto cancellato ma niente risolto...per non parlare della lentezza del pc in se stesso questo è il log,....

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.28.12, on 21/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\firefox\firefox.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Documents and Settings\utente\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=???
?
F3 - REG:win.ini: run=???
?
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\utente\6211217.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CT id=e codeBase=http://www.www2.p0rt2.com/files/epl30bf2.cab classid=clsid:33331111-1111-1111-1111-615111193427} -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBD019CD-7A20-453A-A05C-15BA9659909A}: NameServer = 85.255.115.116,85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.116 85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.116 85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.116 85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.116 85.255.112.169
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5378 bytes

Questo è tutto grazie...



P.s un altra cosetta gia che ci sono,sono provato ad andare su youtube ma non sento gli audio dei filmati,se alzo tutto il volume lo setto in un sottofondo estremo,non capisco il perchè, per esempio filmati ed audio che ho nel pc li sento molto bene, devo però segnalare una cosa che non so se centri, quando ho fatto il controllo con Avg mi ha trovato dei file infetti dentro la cartella Java che ho cancellato...possa dipendere da quello?
Ringrazio in anticipo...ciao!

Scusatemi ho anche notato che oltre non andare i suoni su youtube non sento neppure un semplice Bip di windows e si che i settaggi sono tutti al massimo e tutti attivati...

DA FIXARE:

F3 - REG:win.ini: load=???

F3 - REG:win.ini: run=???

O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\utente\6211217.dll

O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {CT id=e codeBase=http://www.www2.p0rt2.com/files/epl30bf2.cab classid=clsid:33331111-1111-1111-1111-615111193427}

O17 - HKLM\System\CCS\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169

O17 - HKLM\System\CCS\Services\Tcpip\..\{EBD019CD-7A20-453A-A05C-15BA9659909A}: NameServer = 85.255.115.116,85.255.112.169

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.116 85.255.112.169

O17 - HKLM\System\CS1\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.116 85.255.112.169

O17 - HKLM\System\CS2\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.116 85.255.112.169

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.116 85.255.112.169

O20 - AppInit_DLLs:

Dopo aver fixato le voci che ti ho detto, fai una scansione con Gmer e vedi se ti da voci in rosso.

togli avast e metti active virus shield o antivir per lo meno usiamo un antivirus decente

togli avast e metti active virus shield o antivir per lo meno usiamo un antivirus decente

stra quoto...;)

Parli di questo gmer ? http://www.ilsoftware.it/querydl.asp?ID=967
Ora lo scarico e lo lancio...
E grazie per l info ora scarico anche antivir
va bene avg antispyware e s&d per i troyan e spyware?


p.sRingrazio tutti per l'aiuto.

Parli di questo gmer ? http://www.ilsoftware.it/querydl.asp?ID=967
Ora lo scarico e lo lancio...
E grazie per l info ora scarico anche antivir
va bene avg antispyware e s&d per i troyan e spyware?


p.sRingrazio tutti per l'aiuto.

per quanto riguarda spybot s&d ormai è un po' antiquato, o comunque c'è di meglio....io ti consiglierei a-squared free...;)

per quanto riguarda spybot s&d ormai è un po' antiquato, o comunque c'è di meglio....io ti consiglierei a-squared free...;)

Eccomi qua allora mi trova due file...

1)c:\windows\csrs.exe (processi)
2)c:\window\system32\windev-38be-443f.sys (servizzi)

e questo e il log finale di hj

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.43.44, on 21/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\utente\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 4414 bytes

se non sai di cosa si tratta, cancella anche i seguenti con Hijackthis:

O17 - HKLM\System\CCS\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169

O17 - HKLM\System\CS1\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169

Le voci in rosso, con Gmer, sei riuscito ad eliminarle?

scarica questo
http://swandog46.geekstogo.com/avenger.zip
scompattalo avvia il programma seleziona imput script manually premi sulla lente di ingrandimento e inserisci lo script

Files to delete:
c:\windows\csrs.exe
c:\window\system32\windev-38be-443f.sys

premi ok premi sue volte il semaforo rosso e segui le istruzioni a schermo; se il pc non si riavvia fallo tu al riavvia ti comparirà un log; postalo

scarica questo
http://swandog46.geekstogo.com/avenger.zip
scompattalo avvia il programma seleziona imput script manually premi sulla lente di ingrandimento e inserisci lo script

Files to delete:
c:\windows\csrs.exe
c:\window\system32\windev-38be-443f.sys

premi ok premi sue volte il semaforo rosso e segui le istruzioni a schermo; se il pc non si riavvia fallo tu al riavvia ti comparirà un log; postalo

Ok fatto tutto cancellati entrambi...dovrei essere pulito?:D

problemi?

problemi?

Rieccomi ieri tutto ok, oggi riaccendo il pc ed ecco ancora la finestra 0001...ho fatto tutto quello ke mi avete detto :(

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.00.06, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\firefox\firefox.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Documents and Settings\utente\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 4420 bytes

le seguenti stringhe le avevi cancellate giusto??

O17 - HKLM\System\CCS\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169

O17 - HKLM\System\CS1\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169

comunque ti consiglio di installare al più presto Antivir...;)

le seguenti stringhe le avevi cancellate giusto??

O17 - HKLM\System\CCS\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169

O17 - HKLM\System\CS1\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.115.116 85.255.112.169

hai ragione le avevo tralasciate poi, le cancello immediatamente!!

hai ragione le avevo tralasciate poi, le cancello immediatamente!!

ok...vediamo se sono quelle l'ultimo ostacolo...:sperem: :sperem:

poi fai una scan con gmer

aspetta ho avuto anchio una finestra simile(0004)controlla immediatamente questo percorso
apri explorer vai in strumenti\opzioni internet\connessioni
in impostazioni connessioni remote e apparso la parola "service"?

aspetta ho avuto anchio una finestra simile(0004)controlla immediatamente questo percorso
apri explorer vai in strumenti\opzioni internet\connessioni
in impostazioni connessioni remote e apparso la parola "service"?

Rieccomi no non ce nulla sl la mia conessione però ogni volta che avvio il pc niente da fare appare sempre quel dialer...

riecco il log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.03.29, on 23/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\firefox\firefox.exe
C:\Documents and Settings\utente\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.116.76 85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBD019CD-7A20-453A-A05C-15BA9659909A}: NameServer = 85.255.116.76,85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\..\{460EEED8-AB35-46AA-8D68-6EFB941EE9B1}: NameServer = 85.255.116.76 85.255.112.197
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 4735 bytes

e con il programma da voi consigliato nessuna stringa in rosso..

controlla in window\temp e dimmi ksa trovi

controlla in window\temp e dimmi ksa trovi

Sn colmo di roba, ho due cartelle una vuota una con nome avast, e un mare di file tra cui un exe di nome2F7D3830

Sn colmo di roba, ho due cartelle una vuota una con nome avast, e un mare di file tra cui un exe di nome2F7D3830

Che devo fare?:mc: