Avvio connessione internet in automatico.

[greg1]

Ciao a tutti,
da qualche settimana mi succede una cosa molto fastidiosa, appena accendo il PC, mi si apre automaticamente la pagina di "explorer" e contestualmente anche la finestra di connessione.
Ho passato il sistema sia con AVG che con AD aware, ma mi dice che è tutto a posto.
Secondo Voi, cos'altro dovrei provare?
Grazie

[JANKO]

Quote:

Originariamente inviato da greg1

Ciao a tutti,
da qualche settimana mi succede una cosa molto fastidiosa, appena accendo il PC, mi si apre automaticamente la pagina di "explorer" e contestualmente anche la finestra di connessione.
Ho passato il sistema sia con AVG che con AD aware, ma mi dice che è tutto a posto.
Secondo Voi, cos'altro dovrei provare?
Grazie

installa kerio chiudi le porte e vieta tutte le uscite
e vedi se si apre una finestra di kerio col nome dell applicazione che tenta di accedere a internet.

[RikShield]

Usare anche Microsoft o Giant Antispyware???....

[bluepix]

Sperando di non incorrere nelle ire di kim1010 , ti direi di postare il log di Hijackthis.

[greg1]

proverò a scaricalo.

[greg1]

come richiesto...

Logfile of HijackThis v1.99.1
Scan saved at 23.07.40, on 21/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
D:\programmi\Common\Bin\WinCinemaMgr.exe
D:\programmi\wayjet\RemoteCtl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\E_SSRP03.EXE
C:\WINDOWS\system32\slserv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgentNT.exe
C:\Programmi\File comuni\EPSON\EBAPI\EBRR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Davide\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 82.179.166.192 new-search.net
O1 - Hosts: 82.179.166.190 x-google.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\programmi\clonecd\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmi\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE /A "C:\WINDOWS\system32\E_S6.tmp"
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\programmi\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\programmi\office\Office\Office\OSA9.EXE
O4 - Global Startup: PC-TV FM Remote Control.lnk = D:\programmi\wayjet\RemoteCtl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.it/redirect/dial_up
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4295A1C4-872A-47E3-9DFF-DB875DB4F605}: NameServer = 130.244.127.161,130.244.127.169
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF5035C8-2AB5-48AF-AE20-591A461011F2}: NameServer = 80.17.209.204 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4295A1C4-872A-47E3-9DFF-DB875DB4F605}: NameServer = 130.244.127.161,130.244.127.169
O17 - HKLM\System\CS2\Services\Tcpip\..\{4295A1C4-872A-47E3-9DFF-DB875DB4F605}: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{4295A1C4-872A-47E3-9DFF-DB875DB4F605}: NameServer = 130.244.127.161,130.244.127.169
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: EPSON STM Service03 (EPSON_PM_RPC_03) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_SSRP03.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgentNT.exe

[bluepix]

Da fixare:
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 82.179.166.192 new-search.net
O1 - Hosts: 82.179.166.190 x-google.net
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmi\Internet Explorer\iexplore.exe
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)

cancellerei tutta la directory:
C:\WINDOWS\nsdb\