logfile HijackThis!!

[fabfab]

Logfile of HijackThis v1.98.0
Scan saved at 18.18.19, on 10/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\Common files\updmgr\updmgr.exe
C:\Programmi\CyberMedia\CMAgent.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
E:\spybotsd13.exe
C:\DOCUME~1\Rosby\IMPOST~1\Temp\is-L14A3.tmp\is-9SGEM.tmp
C:\Programmi\Messenger\msmsgs.exe
E:\sicurezza\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fastweb.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [updmgr] C:\Programmi\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [CyberMedia Agent] "C:\Programmi\CyberMedia\CMAgent.exe" /SU
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Accesso al servizio - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - (no file)
O9 - Extra 'Tools' menuitem: Accesso al servizio - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - (no file)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/506831.exe
O18 - Filter: text/html - {EFE985FF-8617-4F87-8EE3-E64EAFF3A5C0} - C:\Documents and Settings\Rosby\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.15.dat

Il pc non risponde assolutamente bene, XP home edition.
Potreste controllare se è almeno pulito???
Grazie mille

[einj]

salta subito all'occhio questo dialer

http://deposito.hostance.net/dialer/506831.exe

[amvinfe]

Scaricati la versione nuova di HijackThis (è in rilievo) mettila all'interno di una nuova cartella.
Dalla modalità provvisoria seleziona questi valori, clicca su fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O9 - Extra button: Accesso al servizio - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - (no file)
O9 - Extra 'Tools' menuitem: Accesso al servizio - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - (no file)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/506831.exe
O18 - Filter: text/html - {EFE985FF-8617-4F87-8EE3-E64EAFF3A5C0} - C:\Documents and Settings\Rosby\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.15.dat

sempre dalla provvisoria elimina:

C:\WINDOWS\System32\P2P Networking \P2P Networking.exe <===la cartella

V0.15.dat <===se presente.

Riavvia.
Fai una scansione con l'antivirus aggiornato.

Posta un nuovo log di HJT