spyware, log di hijackthis

[cicciuzzo]

è da qualche giorno che quando avvio il browser ie mi compare automaticamente in home page quick web search, si aprono dei pop up strani e tra i preferiti mi vengono aggiunti dei collegamenti a siti pornografici o di vendita di medicine.
ho seguito i vostri consigli sul forum. ho aggiornato il sistema operativo (windowsupdate), ho aggiornato e fatto girare norton antivirus, ad-aware e spybot ma niente da fare.
ho quindi scaricato hijackthis di cui allego il log.
spero che qualcuno mi possia aiutare.
grazie, cicciuzzo.

Logfile of HijackThis v1.99.1
Scan saved at 0.43.26, on 29/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\atlej.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\WINDOWS\mser32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mzbcd.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mzbcd.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mzbcd.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mzbcd.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mzbcd.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mzbcd.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {229FBE4F-22E5-1C6A-14A8-91F46DF45208} - C:\WINDOWS\system32\crwz.dll (file missing)
O2 - BHO: Class - {24B03FDF-5DE1-270C-11C7-3A22B612A1ED} - C:\WINDOWS\mfcaa32.dll (file missing)
O2 - BHO: Class - {38A13BE2-44E2-8EAD-D101-458EB7B89D67} - C:\WINDOWS\system32\javadg32.dll
O2 - BHO: Class - {516B05B7-D345-D25A-1547-83C52F819898} - C:\WINDOWS\ipxb32.dll (file missing)
O2 - BHO: Class - {5E314854-69AB-EB7F-41C9-6CC1464FC685} - C:\WINDOWS\system32\atlex.dll (file missing)
O2 - BHO: Class - {B37338CB-DC89-F6A6-BA8B-AEF4D740566E} - C:\WINDOWS\msuq32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C9927A71-926F-63DD-BAF8-F1DFAA3A18E5} - C:\WINDOWS\iejc32.dll (file missing)
O2 - BHO: Class - {D9EE2F1D-DFCC-D9C2-15FF-E71DFED7AE32} - C:\WINDOWS\croo.dll (file missing)
O2 - BHO: Class - {E4102D77-E15D-8544-33F6-338AF25B6C71} - C:\WINDOWS\netzf.dll (file missing)
O2 - BHO: Class - {E8FB1E0C-25B6-CDB0-F49F-735F26C5DD86} - C:\WINDOWS\appgl32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [acCW] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰üžiC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]­ú"ü‰üžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰¸u0C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Programmi\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [msxw.exe] C:\WINDOWS\msxw.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\itDDD.exe
O4 - HKLM\..\Run: [TemplateDongle] gabber.exe
O4 - HKLM\..\Run: [stuffmon] startman.exe
O4 - HKLM\..\Run: [ipgo.exe] C:\WINDOWS\ipgo.exe
O4 - HKLM\..\Run: [mser32.exe] C:\WINDOWS\mser32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CSRSSW] C:\WINDOWS\System32\CSRSSW.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WareOut] "C:\Programmi\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [utsgmon] iehelper.exe
O4 - HKCU\..\Run: [SYSTRAV] runload32.exe
O4 - HKCU\..\Run: [panel_its] sysconf16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.skymasters.biz
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04b03cb6b1a ... 601_it.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gampr-it/itp/games3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {D35B74F6-E099-4CDD-91E0-9EA7C30059D1} (Main Class) - http://www.dialer-shop.com/webdial/webdial24106.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlej.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

[Luke9792005]

Ciao.

Accipicchia che assortimento...

Prima di tutto, leggi questa utile guida:
http://www.pc-facile.com/guida_hijackthis_t148946/

Fixa con HijackThis i seguenti elementi, seguendo le indicazioni che trovi nella guida suddetta:

C:\WINDOWS\mser32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mzbcd.dll/sp.html#55135

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mzbcd.dll/sp.html#55135

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mzbcd.dll/sp.html#55135

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mzbcd.dll/sp.html#55135

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mzbcd.dll/sp.html#55135

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mzbcd.dll/sp.html#55135

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {229FBE4F-22E5-1C6A-14A8-91F46DF45208} - C:\WINDOWS\system32\crwz.dll (file missing)

O2 - BHO: Class - {24B03FDF-5DE1-270C-11C7-3A22B612A1ED} - C:\WINDOWS\mfcaa32.dll (file missing)

O2 - BHO: Class - {38A13BE2-44E2-8EAD-D101-458EB7B89D67} - C:\WINDOWS\system32\javadg32.dll

O2 - BHO: Class - {516B05B7-D345-D25A-1547-83C52F819898} - C:\WINDOWS\ipxb32.dll (file missing)

O2 - BHO: Class - {5E314854-69AB-EB7F-41C9-6CC1464FC685} - C:\WINDOWS\system32\atlex.dll (file missing)

O2 - BHO: Class - {B37338CB-DC89-F6A6-BA8B-AEF4D740566E} - C:\WINDOWS\msuq32.dll (file missing)

O2 - BHO: Class - {C9927A71-926F-63DD-BAF8-F1DFAA3A18E5} - C:\WINDOWS\iejc32.dll (file missing)

O2 - BHO: Class - {D9EE2F1D-DFCC-D9C2-15FF-E71DFED7AE32} - C:\WINDOWS\croo.dll (file missing)

O2 - BHO: Class - {E4102D77-E15D-8544-33F6-338AF25B6C71} - C:\WINDOWS\netzf.dll (file missing)

O2 - BHO: Class - {E8FB1E0C-25B6-CDB0-F49F-735F26C5DD86} - C:\WINDOWS\appgl32.dll (file missing)

O2 - BHO: Class - {E8FB1E0C-25B6-CDB0-F49F-735F26C5DD86} - C:\WINDOWS\appgl32.dll (file missing)

O4 - HKLM\..\Run: [acCW] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [¢‰¸u0–4C

}ïÁzî[8C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [¢‰¸u0–4C

}ïÁzîžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰üžiC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]­ú"ü‰üžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰¸u0C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [msxw.exe] C:\WINDOWS\msxw.exe

O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\itDDD.exe

O4 - HKLM\..\Run: [TemplateDongle] gabber.exe Sai di cosa si tratta?

O4 - HKLM\..\Run: [stuffmon] startman.exe

O4 - HKLM\..\Run: [ipgo.exe] C:\WINDOWS\ipgo.exe

O4 - HKLM\..\Run: [mser32.exe] C:\WINDOWS\mser32.exe

O4 - HKCU\..\Run: [CSRSSW] C:\WINDOWS\System32\CSRSSW.EXE

O4 - HKCU\..\Run: [utsgmon] iehelper.exe

O4 - HKCU\..\Run: [SYSTRAV] runload32.exe

O4 - HKCU\..\Run: [panel_its] sysconf16.exe

O15 - Trusted Zone: *.awmdabest.com

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: http://www.redfunny.com

O15 - Trusted Zone: http://www.skymasters.biz

O15 - Trusted Zone: *.awmdabest.com (HKLM)

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O15 - Trusted IP range: 206.161.125.149 Questo l'hai inserito tu?

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gampr-it/itp/games3.cab Conosci questo sito?

O16 - DPF: {D35B74F6-E099-4CDD-91E0-9EA7C30059D1} (Main Class) - http://www.dialer-shop.com/webdial/webdial24106.cab Conosci questo sito?

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlej.exe

Ciao

[cicciuzzo]

ciao.
ho letto la guida di hijackthis e fixato gli elementi indicati (a parte che nella finestra non si può fixare c:\windows\mser32.exe) ma la home page quick web search, i pop up e l'aggiunta di preferiti indesiderati si sono ripresentati come prima.
ho fatto il restore del backup e ho fatto di nuovo girare hijackthis ma il log è diverso da quello di prima (ci sono delle voci nuove).
ma il log cambia ogni volta?
non so più cosa fare!

[Luke9792005]

Ciao.

Hai fixato gli elementi da modalità provvisoria? Il log può cambiare nel senso che alcuni spywares e malware e simili, si ricreano con un nome diverso.

Ciao

[cicciuzzo]

ciao,
ho provato anche in modalità provvisoria ma quick web search non ne vuole sapere.
ho provato per tentativi con hijackthis (fixando e facendo il restore), ma è rimasto tutto come prima, e poi ho paura di combinare qualche casino.
cosa posso fare?
grazie per l'aiuto.
ciao.

[Luke9792005]

Ciao.

Ma in che senso non ne vuole sapere? Viene mostrato qualche errore?

Nuovo log, please.

Ciao

[cicciuzzo]

ciao,
intanto grazie perchè stai cercando di aiutarmi.
nel topic precedente intendevo dire che una volta fixati gli elementi (in modalità provvisolria) e riavviando non cambia nulla; si riapre i.e. con la pagina quick web search (+pop up+aggiunta di preferiti). non viene mostrato nessun errore particolare.
mi sono dimeticato di dirti che ogni tanto si apre una finestra con il messaggio "your computer might be at risk". se clicco su "no" alla proposta di approfondimenti si apre la finestra per scaricare il file chmhelp.chm dal sito searchclick.cc.
non so più cosa fare!!!
in ogni caso allego il nuovo log di hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 19.28.45, on 02/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pgvsq.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pgvsq.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pgvsq.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pgvsq.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pgvsq.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {229FBE4F-22E5-1C6A-14A8-91F46DF45208} - C:\WINDOWS\system32\crwz.dll (file missing)
O2 - BHO: Class - {24B03FDF-5DE1-270C-11C7-3A22B612A1ED} - C:\WINDOWS\mfcaa32.dll (file missing)
O2 - BHO: Class - {38A13BE2-44E2-8EAD-D101-458EB7B89D67} - C:\WINDOWS\system32\javadg32.dll
O2 - BHO: Class - {516B05B7-D345-D25A-1547-83C52F819898} - C:\WINDOWS\ipxb32.dll (file missing)
O2 - BHO: Class - {5E314854-69AB-EB7F-41C9-6CC1464FC685} - C:\WINDOWS\system32\atlex.dll (file missing)
O2 - BHO: Class - {62026EB5-3C45-5744-16C6-2CBC1984230B} - C:\WINDOWS\system32\ntqo.dll
O2 - BHO: Class - {B37338CB-DC89-F6A6-BA8B-AEF4D740566E} - C:\WINDOWS\msuq32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C14A63C4-80B0-D977-7CCE-440563F34821} - C:\WINDOWS\syseq.dll
O2 - BHO: Class - {C9927A71-926F-63DD-BAF8-F1DFAA3A18E5} - C:\WINDOWS\iejc32.dll (file missing)
O2 - BHO: Class - {D9EE2F1D-DFCC-D9C2-15FF-E71DFED7AE32} - C:\WINDOWS\croo.dll (file missing)
O2 - BHO: Class - {E4102D77-E15D-8544-33F6-338AF25B6C71} - C:\WINDOWS\netzf.dll (file missing)
O2 - BHO: Class - {E8FB1E0C-25B6-CDB0-F49F-735F26C5DD86} - C:\WINDOWS\appgl32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Programmi\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [d3fz.exe] C:\WINDOWS\d3fz.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [mser32.exe] C:\WINDOWS\mser32.exe
O4 - HKLM\..\Run: [acCW] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]­ú"ü‰üžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [ipgo.exe] C:\WINDOWS\ipgo.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [msxw.exe] C:\WINDOWS\msxw.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰¸u0C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰üžiC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe
O4 - HKLM\..\Run: [stuffmon] startman.exe
O4 - HKLM\..\Run: [TemplateDongle] gabber.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\itDDD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WareOut] "C:\Programmi\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [CSRSSW] C:\WINDOWS\System32\CSRSSW.EXE
O4 - HKCU\..\Run: [SYSTRAV] runload32.exe
O4 - HKCU\..\Run: [panel_its] sysconf16.exe
O4 - HKCU\..\Run: [utsgmon] iehelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.skymasters.biz
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04b03cb6b1a ... 601_it.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

grazie ancora.
ciao.

[Luke9792005]

Ciao.

Ho già un paio di idee in mente, ma prima vorrei verificare alcune cose nel nuovo log. Quindi, fixa da modalità provvisoria le seguenti voci, e posta il nuovo log (ovviamente dopo aver riavviato in modalità normale):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mzbcd.dll/sp.html#55135

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pgvsq.dll/sp.html#55135

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pgvsq.dll/sp.html#55135

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pgvsq.dll/sp.html#55135

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pgvsq.dll/sp.html#55135

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {229FBE4F-22E5-1C6A-14A8-91F46DF45208} - C:\WINDOWS\system32\crwz.dll (file missing)

O2 - BHO: Class - {24B03FDF-5DE1-270C-11C7-3A22B612A1ED} - C:\WINDOWS\mfcaa32.dll (file missing)

O2 - BHO: Class - {38A13BE2-44E2-8EAD-D101-458EB7B89D67} - C:\WINDOWS\system32\javadg32.dll

O2 - BHO: Class - {516B05B7-D345-D25A-1547-83C52F819898} - C:\WINDOWS\ipxb32.dll (file missing)

O2 - BHO: Class - {5E314854-69AB-EB7F-41C9-6CC1464FC685} - C:\WINDOWS\system32\atlex.dll (file missing)

O2 - BHO: Class - {62026EB5-3C45-5744-16C6-2CBC1984230B} - C:\WINDOWS\system32\ntqo.dll

O2 - BHO: Class - {B37338CB-DC89-F6A6-BA8B-AEF4D740566E} - C:\WINDOWS\msuq32.dll (file missing)

O2 - BHO: Class - {C14A63C4-80B0-D977-7CCE-440563F34821} - C:\WINDOWS\syseq.dll

O2 - BHO: Class - {C9927A71-926F-63DD-BAF8-F1DFAA3A18E5} - C:\WINDOWS\iejc32.dll (file missing)

O2 - BHO: Class - {D9EE2F1D-DFCC-D9C2-15FF-E71DFED7AE32} - C:\WINDOWS\croo.dll (file missing)

O2 - BHO: Class - {E4102D77-E15D-8544-33F6-338AF25B6C71} - C:\WINDOWS\netzf.dll (file missing)

O2 - BHO: Class - {E8FB1E0C-25B6-CDB0-F49F-735F26C5DD86} - C:\WINDOWS\appgl32.dll (file missing)

O4 - HKLM\..\Run: [d3fz.exe] C:\WINDOWS\d3fz.exe

O4 - HKLM\..\Run: [¢‰¸u0–4C

}ïÁzîžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [mser32.exe] C:\WINDOWS\mser32.exe

O4 - HKLM\..\Run: [acCW] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]­ú"ü‰üžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [ipgo.exe] C:\WINDOWS\ipgo.exe

O4 - HKLM\..\Run: [¢‰¸u0–4C

}ïÁzî[8C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [msxw.exe] C:\WINDOWS\msxw.exe

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰¸u0C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰üžiC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\urfop.exe

O4 - HKLM\..\Run: [stuffmon] startman.exe

O4 - HKLM\..\Run: [TemplateDongle] gabber.exe

O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\itDDD.exe

O4 - HKCU\..\Run: [WareOut] "C:\Programmi\WareOut\WareOut.exe"

O4 - HKCU\..\Run: [CSRSSW] C:\WINDOWS\System32\CSRSSW.EXE

O4 - HKCU\..\Run: [SYSTRAV] runload32.exe

O4 - HKCU\..\Run: [panel_its] sysconf16.exe

O4 - HKCU\..\Run: [utsgmon] iehelper.exe

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: http://www.redfunny.com

O15 - Trusted Zone: http://www.skymasters.biz

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O15 - Trusted IP range: 206.161.125.149

O15 - Trusted IP range: 206.161.125.149

Fammi sapere.

Ciao

[cicciuzzo]

ciao,
ho fixato (in modalità provvisoria) gli elementi che mi hai indicato e riavviato (in modalità normale). al riavvio come al solito è partito i.e. ma questa volta si è presentata una pagina bianca. il problema sembrava risolto, ma... ho chiuso e riaperto i.e. e di nuovo la stramaledetta quick web search si è ripresentata (+ tutto il resto).
questo è il nuovo log di hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 20.49.21, on 05/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\mspt.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\mser32.exe
C:\Programmi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {86D92D6D-DD82-43AA-C7DA-575F6D01DEFC} - C:\WINDOWS\ipur.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Programmi\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mser32.exe] C:\WINDOWS\mser32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04b03cb6b1a ... 601_it.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\mspt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

grazie.
ciao.

[Luke9792005]

Ciao.

Se da modalità provvisoria proprio non ne vuole sapere, prova ad utilizzare la console msconfig (Start > Esegui e digita msconfig > seleziona Avvio Selettivo > entra nel tab Servizi, spunta Nascondi tutti i servizi Microsoft, fai click su Disabilita tutti > entra nel tab Avvio e fai click su Disabilita tutti).
A questo punto, seleziona un avvio per volta ed un servizio per volta, e conferma il riavvio. In questo modo, dovresti identificare il programma o il servizio che crea il problema.

Una volta individuato, vedremo cosa fare.

Per quanto riguarda il log, sembra che ci sia stato qualche cambiamento di nomi... Comunque le voci da fixare sono le seguenti:

C:\WINDOWS\mspt.exe

C:\WINDOWS\mser32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pzyki.dll/sp.html#55135

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pzyki.dll/sp.html#55135

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pzyki.dll/sp.html#55135

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pzyki.dll/sp.html#55135

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pzyki.dll/sp.html#55135

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pzyki.dll/sp.html#55135

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {86D92D6D-DD82-43AA-C7DA-575F6D01DEFC} - C:\WINDOWS\ipur.dll

O4 - HKLM\..\Run: [mser32.exe] C:\WINDOWS\mser32.exe

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O15 - Trusted IP range: 206.161.125.149

O15 - Trusted IP range: 206.161.125.149

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\mspt.exe

Ciao

[cicciuzzo]

ciao,
ho seguito le tue istruzioni e ho individuato che la partenza di i.e. in automatico (con la pagina quick web search) si verifica quando nel tab avvio seleziono:
elemento di avvio - iexplore
comando - c:\programmi\internet explorer\iexplore.exe
percorso - software\microsoft\windows\currentversion\run
inoltre quando mi si riapre la console msconfig nel tab avvio trovo che si è selezionato da solo anche:
elemento di avvio - mser32
comando - c:\windows\mser32.exe
percorso - software\microsoft\windows\currentversion\run
per quanto rigauarda il log di kijackthis ho fixato gli elementi che mi hai indicato tranne:
c:\windows\mspt.exe
c:\windows\mser32.exe
perchè non compaiono nella finestra di selezione.
grazie ancora e a presto.
ciao.

[Luke9792005]

Ciao.

Prova a verificare se tra gli elementi aggiuntivi di Internet Explorer risulta qualcosa legato a questo "web search":
Start > Esegui e digita inetcpl.cpl > entra nel tab Programmi > Gestione componenti aggiuntivi.

Se trovi qualcosa, fai click con il tasto destro del mouse e disattivalo. Quindi riavvia e vedi cosa succede.

Ciao

[Luke57]

Ciao, prova anche a terminare i processi prima di procedere:
Scarica anche cwshredder da http://www.trendmicro.com/ftp/products/ ... redder.exe
1.avvia in modalità "normale"
2.fai girare HJT e premi "config", "Misc tools" e "Open Process Manager"
3.cerca il/i processo/i :
C:\WINDOWS\mspt.exe
C:\WINDOWS\mser32.exe
4.selezionalo/i e clic su "kill process"
5.torna al menù principale e premi scan
6.cerca nell'elenco le chiavi seguenti e spunta la casella a lato di ognuna
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pzyki.dll/sp.html#55135
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {86D92D6D-DD82-43AA-C7DA-575F6D01DEFC} - C:\WINDOWS\ipur.dll
O4 - HKLM\..\Run: [mser32.exe] C:\WINDOWS\mser32.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149
O23 - Service: Workstation NetLogon Service ( 11Fßä #•ºÄÖ`I) - Unknown owner - C:\WINDOWS\mspt.exe
8.avvia in modalità provvisoria
9. fai girare CWShredder, premi fix e attendi la conclusione dell'elaborazione
10. Avvia Esplora risorse e imposta la visualizzazione completa dei files, tramite:
Seleziona strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click Ok
11. attiva gestione risorse, cerca e cancella i seguenti files :
C:\WINDOWS\mspt.exe
C:\WINDOWS\mser32.exe
C:\WINDOWS\ipur.dll
13.vai su "installazione applicazioni" e rimuovi tutte le applicazioni che non conosci e che non hai installato tu
14.cancella il contenuto dei files temporanei di windows (tremp,tmp)
15.sulle opzioni Internet cancella la cache di IE, i cookies
16.svuota il cestino
17.riparti in modalità normale
18.fai girare HJT e posta il log

[cicciuzzo]

ciao,
ho seguito tutto quello che mi hai indicato, tranne alcune differenze:
1. tra le chiavi da fixare non ho trovato:
O2 - BHO: Class - {86D92D6D-DD82-43AA-C7DA-575F6D01DEFC} - C:\WINDOWS\ipur.dll
ma ho fixato questa:
O2 - BHO: Class - {097FEAC8-2F66-1ADA-699F-2838B1F22928} - C:\WINDOWS\winyt32.dll
2. tra i files da cancellare in gestione risorse non ho trovato:
c:\windows\ipur.dll
il problema sembra essere scomparso. al riavvio non parte più i.e. in automatico con quick web search.

adesso però non riesco più a navigare in internet.
i.e. si apre con una pagina completamete bianca e mi è sparita la barra dove digitare gli indirizzi internet.
forse è dovuto al fatto che da "installazione applicazioni" ho rimosso l'applicazione "ScanToWeb"?
se è così come faccio a ripristinarla?
in ogni caso ti allego il nuovo log hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 22.59.44, on 15/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04b03cb6b1a ... 601_it.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

grazie e a presto.

[Luke57]

Ciao, lew voci da fissare con hijackthis sono queste:
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
Devi avere disistallato o disattivato Intenet Explorer, non appare nel log.
Guarda, con la procedura che ti ha suggerito il mio omonimo Luke (start>esegui>msconfig>servizi) se hai disabilitato il browser, se sì riabilitalo.

[Luke57]

Oppure guarda da esplora risorse>pannello di controllo>installazione componenti di windows, se hai tolto la spunata a internet explorer, se sì reinseriscila.

[cicciuzzo]

ciao,
ho controllato i servizi si msconfig e il browser non è disabilitato, mentre su installazione applicazioni non trovo internet explorer.
no so come ma è come se l'avessi disinstallato.
posso reinstallarlo?
ciao e grazie.

[Luke57]

ciao,
ho controllato i servizi si msconfig e il browser non è disabilitato, mentre su installazione applicazioni non trovo internet explorer.
no so come ma è come se l'avessi disinstallato.
posso reinstallarlo?
ciao e grazie.

le procedure sono queste: http://support.microsoft.com/?kbid=318378