• User

    [Risolto] Problema con Explorer

    Ho un problema con Internt Explorer 7
    In pratica mentre navigo ogni tanto si apre una finestra di popup che per la maggior parte visualiza dei siti con fake antivirus e qualce messaggio di expolrer che i chiede di fare una scansione del pc in inglese.
    Ora credo di essermi beccato qualcosa anche se non capiso come, ieri andava tutto bene stasera mi da qusto fastidioso problema.
    La cosa che ho notato che ad ogni finestra che si apre il nome del sito è precedto da ~.
    Nod32 non mi ha rilevato nulla (devo rimpiangere di non aver un altro antivrus?)
    Vi chiedo cosa possa essere e se c'è qualche anima pia che posa aiutarmi.
    Vi ringrazio in anticipo e mi scuso se magari questo thread è già aperto da qualche parte.

    edit:non è solo di explorer, lo stesso problema me lo da anche con firefox 😞

    Allego il mio log:

    Logfile of HijackThis v1.99.1
    Scan saved at 23.27.38, on 17/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    H:\Programmi\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
    H:\Programmi\xampp\apache\bin\apache.exe
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Programmi\Bonjour\mDNSResponder.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    H:\Programmi\massive_mhost\mhost.exe
    H:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    H:\Programmi\xampp\apache\bin\apache.exe
    C:\Programmi\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\FILECO~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Eset\nod32kui.exe
    C:\WINDOWS\system32\atwtusb.exe
    C:\Programmi\DAEMON Tools\daemon.exe
    C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\VM_STI.EXE
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Programmi\Trust\MI-2500X OPTICAL MOUSE\Mouse32a.exe
    C:\WINDOWS\system32\taskswitch.exe
    H:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\Microsoft ActiveSync\wcescomm.exe
    H:\Programmi\RocketDock\RocketDock.exe
    C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
    C:\Programmi\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
    C:\Programmi\iPod\bin\iPodService.exe
    H:\Programmi\BitComet\BitComet.exe
    H:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Programmi\hijackthis_199\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lloogg.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer 7 personalizzato MSN!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Programmi\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: Anonymizer Core Browser Helper Object - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - (no file)
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programmi\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - (no file)
    O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Programmi\Snap Shots\snapbar.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Anonymizer Toolbar - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Programmi\StumbleUpon\StumbleUponIEBar.dll
    O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Programmi\Snap Shots\snapbar.dll
    O3 - Toolbar: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - (no file)
    O4 - HKLM..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE NoteCam Sm@rt A300
    O4 - HKLM..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM..\Run: [GrooveMonitor] "H:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Trust\MI-2500X OPTICAL MOUSE\Mouse32a.exe
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
    O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM..\Run: [Viewbar] C:\Programmi\AGLOCO Viewbar\Viewbar.exe
    O4 - HKLM..\Run: [LogonStudio] "H:\Programmi\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM..\Run: [PCSuiteTrayApplication] H:\PROGRA~2\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM..\Run: [iTunesHelper] "H:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKCU..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU..\Run: [RocketDock] "H:\Programmi\RocketDock\RocketDock.exe"
    O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res
    O4 - HKCU..\Run: [SUPERAntiSpyware] H:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = H:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Register.lnk = H:\Programmi\ZZZ Technologies\SWF2FLA Flash Decompiler\RegReminder.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - H:\PROGRA~2\FLASHS~1\save.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt119INIT
    O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add this link to WebWhacker... - H:\Programmi\Blue Squirrel\WebWhacker 5.0\Art\wwieextlink.html
    O8 - Extra context menu item: Add this page to WebWhacker... - H:\Programmi\Blue Squirrel\WebWhacker 5.0\Art\wwieext.html
    O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: Save Flash - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
    O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - H:\PROGRA~2\FLASHS~1\save.htm
    O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - H:\PROGRA~2\FLASHS~1\save.htm
    O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dante\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - H:\Programmi\Blue Squirrel\WebWhacker 5.0\Art\wwietb.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://*.safe-surfing-com-net.officialtop-ringtones-programs-mp3-iiiiii.com
    O15 - Trusted Zone: *.stumbleupon.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://www.coolstreaming.us/consolle/plug-in/tvants.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v6.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://microsoft-world.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://80.21.49.14/activex/AxisCamControl.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
    O16 - DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} (OBInstallRunner Control) - http://www.opinionbar.com/download/resources/OBInstallCabinet.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MusicManagerPlugin.MediaBar) - http://sib1.pvw.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip..{1E20D0FE-5678-42D4-9094-01C8C7884A43}: NameServer = 85.37.17.16 85.38.28.68
    O17 - HKLM\System\CS1\Services\Tcpip..{1E20D0FE-5678-42D4-9094-01C8C7884A43}: NameServer = 85.37.17.16 85.38.28.68
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
    O20 - AppInit_DLLs: ,wbsys.dll
    O20 - Winlogon Notify: !SASWinLogon - H:\Programmi\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FILECO~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - H:\PROGRA~2\ALIENG~1\wbsrv.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - H:\Programmi\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2.2 - Unknown owner - H:\Programmi\xampp\apache\bin\apache.exe" -k runservice (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Mhost - Unknown owner - H:\Programmi\massive_mhost\mhost.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - H:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Programmi\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: MySql - Unknown owner - H:/Programmi/xampp/mysql/bin/mysqld-shareware.exe (file missing)
    O23 - Service: NBService - Nero AG - H:\Programmi\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Programmi\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe (file missing)
    O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)
    O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Programmi\Microsoft Windows OneCare Live\winss.exe (file missing)
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: XAMPP Service (XAMPP) - Unknown owner - H:\Programmi\xampp\service.exe


  • Consiglio Direttivo

    Ciao Luxstudio,

    fixa queste chiavi con hijackthis:

    O2 - BHO: Anonymizer Core Browser Helper Object - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - (no file)

          O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - (no file)
    

    O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

    O3 - Toolbar: Anonymizer Toolbar - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} - (no file)

    O3 - Toolbar: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - (no file)

    O4 - HKCU..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res

    O4 - Global Startup: Register.lnk = H:\Programmi\ZZZ Technologies\SWF2FLA Flash Decompiler\RegReminder.exe

          O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxpt119INIT
    

    O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage

          O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dante\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
    

    O15 - Trusted Zone: *.stumbleupon.com

    O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/vers...n/AMClient.cab

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab

    O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://es6-scripts.dlv4.com/binaries...1073_em_XP.cab

    O23 - Service: Mhost - Unknown owner - H:\Programmi\massive_mhost\mhost.exe

    O23 - Service: MySql - Unknown owner - H:/Programmi/xampp/mysql/bin/mysqld-shareware.exe (file missing)Fixate queste voci, effettua una scansione con AVG Anti-Spyware "aggiornato" ed una bella ripulita con Ccleaner!

    Dopo aver fatto tutto questo, posta un nuovo log con hijackthis! 🙂

    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe

    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exeConosci questo C:\Casino\Europa Casino\casino.exe ?? :mmm:


  • User

    @Wolf Otakar said:

    Conosci questo C:\Casino\Europa Casino\casino.exe ?? :mmm:

    È un casinò online che gioco ogni tanto ma non penso sia la causa sono 2 mesi che è istallato...

    Ho fixato con hijackthis ora proseguo con gli altri 2 file.

    Grazie del supporto 😉


  • User

    Pens di aver capito la causa.
    Il malawae è nsint.exe che si crea in winows/system32 e cera una cartella in programma chimata instant access dove dento ci sono quelle 4 pagine che ogni tato mia apro.
    Inutile dire che cancellandole non ottengo nulla in questo mometo sto facendo la sansione con AVG Anti Spyware ( è lui che mi avvisava) poi vedo cosa succede.


  • Consiglio Direttivo

    @Luxstudio said:

    in questo mometo sto facendo la sansione con AVG Anti Spyware ( è lui che mi avvisava) poi vedo cosa succede.

    Ok, fammi sapere! :ciauz:

    p.s. effettua uno scan con FindAWF ed allega qui nel forum il risultato! 😉


  • User

    Avg mi ha tolto un po di schifzza dal pc ha trovato ance nsinet.exe e lo mette in quarantena, ma non lo eimin definitvamente.
    Ho trovato nsinet anche nel registro d sistema facendo una ricerca.
    Lo elimino ma riappare. Diciamo che è una secctura.
    Ma con Find AWF devo seezionare l'opzione numro 1?


  • Consiglio Direttivo

    @Luxstudio said:

    Ma con Find AWF devo seezionare l'opzione numro 1?

    Premi 2 volte invio! 🙂


  • User

    Scusa per il ritardo impegni vari non mi hanno lasciato spazio per il forum.
    Ho eliminato quel fastidioso Nsinet.exe con navilog.
    Una volta eseguito navilog in modalità provvisoria ho usato l'opzione 4, in cui puoi digitare il file da trovare.
    Ho scritto nsinet(senza estensione) lo ha trovato ed insieme tutti i file correlati e li ha eliminati. Al riavvio del pc non ho più riscontrato il problema.
    Lo consiglio vivamente 😉
    Grazie del supporto comunque. 😄


  • Consiglio Direttivo

    @Luxstudio said:

    Ho eliminato quel fastidioso Nsinet.exe con navilog.
    Una volta eseguito navilog in modalità provvisoria ho usato l'opzione 4, in cui puoi digitare il file da trovare.

    Ottimo, Luxstudio! 🙂

    :ciauz: