Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

reindirizzamento

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

reindirizzamento

Postdi ciccio_br » 13/01/08 22:51

Ciao ho un problema: da un paio di giorni quando faccio la ricerca su google non si apre la pagina desiderata ma altre come http://www.click2find.com o http://www.fast-loans.org! Con Avira Antivir aggiornato e AVG anty spyware aggiornato non risolvo nulla..come posso fare? grazie
ciccio_br
ciccio_br
Utente Junior
 
Post: 15
Iscritto il: 23/11/06 20:17
Località: Piacenza

Sponsor
 

Re: reindirizzamento

Postdi ciccio_br » 13/01/08 22:59

e questo è il file di log hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.59.56, on 13/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tele2internet.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/ut ... Helper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67E24F7B-E3F6-4FAE-9382-FE7D96D262A4}: NameServer = 85.255.113.90 85.255.112.74
O17 - HKLM\System\CCS\Services\Tcpip\..\{93312F46-1AAD-47EC-B47F-027D78AE5EA8}: NameServer = 85.255.113.90,85.255.112.74
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6F170D5-D226-47EB-B571-0DB62549F7C3}: NameServer = 85.255.113.90,85.255.112.74
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.74
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.74
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.74
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7857 bytes
ciccio_br
ciccio_br
Utente Junior
 
Post: 15
Iscritto il: 23/11/06 20:17
Località: Piacenza

Re: reindirizzamento

Postdi miclino » 21/01/08 13:32

salve,
ho esattamente lo stesso problema.
Speravo di trovare la soluzionme in qualche risposta a questo topic, ma vedo che nessuno a commentato.
Allego il log di combifix fatto girare sul mio PC.
Qualcuno può aiutarmi?

Grazie per la collaborazione.
miclino
Utente Junior
 
Post: 24
Iscritto il: 04/01/08 14:24

Re: reindirizzamento

Postdi miclino » 21/01/08 13:34

scusate, ma otre qualche errore di grammatica, ho dimenticato di allegare il log di combifix.
Abbiate pazienza:
grazie.

ComboFix 08-01-18.5 - mm 2008-01-19 12.52.10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1040.18.209 [GMT 1:00]
Eseguito da: C:\Documents and Settings\mm\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\Helper
C:\Programmi\Helper\superfindout.dll
C:\WINDOWS\system32\kdewc.exe
C:\WINDOWS\system32\lr.exe
C:\WINDOWS\system32\msnmanegrs.exe
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\Temp\1.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SYMAVC32
-------\symavc32
-------\xpdx


((((((((((((((((((((((((( Files Creati Da 2007-12-19 al 2008-01-19 )))))))))))))))))))))))))))))))))))
.

2008-01-19 12:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-01-15 19:04 . 2007-11-07 20:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-01-15 19:04 . 2007-11-07 20:15 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-01-14 12:17 . 2002-08-29 01:27 33,792 --a------ C:\WINDOWS\system32\drivers\disk.sys
2008-01-14 12:17 . 2002-08-29 01:27 33,792 --a--c--- C:\WINDOWS\system32\dllcache\disk.sys
2008-01-11 19:45 . 2008-01-11 19:45 <DIR> d-------- C:\Programmi\ahead
2008-01-11 19:44 . 2008-01-11 19:44 <DIR> d-------- C:\Programmi\File comuni\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 17:39 --------- d-----w C:\Programmi\Google
2007-12-09 15:47 696,320 ----a-w C:\WINDOWS\system32\Srb0ty.exe
2007-12-09 11:55 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-09 11:54 --------- d-----w C:\Documents and Settings\mm\Dati applicazioni\InterTrust
2007-12-09 10:00 402,944 ----a-w C:\WINDOWS\system32\mo.exe
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-26 20:12 1,256,118 ----a-w C:\Documents and Settings\mm\sdikfog.exe
2007-11-25 17:50 48,776 ----a-w C:\Documents and Settings\mm\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-11-23 18:32 --------- d-----w C:\Programmi\Lexmark X1100 Series
2007-11-21 08:24 16,384 ----a-w C:\WINDOWS\system32\mkdate.exe
2007-11-07 19:29 558,142 ----a-w C:\WINDOWS\java\Packages\bbb5fbd7.zip
2007-11-07 19:29 155,995 ----a-w C:\WINDOWS\java\Packages\hjrbnhff.zip
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 12:51 13312]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-29 02:55 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Lexmark X1100 Series"="C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 11:01 57344]
"DSLSTATEXE"="C:\Program Files\GlobespanVirata\Adsl\dslstat.exe" [2003-06-10 07:54 299008]
"DSLAGENTEXE"="C:\Program Files\GlobespanVirata\Adsl\dslagent.exe" [2003-08-19 05:47 16384]
"Zone Labs Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 10:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 12:51 13312]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-12-09 12:55:56]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2003-02-21 17:00:00]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2007-11-20 19:43:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ivn4reg]
C:\Documents and Settings\All Users\Documenti\Settings\ivn4.dll 2007-11-29 02:52 14050 C:\Documents and Settings\All Users\Documenti\Settings\ivn4.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOW

S2 SSDPSR;SSDP Discovery Service;"C:\WINDOWS\system32\ssdpsr.exe" []
S2 TrkWksRemoteRegistry;Manutenzione collegamenti distribuiti client TrkWksRemoteRegistry;C:\WINDOWS\System32\accessf.exe srv []
S4 MSN RAV;MSN RAV;"C:\WINDOWS\system\msnrav.exe" [2007-11-28 20:03]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 13:02:39
Windows 5.1.2600 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Documents and Settings\All Users\Documenti\Settings\ivn4.dll
.
Ora fine scansione: 2008-01-19 13:04:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 12:04:05
miclino
Utente Junior
 
Post: 24
Iscritto il: 04/01/08 14:24


Torna a Sicurezza e Privacy


Topic correlati a "reindirizzamento":


Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti