(help) non riesco + a impostare pagina iniziale [Archivio]

View Full Version : (help) non riesco + a impostare pagina iniziale

squaletto

27-05-2005, 12:29

Salve ragazzi, scusate ma ho un problema che mi da tanto fastidio:

in pratica non riesco + ad impostare la pagina iniziale, qualsiasi sia il sito.
Poi mi capita che quando sulla barra degli indirizzi inserisco un sito www.hwupgrade.it mi salta alla pagina iniziale :muro:

http://pikaciu.altervista.org/help.jpg

vi lascio anche il link, forse qualcuno mi sa dare una mano, ho gia fatto la scansione con spybot, kaspersky,e microsoft antispyware, ma nulla...

please aiuto!!!!

p.s. con firefox che ho pure installato non mi crea questo problema......

robyesp17

27-05-2005, 12:39

soltanto togliendo le chiavi con hijackthis lo risolvi... posta il log che ricavi, o fai da solo scaricando l'applicazione hijackthis... e verifica pure il registro.

squaletto

27-05-2005, 12:41

ma perche succedono ste cose????? ma porca..... :mad:

Logfile of HijackThis v1.99.1
Scan saved at 12.41.16, on 27/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\TuneUp Win Styler\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
E:\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
E:\Evidence Eliminator\ee.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
E:\NOKIAS~1\NOKIAP~1\TRAYAP~1.EXE
E:\MessengerPlus\MsgPlus.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
E:\Microsoft Anti Spyware\gcasServ.exe
E:\Microsoft Anti Spyware\gcasDtServ.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
E:\WinMX\WinMX\WinMX.exe
C:\WINDOWS\system32\rundll32.exe
E:\PeerGuardian2\pg2.exe
E:\quickTime\iTunesHelper.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\iPod\bin\iPodService.exe
E:\active sync\WCESCOMM.EXE
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
E:\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\intmon.exe
E:\SKYPEPhone\Skype.exe
E:\Winamp\Winamp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
F:\Documenti\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startsearches.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.startsearches.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startsearches.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programmi\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpC52F.tmp
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programmi\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Outpost Firewall] E:\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [Evidence Eliminator] E:\Evidence Eliminator\ee.exe /m
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\NOKIAS~1\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "E:\MessengerPlus\MsgPlus.exe"
O4 - HKLM\..\Run: [gcasServ] "E:\Microsoft Anti Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [KAV50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\quickTime\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] E:\Microsoft Anti Spyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\active sync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programmi\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Verweisseiten - res://c:\programmi\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programmi\google\GoogleToolbar3.dll/cmsimilar.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - e:\active sync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - e:\active sync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - e:\active sync\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\OUTPOS~1\TRASH.EXE (HKCU)
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/it/filesharingctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B64942-6EC4-4B85-B07C-E9D2F0F248F4}: NameServer = 62.211.69.150 212.48.4.15
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\BlueSoleil\BTNtService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - E:\OUTPOS~1\outpost.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\TuneUp Win Styler\WinStylerThemeSvc.exe

squaletto

27-05-2005, 12:51

ho fatto una scansione come puoi vedere con hijack this, pero' anche dopo aver fleggato startsearches.net e cliccato su fix checked, se rifaccio la scansione compaiono di nuovo....!!! come mai? che devo fa?

NtBIG

27-05-2005, 12:57

prova con cwshredder (http://www.intermute.com/spysubtract/cwshredder_download.html)

trevi63

27-05-2005, 15:10

Hai sicuramente qualche programma antispyware in real time che ti blocca la variazione della pagina iniziale.
Prova a chiudere eventuali programmi antispyware e dimmi cosa succede.

ciao

bluepix

27-05-2005, 17:33

C'è da divertirsi con questo log.
Aspetto che adesso ci guardo.

bluepix

27-05-2005, 17:45

Prova a fixare queste voci:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.startsearches.net/search.php?qq=%1

F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe

O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpC52F.tmp

O4 - HKLM\..\Run: [ScanRegistry] C:\W
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz

questo sembra inutile

O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)

cancella il file
C:\W

juninho85

27-05-2005, 17:45

C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\intmon.exe

sospetti
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
questo vai sul registro e editalo inserendo la tua homepage
successivamente fixa questi:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startsearches.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.startsearches.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startsearches.net/
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpC52F.tmpO4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - E:\OUTPOS~1\TRASH.EXE (HKCU)
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab

bluepix

27-05-2005, 17:56

Bravo Juni.....questi mi erano sfuggiti:
(Troj/Puper-A)

C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\intmon.exe
C:\WINDOWS\system32\hpC52F.tmp

da cancellare in modalità provvisoria

juninho85

27-05-2005, 17:59

Bravo Juni.....questi mi erano sfuggiti:
(Troj/Puper-A)

C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\intmon.exe
C:\WINDOWS\system32\hpC52F.tmp

da cancellare in modalità provvisoria
il fatto che la homepage si ripristini non può che essere dovuto a un file(secondo me in particolare il 1 e il 3,il secondo l'ho segnalato perche mi pre un componente di windows,ma non sono sicuro)

bluepix

27-05-2005, 18:04

Ho trovato una pagina che sembra la fotocopia del report di Hijackthis:

http://www.short-media.com/forum/showthread.php?t=32589

squaletto

27-05-2005, 18:19

:eek: non riesco uffi! in pratica faccio questa scansione, ho fleggato tutte le righe che mi avete detto..... e poi Fix checked, pero' se rifaccio la scansione mi ricompare... io formatto il disco... oppure?

bluepix

27-05-2005, 18:45

c'è sempre tempo.

quello che combina lo trovi qui:
http://www.sophos.com/virusinfo/analyses/trojpupera.html

oppure qui(per la vesrione D)
http://www.sophos.com/virusinfo/analyses/trojpuperd.html

prova a rimuoverlo con panda on line

squaletto

27-05-2005, 19:25

:D :D :D :D Grandissimi ragazzi per il vostro aiuto!!! mi sono risparmiato di stare qualche oretta a rinstallare il tutto!!!!!! In modalita' prov. ho eliminato i file con hjijack this, poi manualmente sono entrato in c: windows / system 32 e ho eliminato i 3 file che avete detto.... fatto anche una scansione con kaspersky, antispyware microsoft, spybot nella cartella di windows. (pero trovato nulla)

Fatto ripartire in modalita' normale e risolto il problema !!! THANKS!!!!! :sofico: :)

Grazie: Juninho85 , Bluepix, Robyesp17, Nt Big, Trevi 63

juninho85

27-05-2005, 21:04

figurati,è sempre un piacere;)