|
|||||||
|
|
|
 |
|
|
Strumenti |
21-07-2007, 00:32
|
#1 |
|
Member
Iscritto dal: Aug 2005
Messaggi: 90
|
Reindirizzamento google aiuto!
Salve a tutti, so che ci sono altre 4 discussioni che parlano di questo, ma leggendole non ho trovato aiuto se non quello di scoprire una guida molto utile sulle voci di HijackThis.
Il mio problema è il seguente: lancio una ricerca con google, mi mostra i risultati, ma appena clicco sul collegamento vengo reindirizzato sempre a 2 pagine in maniera consecutiva: Prima questa: http://www.fresh-weather.com/it/resu...m91osbaqu1e7&q e poi una pagina di suonerie o altro. Vi posto qui il log di HijackThis, io gli ho dato un'occhiata (con la guida di cui parlavo prima alla mano) e non mi sembra ci siano cose strane, ma sicuramente un vostro parere sarà migliore, gli indirizzi DNS sono corretti, non ce ne sono di strani: Logfile of HijackThis v1.99.1 Scan saved at 1.31.26, on 21/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programmi\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE c:\programmi\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programmi\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rmctrl.exe C:\Programmi\ZoneAlarm\zlclient.exe C:\Programmi\Windows Defender\MSASCui.exe C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE C:\Programmi\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Internet Explorer\iexplore.exe D:\Sistema\Desktop\Protezione\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Temp Clean.lnk = C:\Documents and Settings\deltemp.bat O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.google.it O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blogdilorenzo.spaces.live.com...d/MsnPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{62EB5A9D-2369-49F1-B15B-D4D2713A062E}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{62EB5A9D-2369-49F1-B15B-D4D2713A062E}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{62EB5A9D-2369-49F1-B15B-D4D2713A062E}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra\RpcSandraSrv.exe O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programmi\WinClamAVShield\sp_clamsrv.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing) Vi ringrazio infinitamente dell'aiuto. |
|
|
|
21-07-2007, 16:10
|
#2 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
|
22-07-2007, 00:58
|
#3 |
|
Member
Iscritto dal: Aug 2005
Messaggi: 90
|
Grazie ma..
ho controllato uno per uno quei file, ma niente!
Pensi sia meglio postare la discussione anche in un'altra sezione?...perchè non sono sicuro sia quella giusta. Comunque non va, continua a reindirizzarmi a quelle c.....o di pagine!!! Non so piu con cosa controllare...secondo tutti i programmi che ho usato ho il PC lindo e pinto...boh!!  Ciao |
|
|
|
|
22-07-2007, 01:06
|
#4 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
tranquillo che sei nella sezione giusta
scarica ed esegui avenger,inputando questo script Files to delete: %UserProfile%\Desktop\Weather.lnk %UserProfile%\Start Menu\Programs\Startup\Weather.lnk %ProgramFiles%\Weather\Weather.exe %ProgramFiles%\Weather\weather_install.exe Registry keys to delete: HKEY_CURRENT_USER\Software\Weather HKEY_CURRENT_USER\Software\Director dopodichè posti il log creato da avenger
Ultima modifica di juninho85 : 22-07-2007 alle 01:10. |
|
|
|
|
22-07-2007, 01:07
|
#5 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
doppio
Ultima modifica di juninho85 : 22-07-2007 alle 01:09. |
|
|
|
|
22-07-2007, 19:45
|
#6 |
|
Member
Iscritto dal: Aug 2005
Messaggi: 90
|
Ho fatto..
..ed il risultato è questo:
////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\Weather Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\Director ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ciyvnyli ******************* Script file located at: \??\C:\Program Files\sefvqksj.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Documents and Settings\Utente\Desktop\Weather.lnk not found! Deletion of file C:\Documents and Settings\Utente\Desktop\Weather.lnk failed! Could not process line: C:\Documents and Settings\Utente\Desktop\Weather.lnk Status: 0xc0000034 Could not open file C:\Documents and Settings\Utente\Start Menu\Programs\Startup\Weather.lnk for deletion Deletion of file C:\Documents and Settings\Utente\Start Menu\Programs\Startup\Weather.lnk failed! Could not process line: C:\Documents and Settings\Utente\Start Menu\Programs\Startup\Weather.lnk Status: 0xc000003a Could not open file C:\Programmi\Weather\Weather.exe for deletion Deletion of file C:\Programmi\Weather\Weather.exe failed! Could not process line: C:\Programmi\Weather\Weather.exe Status: 0xc000003a Could not open file C:\Programmi\Weather\weather_install.exe for deletion Deletion of file C:\Programmi\Weather\weather_install.exe failed! Could not process line: C:\Programmi\Weather\weather_install.exe Status: 0xc000003a Completed script processing. ******************* Finished! Terminate. Ti ringrazio per l'aiuto anche se non ho capito cosa volevi dire con "doppio" Graazie ancora |
|
|
|
|
22-07-2007, 19:59
|
#7 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
prova a riproporre questo:
Quote:
|
|
|
|
|
|
23-07-2007, 13:24
|
#8 |
|
Member
Iscritto dal: Aug 2005
Messaggi: 90
|
Fatto di nuovo...
...secondo round
 Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\wsdhrnah ******************* Script file located at: \??\C:\oqcsqana.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Documents and Settings\Utente\Desktop\Weather.lnk not found! Deletion of file C:\Documents and Settings\Utente\Desktop\Weather.lnk failed! Could not process line: C:\Documents and Settings\Utente\Desktop\Weather.lnk Status: 0xc0000034 Could not open file C:\Documents and Settings\Utente\Start Menu\Programs\Startup\Weather.lnk for deletion Deletion of file C:\Documents and Settings\Utente\Start Menu\Programs\Startup\Weather.lnk failed! Could not process line: C:\Documents and Settings\Utente\Start Menu\Programs\Startup\Weather.lnk Status: 0xc000003a Could not open file C:\Programmi\Weather\Weather.exe for deletion Deletion of file C:\Programmi\Weather\Weather.exe failed! Could not process line: C:\Programmi\Weather\Weather.exe Status: 0xc000003a Could not open file C:\Programmi\Weather\weather_install.exe for deletion Deletion of file C:\Programmi\Weather\weather_install.exe failed! Could not process line: C:\Programmi\Weather\weather_install.exe Status: 0xc000003a Registry key HKLM\\Software\Weather not found! Deletion of registry key HKLM\\Software\Weather failed! Status: 0xc0000034 Registry key HKLM\\Software\Director not found! Deletion of registry key HKLM\\Software\Director failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Ciao e grazie |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 10:43.
