PDA

Visualizza versione completa : [XP] Stranissimo problema con le ricerche di Google!!! [RISOLTO]


Luke
19-02-2009, 16.56.05
Ciao!
Non so per quale santissimo problema, da oggi, il mio bel pc con xp sp3, ogni volta che ricerco qualcosa in google, mi presenta tutti i risultati senza la scritta copia cache, cosa che prima c'era, inoltre random cliccando su uno dei risultati, invece di andare alla pagina corretta, vengo rediretto su una pagina che , o mi consiglia di scaricare (a pagamento) Emule oppure su un'alta che fa la stessa cosa ma consigliandomi SpeedDownload.

La cosa bella è che pensavo fosse Firefox, allora l'ho disinstallato con revouninstaller per poi scoprire che fa cosi anche con Explorer.

Inutile sia NOD32 che SuperANTISpyware, nessuno ha trovato niente a proprosito.

Che faccio? :(

Luke
19-02-2009, 17.00.38
Ah niente di strano neppure nello startup, ho controllato con cacheclener e con anivir.exe

Lionsquid
19-02-2009, 20.23.40
usa malwarebytes, per ripulire questi dirottatore è molto efficace ;)

con hijackthis che si vede??

Luke
19-02-2009, 22.42.01
hijackthis non so cosa sia, ma adesso uso firefox dal mio (bellissimo e immune) mac, cosi lo scarico, lo mando al pc e lo eseguo :D

Luke
19-02-2009, 22.50.08
Questo è il report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.46.31, on 19/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HiJackThis.exe

O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe

--
End of file - 4184 bytes

Luke
19-02-2009, 23.16.53
Questo il log di malwarebytes che, tra parentesi, non mi faceva l'update perchè diceva che lo bloccava il firewall che però era disabilitato, quindi non ne aveva motivo:

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

19/02/2009 23.10.14
mbam-log-2009-02-19 (23-10-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 73922
Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-5-2-96-100024608-100009877-100009727-2807.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\tempo-327500.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\tempo-327656.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\tempo-491734.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\tempo-491875.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\system32\drivers\gaopdxessiyuep.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\gaopdxnqwekoow.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\gaopdxserv.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\gaopdxujwswwyl.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\gaopdxvirwbirl.dll (Trojan.Agent) -> No action taken.

Ho lanciato il fix all e, dopo un bel reboot, tutto ok!!!!

GRANDE!!

Grazie mille per il consiglio, mi hai risparmiato un pomeriggio a reinstallare xp da chiavetta perchè sull'eeebox non ho preso il lettore dvd esterno ;)