Buongiorno a tutti.
questa e la prima volta e credo di trovarmi nel sito giusto per qualsiasi problema,
il mio problema è questo: Internet ADSL.
dopo la ricerca con google "sito ricera" si apre una lista dei nominativi "siti"
es: "aiutamici" quando clicco sull'indirizzo "WWW.auitamici" per due volte (circa) mi
trovo in siti diversi (DONNINE O SERVIZI.torno indietro) insistendo mi collego al vostro sito.(cio capita anche con altri siti).Sicuramente qualcosa non va.Ho gia provato con ativirus(nulla)
(antidialer-spyware-troian-malvare)ho fatto una scansione on line A-Squared, ultimo con
i vostri programmi.Nulla.Il problem persiste.ecco il file di hijackt per un controllo,se qualcuno mi puo aiutare lo ringrazio anticipatamente .Saluti a tutti,margius
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17.22.58, on 06/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\a-squared free\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Windows Media Connect 2\wmccds.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=ausandqkw=:s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - (no file)
O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O15 - Trusted Zone: www.xxx-content.name
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE29F39-A75B-4793-BF6A-318E0F5CD34F}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC0D723-F325-42CA-A972-8D8B62EE4EF3}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CD51C0F-D3A4-45FC-A9A7-1B345E765FD7}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{52356A41-BC32-48FB-9E68-5610C0B807C4}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AF2D8C4-B754-4E85-858B-C03DA1E2F78B}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{A14A04CD-AAC8-4888-B670-F2FE5EB5836F}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8600EDB-4D10-4FDD-A2BF-B46E1DAE7B68}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.102 85.255.112.178
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BE29F39-A75B-4793-BF6A-318E0F5CD34F}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.102 85.255.112.178
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BE29F39-A75B-4793-BF6A-318E0F5CD34F}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.102 85.255.112.178
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\programmi\a-squared free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6226 bytes

Ciao,

<b>avvia in modalità provvisoria</b> come <b>qui descritto:</b>

<b>rendi visibili le cartelle nascoste</b> ------ > <b>procedura</b>:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
<i>Visualizza file e cartelle nascoste</i>;
togli la spunta da:
<i>Nascondi file protetti del sistema(consigliato)</i>


Avvia hijackthis, con tutte le applicazioni chiuse, premi su <b>Do a system scan only</b> , spunta ed elimina <b>(fix checked)</b> le seguenti righe:

---

<font color=red>
O9 - Extra button: (no name) - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - (no file)
O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file
O15 - Trusted Zone: www.xxx-content.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE29F39-A75B-4793-BF6A-318E0F5CD34F}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC0D723-F325-42CA-A972-8D8B62EE4EF3}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CD51C0F-D3A4-45FC-A9A7-1B345E765FD7}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{52356A41-BC32-48FB-9E68-5610C0B807C4}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AF2D8C4-B754-4E85-858B-C03DA1E2F78B}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8600EDB-4D10-4FDD-A2BF-B46E1DAE7B68}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.102 85.255.112.178
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BE29F39-A75B-4793-BF6A-318E0F5CD34F}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.102 85.255.112.178
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BE29F39-A75B-4793-BF6A-318E0F5CD34F}: NameServer = 85.255.115.102,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.102 85.255.112.178
</font id=red>

---

cancella i file temporanei del tuo profilo;

Vai su Strumenti >> Opzioni Internet, elimina la cronologia, i files temporanei internet, i cookies;

svuota il cestino;


<b>Alla fine:</b>

rinascondi le cartelle di sistema;
riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.

---