Olimpo Informatico

[uhuru]

Ho questo problema: quando per errore digito un indirizzo sbagliato in firefox, ad esempio:
wwwmetro.it
vengo reindirizzato a questo:
http://www.ragazzelive.com/

Questo è il log di hijackthis, uso adaware, avg, spybot, spyblaster e non hanno trovato nulla!

Alcuni services non riesco a toglierli con hijackthis, che fare?

Logfile of HijackThis v1.99.1
Scan saved at 22.56.32, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Apoint\Apvfb.exe
C:\Programmi\Vidalia\vidalia.exe
C:\Programmi\Privoxy\privoxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Tor\tor.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\SpyTools\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sinapsi.org; ;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Vidalia] "C:\Programmi\Vidalia\vidalia.exe"
O4 - Global Startup: Privoxy.lnk = C:\Programmi\Privoxy\privoxy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Programmi\FlashKeeper\getflash.htm
O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Programmi\FlashKeeper\getflash.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119604637753
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37880.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Programmi\FileZilla Server\FileZilla Server.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Programmi\sony\photo server 20\appsrv\PicAppSrv.exe (file missing)
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Programmi\File comuni\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Unknown owner - C:\Programmi\File comuni\sony shared\vaio media platform\UPnPFramework.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[holifay]

mmm non è che si veda molto anche da qui

prova a postare un log di silentrunners

(clicca con il destro>> salva)

Ciao

[uhuru]

Eccolo:
"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"H/PC Connection Agent" = ""C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"msnmsgr" = ""C:\Programmi\MSN Messenger\msnmsgr.exe" /background" [MS]
"Vidalia" = ""C:\Programmi\Vidalia\vidalia.exe"" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = "C:\Programmi\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."]
"ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"Zone Labs Client" = ""C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programmi\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{1DCD19FE-51F1-44BF-90F7-26F4D1944755}" = "Direct Audio Converter & CD Ripper Menu Shell Extension"
-> {HKLM...CLSID} = "Direct Audio Converter & CD Ripper Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\DIRECT~1\cmenu1.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}" = "Vocal Reader - Shell Extension"
-> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
\InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
"{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive"
-> {HKLM...CLSID} = "GMail Drive"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet"
-> {HKLM...CLSID} = "GMailFS Property Sheet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler"
-> {HKLM...CLSID} = "GMailFS Drop Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu"
-> {HKLM...CLSID} = "GMailFS Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Programmi\Unlocker\UnlockerCOM.dll" [null data]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * smrgdf C:\Programmi\iolo\System Mechanic 5 Professional\" [file not found], [MS], [file not found], [null data], [file not found], [file not found], [file not found], [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
VocalReader3\(Default) = "{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}"
-> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
\InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Programmi\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Daniele\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp"

[holifay]

Scusa, potresti riprovare a farlo cliccando su NO al primo messaggio?

[uhuru]

riprovare a fare che????

mi stai prendendo in giro o parli sul serio?

scusa, sono stanco e non capisco.

ti ho postato il log che chiedevi.

il problema è sempre lì:

digito: wwwmetro.it

e mi compare: http://www.ragazzelive.com/

sia se uso IE che FireFox !!!

CHI mi aiuta? GRAZIE!

[chemicalbit]

[uhuru]

Siete veramente gentili e pazienti.

Penso proprio che sia come dici, ho cliccato su No al messaggio di Silent Runners.vbs e qui sotto inserisco il risultato sperando possa servire alla soluzione del problema.

Ricordo che mi compare sia con Firefox che con IE, uso windows XP sp2, AVG come antivirus, Zonealarm, Adaware, Spybot e Ewido non mi rivelano nulla, ho persino usato il Panda active scan online e nulla!

se digito wwwmetro.it (quindi senza il puntino . tra i www e metro) ottengo una pagina non richiesta, questa: http://www.ragazzelive.com/

perché?

Io mi sono fatto l'idea che siano le impostazioni di search engine di default, ma lo strano è che il problema si presenta con entrambi i browser!

Ecco il dump di Silent Runners.vbs dopo aver cliccato su NO:

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"H/PC Connection Agent" = ""C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"msnmsgr" = ""C:\Programmi\MSN Messenger\msnmsgr.exe" /background" [MS]
"Vidalia" = ""C:\Programmi\Vidalia\vidalia.exe"" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = "C:\Programmi\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."]
"ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"Zone Labs Client" = ""C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programmi\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{1DCD19FE-51F1-44BF-90F7-26F4D1944755}" = "Direct Audio Converter & CD Ripper Menu Shell Extension"
-> {HKLM...CLSID} = "Direct Audio Converter & CD Ripper Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\DIRECT~1\cmenu1.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}" = "Vocal Reader - Shell Extension"
-> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
\InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
VocalReader3\(Default) = "{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}"
-> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
\InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Daniele\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp"

[uhuru]

Mi sono accorto che il log di silent runners era INCOMPLETO !

Ecco quello COMPLETO:

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"H/PC Connection Agent" = ""C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"msnmsgr" = ""C:\Programmi\MSN Messenger\msnmsgr.exe" /background" [MS]
"Vidalia" = ""C:\Programmi\Vidalia\vidalia.exe"" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = "C:\Programmi\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."]
"ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"Zone Labs Client" = ""C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programmi\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{1DCD19FE-51F1-44BF-90F7-26F4D1944755}" = "Direct Audio Converter & CD Ripper Menu Shell Extension"
-> {HKLM...CLSID} = "Direct Audio Converter & CD Ripper Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\DIRECT~1\cmenu1.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}" = "Vocal Reader - Shell Extension"
-> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
\InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
VocalReader3\(Default) = "{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}"
-> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
\InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Daniele\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp"


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]

C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\V8PGC6FI\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]

C:\Documents and Settings\Daniele\Impostazioni locali\Cronologia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]

C:\Documents and Settings\Luvi\Impostazioni locali\Temporary Internet Files\Content.IE5\US9KK52V\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]

C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IYNRJQ84\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\W6ZRGDII\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]

C:\WINDOWS\assembly\DESKTOP.INI
[.ShellClassInfo]
CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [null data]

C:\WINDOWS\Fonts\DESKTOP.INI
[.ShellClassInfo]
UICLSID={BD84B380-8CA2-1069-AB1D-08000948F534}
-> {HKLM...CLSID}\InProcServer32\(Default) = "fontext.dll" [null data]

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\NIBNO1VD\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]

C:\WINDOWS\Tasks\DESKTOP.INI
[.ShellClassInfo]
CLSID={d6277990-4c6a-11cf-8d87-00aa0060f5bf}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [null data]


Startup items in "Daniele" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
"Privoxy" -> shortcut to: "C:\Programmi\Privoxy\privoxy.exe" ["The Privoxy team - www.privoxy.org"]


Enabled Scheduled Tasks:
------------------------

"Critical Battery Alarm Program" -> WARNING -- The file "Critical Battery Alarm Program.job" is corrupt! (no executable)
"MP Scheduled Scan" -> launches: "C:\Programmi\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [null data]
"Packard Bell Data Secure for Daniele" -> launches: "C:\APPS\DataSecure\PBBackup.exe" ["Nec Computers International"]
"{2F8EDB14-E005-4B9A-96A3-175BDCDBD8C8}_DANIELUVI_Daniele" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{2F8EDB14-E005-4B9A-96A3-175BDCDBD8C8}_DANIELUVI_Daniele"" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [null data]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [null data]
000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 06, 09 - 32
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Ricerche"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Crea preferiti portatile"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Programmi\Microsoft ActiveSync\inetrepl.dll" [file not found]

{653D93AF-C741-4E5E-8C1B-59BA43F93E16}\
"ButtonText" = "Panda ActiveScan"
"Exec" = "http://www.pandasoftware.com/activescan" [file not found]

{86301D40-94C1-4A5E-843B-7F43965E364A}\
"ButtonText" = "FlashKeeper"
"Script" = "C:\Programmi\FlashKeeper\getflash.htm" [null data]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
(unwritable string)

Missing lines (compared with English-language version):
[Version]: 2 lines
[RestoreHomePage]: 1 line
[RestoreHomePage.reg]: 1 line
[RestoreBrowserSettings.reg]: 12 lines
[DeleteTemplates.reg]: 5 lines
[DeleteAutosearch.reg]: 1 line
[Strings]: 1 line
[RestoreBrowserSettings]: 2 lines
[Strings]: 3 lines


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" [null data]
Centro sicurezza PC, wscsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wscsvc.dll" [null data]}
Connessioni di rete, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [null data]}
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Programmi\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
Fax, Fax, "C:\WINDOWS\system32\fxssvc.exe" [MS]
Listener RIP, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [null data]}
Machine Debug Manager, MDM, ""C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Panda Process Protection Service, PavPrSrv, ""C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]
Registro eventi, Eventlog, "C:\WINDOWS\system32\services.exe" [null data]
Servizi semplici TCP/IP, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [null data]
Servizio helper IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows Defender Service, WinDefend, ""C:\Programmi\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor2\Driver = "CNBJMON2.DLL" [null data]
CutePDF Writer Monitor\Driver = "cpwmon2k.dll" [null data]
Ice Monitor M\Driver = "BiMMonNT.dll" ["Black Ice Software"]
LPR Port\Driver = "lprmon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
PrimoMon\Driver = "Primomonnt.dll" [file not found]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 440 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 130 seconds.
---------- (total run time: 697 seconds)

[Smjert]

Ma non si era già discusso di questo "problema" di Firefox o di IE? dato che anche a me succede che se digito wwwmetro.it vengo ridirezionato in quel sito... (e sono quasi convinto che chiunque provi avrà lo stesso risultato).

[uhuru]

Succede anche a te???

Succede a tutti ????

E vi sembra NORMALE????

Se si era già discusso, allora vi prego indicatemi dove e soprattutto dove trovo la SOLUZIONE!

Non mi sembra affatto accettabile che i browser ti dirottino verso siti non desiderati !

Che ne dite?

Ciao e grazie a tutti.

[Smjert]

Se il problema è quello che dico io non mi sembra che ci sia una soluzione.
Cmq l'ho trovata la discussione segui poi anche l'articolo.

[holifay]

mi bacchetto le mani per non aver letto prima l´articolo di ZN

Bhe, uhuru, mi spiace averti fatto perdere tempo, ma almeno una cosa la abbiamo ottenuta: il tuo log è pulitissimo!

[chemicalbit]

[Smjert]

Rispondo io (penso anche per lui).
No non con tutti gli indirizzi, io ad esempio se digito g (tipo quando voglio far venir fuori la tendina per selezionare google ma non mi mette automaticamente l'indirizzo) finisco su questo sito http://www.bologna-airport.it/.
Non so con che criterio mi porti sul quell'altro sito porno... (se metto come indirizzo g mi porta su quest'ultimo sito perchè è il primo risultato della ricerca su google.it).

[uhuru]