| 
                
                
                 
 
	
		| Precedente :: Successivo |  
		| Autore | Messaggio |  
		| uhuru Mortale devoto
 
  
 
 Registrato: 03/10/06 23:11
 Messaggi: 8
 
 
 | 
			
				|  Inviato: 03 Ott 2006 23:17    Oggetto: Hijackthis, help! |   |  
				| 
 |  
				| Ho questo problema: quando per errore digito un indirizzo sbagliato in firefox, ad esempio: wwwmetro.it
 vengo reindirizzato a questo:
 http://www.ragazzelive.com/
 
 Questo è il log di hijackthis, uso adaware, avg, spybot, spyblaster e non hanno trovato nulla!
 
 Alcuni services non riesco a toglierli con hijackthis, che fare?
 
 Logfile of HijackThis v1.99.1
 Scan saved at 22.56.32, on 03/10/2006
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\spoolsv.exe
 C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
 C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
 C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
 C:\WINDOWS\System32\nvsvc32.exe
 C:\WINDOWS\System32\locator.exe
 C:\WINDOWS\System32\tcpsvcs.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Programmi\Apoint\Apoint.exe
 C:\WINDOWS\system32\ICO.EXE
 C:\WINDOWS\System32\ezSP_Px.exe
 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
 C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
 C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
 C:\Programmi\Apoint\Apntex.exe
 C:\Programmi\Apoint\Apvfb.exe
 C:\Programmi\Vidalia\vidalia.exe
 C:\Programmi\Privoxy\privoxy.exe
 C:\WINDOWS\System32\MsPMSPSv.exe
 C:\WINDOWS\system32\fxssvc.exe
 C:\Programmi\Tor\tor.exe
 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 C:\Programmi\Mozilla Firefox\firefox.exe
 C:\Programmi\SpyTools\hijackthis\HijackThis.exe
 C:\WINDOWS\system32\NOTEPAD.EXE
 C:\WINDOWS\system32\NOTEPAD.EXE
 
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sinapsi.org; ;<local>
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
 O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
 O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
 O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
 O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
 O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
 O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
 O4 - HKCU\..\Run: [Vidalia] "C:\Programmi\Vidalia\vidalia.exe"
 O4 - Global Startup: Privoxy.lnk = C:\Programmi\Privoxy\privoxy.exe
 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
 O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Programmi\FlashKeeper\getflash.htm
 O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll (file missing)
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll (file missing)
 O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
 O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
 O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
 O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Programmi\FlashKeeper\getflash.htm
 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119604637753
 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37880.cab
 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
 O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
 O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Programmi\FileZilla Server\FileZilla Server.exe
 O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
 O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Programmi\sony\photo server 20\appsrv\PicAppSrv.exe (file missing)
 O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Programmi\File comuni\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
 O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Unknown owner - C:\Programmi\File comuni\sony shared\vaio media platform\UPnPFramework.exe (file missing)
 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 |  |  
		| Top |  |  
		|  |  
		| holifay Dio maturo
 
  
  
 Registrato: 08/03/05 10:48
 Messaggi: 2912
 Residenza: Milano
 
 | 
			
				|  Inviato: 03 Ott 2006 23:51    Oggetto: |   |  
				| 
 |  
				| mmm non è che si veda molto anche da qui   
 prova a postare un log di silentrunners
 
 (clicca con il destro>> salva)
 
 Ciao
  |  |  
		| Top |  |  
		|  |  
		| uhuru Mortale devoto
 
  
 
 Registrato: 03/10/06 23:11
 Messaggi: 8
 
 
 | 
			
				|  Inviato: 04 Ott 2006 00:21    Oggetto: |   |  
				| 
 |  
				| Eccolo: "Silent Runners.vbs", revision 48, http://www.silentrunners.org/
 Operating System: Windows XP SP2
 Output limited to non-default values, except where indicated by "{++}"
 
 
 Startup items buried in registry:
 ---------------------------------
 
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
 "H/PC Connection Agent" = ""C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
 "msnmsgr" = ""C:\Programmi\MSN Messenger\msnmsgr.exe" /background" [MS]
 "Vidalia" = ""C:\Programmi\Vidalia\vidalia.exe"" [null data]
 
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "Apoint" = "C:\Programmi\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
 "Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."]
 "ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."]
 "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
 "AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
 "Zone Labs Client" = ""C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
 
 HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 "{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
 -> {HKLM...CLSID} = "dBpShell Class"
 \InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
 "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
 -> {HKLM...CLSID} = "dMCIShell Class"
 \InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
 "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
 -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
 \InProcServer32\(Default) = "C:\Programmi\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
 "{1DCD19FE-51F1-44BF-90F7-26F4D1944755}" = "Direct Audio Converter & CD Ripper Menu Shell Extension"
 -> {HKLM...CLSID} = "Direct Audio Converter & CD Ripper Menu Shell Extension"
 \InProcServer32\(Default) = "C:\PROGRA~1\DIRECT~1\cmenu1.dll" [null data]
 "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
 -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
 -> {HKLM...CLSID} = "AVG7 Find Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
 -> {HKLM...CLSID} = (no title provided)
 \InProcServer32\(Default) = "C:\Programmi\Microsoft Office\OFFICE11\msohev.dll" [MS]
 "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
 -> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"
 \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
 "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
 -> {HKLM...CLSID} = "Microsoft Office Outlook"
 \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
 "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
 -> {HKLM...CLSID} = "Shell Search Band"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
 "{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}" = "Vocal Reader - Shell Extension"
 -> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
 \InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
 "{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive"
 -> {HKLM...CLSID} = "GMail Drive"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
 "{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet"
 -> {HKLM...CLSID} = "GMailFS Property Sheet"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
 "{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler"
 -> {HKLM...CLSID} = "GMailFS Drop Handler"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
 "{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu"
 -> {HKLM...CLSID} = "GMailFS Context Menu"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
 "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
 -> {HKLM...CLSID} = "UnlockerShellExtension"
 \InProcServer32\(Default) = "C:\Programmi\Unlocker\UnlockerCOM.dll" [null data]
 
 HKLM\System\CurrentControlSet\Control\Session Manager\
 INFECTION WARNING! "BootExecute" = "autocheck autochk * smrgdf C:\Programmi\iolo\System Mechanic 5 Professional\" [file not found], [MS], [file not found], [null data], [file not found], [file not found], [file not found], [file not found]
 
 HKLM\Software\Classes\PROTOCOLS\Filter\
 INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
 -> {HKLM...CLSID} = (no title provided)
 \InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
 
 HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
 AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
 -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 VocalReader3\(Default) = "{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}"
 -> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
 \InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 
 HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 
 HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
 AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
 -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
 -> {HKLM...CLSID} = "UnlockerShellExtension"
 \InProcServer32\(Default) = "C:\Programmi\Unlocker\UnlockerCOM.dll" [null data]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 
 
 Active Desktop and Wallpaper:
 -----------------------------
 
 Active Desktop is disabled at this entry:
 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
 HKCU\Control Panel\Desktop\
 "Wallpaper" = "C:\Documents and Settings\Daniele\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp"
 |  |  
		| Top |  |  
		|  |  
		| holifay Dio maturo
 
  
  
 Registrato: 08/03/05 10:48
 Messaggi: 2912
 Residenza: Milano
 
 | 
			
				|  Inviato: 04 Ott 2006 14:18    Oggetto: |   |  
				| 
 |  
				| Scusa, potresti riprovare a farlo cliccando su NO al primo messaggio? |  |  
		| Top |  |  
		|  |  
		| uhuru Mortale devoto
 
  
 
 Registrato: 03/10/06 23:11
 Messaggi: 8
 
 
 | 
			
				|  Inviato: 04 Ott 2006 23:11    Oggetto: |   |  
				| 
 |  
				| riprovare a fare che???? 
 mi stai prendendo in giro o parli sul serio?
 
 scusa, sono stanco e non capisco.
 
 ti ho postato il log che chiedevi.
 
 il problema è sempre lì:
 
 digito:  wwwmetro.it
 
 e mi compare:  http://www.ragazzelive.com/
 
 sia se uso IE che FireFox !!!
 
 CHI mi aiuta?  GRAZIE!
 |  |  
		| Top |  |  
		|  |  
		| chemicalbit Dio maturo
 
  
  
 Registrato: 01/04/05 18:59
 Messaggi: 18597
 Residenza: Milano
 
 | 
			
				|  Inviato: 05 Ott 2006 10:32    Oggetto: |   |  
				| 
 |  
				| In effetti il messaggio di holifay è un po' criptico. 	  | uhuru ha scritto: |  	  | riprovare a fare che???? 
 mi stai prendendo in giro o parli sul serio?
 
 scusa, sono stanco e non capisco.
 | 
 
 Probabilmente il programma "Silent Runners.vbs" -che io non conosco
  - all'inzio chiede delle cose (tipo "faccio anche questo? sì/no") e holifay ti stava dicendo di eseguire il programma ma questa volta rispondendo appunto "no". 
 Vedi se con questa indicazione riesci a capire,
 oppure per sicurezza, aspetta che torni holifay (di solito nel primo pomeriggio dovrebbe risponderti)
 |  |  
		| Top |  |  
		|  |  
		| uhuru Mortale devoto
 
  
 
 Registrato: 03/10/06 23:11
 Messaggi: 8
 
 
 | 
			
				|  Inviato: 05 Ott 2006 13:16    Oggetto: |   |  
				| 
 |  
				| Siete veramente gentili e pazienti. 
 Penso proprio che sia come dici, ho cliccato su No al messaggio di Silent Runners.vbs e qui sotto inserisco il risultato sperando possa servire alla soluzione del problema.
 
 Ricordo che mi compare sia con Firefox che con IE, uso windows XP sp2, AVG come antivirus, Zonealarm, Adaware, Spybot e Ewido non mi rivelano nulla, ho persino usato il Panda active scan online e nulla!
 
 se digito wwwmetro.it (quindi senza il puntino . tra i www e metro) ottengo una pagina non richiesta, questa: http://www.ragazzelive.com/
 
 perché?
 
 Io mi sono fatto l'idea che siano le impostazioni di search engine di default, ma lo strano è che il problema si presenta con entrambi i browser!
 
 Ecco il dump di Silent Runners.vbs dopo aver cliccato su NO:
 
 "Silent Runners.vbs", revision 48, http://www.silentrunners.org/
 Operating System: Windows XP SP2
 Output limited to non-default values, except where indicated by "{++}"
 
 
 Startup items buried in registry:
 ---------------------------------
 
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
 "H/PC Connection Agent" = ""C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
 "msnmsgr" = ""C:\Programmi\MSN Messenger\msnmsgr.exe" /background" [MS]
 "Vidalia" = ""C:\Programmi\Vidalia\vidalia.exe"" [null data]
 
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "Apoint" = "C:\Programmi\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
 "Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."]
 "ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."]
 "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
 "AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
 "Zone Labs Client" = ""C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
 
 HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 "{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
 -> {HKLM...CLSID} = "dBpShell Class"
 \InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
 "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
 -> {HKLM...CLSID} = "dMCIShell Class"
 \InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
 "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
 -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
 \InProcServer32\(Default) = "C:\Programmi\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
 "{1DCD19FE-51F1-44BF-90F7-26F4D1944755}" = "Direct Audio Converter & CD Ripper Menu Shell Extension"
 -> {HKLM...CLSID} = "Direct Audio Converter & CD Ripper Menu Shell Extension"
 \InProcServer32\(Default) = "C:\PROGRA~1\DIRECT~1\cmenu1.dll" [null data]
 "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
 -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
 -> {HKLM...CLSID} = "AVG7 Find Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
 -> {HKLM...CLSID} = (no title provided)
 \InProcServer32\(Default) = "C:\Programmi\Microsoft Office\OFFICE11\msohev.dll" [MS]
 "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
 -> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"
 \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
 "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
 -> {HKLM...CLSID} = "Microsoft Office Outlook"
 \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
 "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
 -> {HKLM...CLSID} = "Shell Search Band"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
 "{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}" = "Vocal Reader - Shell Extension"
 -> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
 \InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
 "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
 INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
 -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
 \InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
 INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
 -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
 \InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
 
 HKLM\Software\Classes\PROTOCOLS\Filter\
 INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
 -> {HKLM...CLSID} = (no title provided)
 \InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
 
 HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
 AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
 -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
 -> {HKLM...CLSID} = "CContextScan Object"
 \InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
 VocalReader3\(Default) = "{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}"
 -> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
 \InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 
 HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
 ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
 -> {HKLM...CLSID} = "CContextScan Object"
 \InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 
 HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
 AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
 -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 
 
 Active Desktop and Wallpaper:
 -----------------------------
 
 Active Desktop is disabled at this entry:
 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
 HKCU\Control Panel\Desktop\
 "Wallpaper" = "C:\Documents and Settings\Daniele\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp"
 |  |  
		| Top |  |  
		|  |  
		| uhuru Mortale devoto
 
  
 
 Registrato: 03/10/06 23:11
 Messaggi: 8
 
 
 | 
			
				|  Inviato: 05 Ott 2006 13:24    Oggetto: |   |  
				| 
 |  
				| Mi sono accorto che il log di silent runners era INCOMPLETO ! 
 Ecco quello COMPLETO:
 
 "Silent Runners.vbs", revision 48, http://www.silentrunners.org/
 Operating System: Windows XP SP2
 Output limited to non-default values, except where indicated by "{++}"
 
 
 Startup items buried in registry:
 ---------------------------------
 
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
 "H/PC Connection Agent" = ""C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
 "msnmsgr" = ""C:\Programmi\MSN Messenger\msnmsgr.exe" /background" [MS]
 "Vidalia" = ""C:\Programmi\Vidalia\vidalia.exe"" [null data]
 
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "Apoint" = "C:\Programmi\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
 "Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."]
 "ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."]
 "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
 "AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
 "Zone Labs Client" = ""C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
 
 HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 "{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
 -> {HKLM...CLSID} = "dBpShell Class"
 \InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
 "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
 -> {HKLM...CLSID} = "dMCIShell Class"
 \InProcServer32\(Default) = "C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
 "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
 -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
 \InProcServer32\(Default) = "C:\Programmi\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
 "{1DCD19FE-51F1-44BF-90F7-26F4D1944755}" = "Direct Audio Converter & CD Ripper Menu Shell Extension"
 -> {HKLM...CLSID} = "Direct Audio Converter & CD Ripper Menu Shell Extension"
 \InProcServer32\(Default) = "C:\PROGRA~1\DIRECT~1\cmenu1.dll" [null data]
 "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
 -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
 -> {HKLM...CLSID} = "AVG7 Find Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
 -> {HKLM...CLSID} = (no title provided)
 \InProcServer32\(Default) = "C:\Programmi\Microsoft Office\OFFICE11\msohev.dll" [MS]
 "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
 -> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"
 \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
 "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
 -> {HKLM...CLSID} = "Microsoft Office Outlook"
 \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
 "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
 -> {HKLM...CLSID} = "Shell Search Band"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
 "{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}" = "Vocal Reader - Shell Extension"
 -> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
 \InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
 "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
 INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
 -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
 \InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
 INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
 -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
 \InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
 
 HKLM\Software\Classes\PROTOCOLS\Filter\
 INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
 -> {HKLM...CLSID} = (no title provided)
 \InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
 
 HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
 AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
 -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
 -> {HKLM...CLSID} = "CContextScan Object"
 \InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
 VocalReader3\(Default) = "{CC0F5AAC-24A5-40D5-8014-1ED7B4971DBF}"
 -> {HKLM...CLSID} = "Vocal Reader - Shell Extension"
 \InProcServer32\(Default) = "C:\Programmi\VocalReader\VocalReader3.dll" [null data]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 
 HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
 ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
 -> {HKLM...CLSID} = "CContextScan Object"
 \InProcServer32\(Default) = "C:\Programmi\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 
 HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
 AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
 -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
 \InProcServer32\(Default) = "C:\Programmi\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
 
 
 Active Desktop and Wallpaper:
 -----------------------------
 
 Active Desktop is disabled at this entry:
 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
 HKCU\Control Panel\Desktop\
 "Wallpaper" = "C:\Documents and Settings\Daniele\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp"
 
 
 DESKTOP.INI DLL launch in local fixed drive directories:
 --------------------------------------------------------
 
 C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\DESKTOP.INI
 [.ShellClassInfo]
 UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
 -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]
 
 C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\V8PGC6FI\DESKTOP.INI
 [.ShellClassInfo]
 UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
 -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]
 
 C:\Documents and Settings\Daniele\Impostazioni locali\Cronologia\History.IE5\DESKTOP.INI
 [.ShellClassInfo]
 UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
 -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]
 
 C:\Documents and Settings\Luvi\Impostazioni locali\Temporary Internet Files\Content.IE5\US9KK52V\DESKTOP.INI
 [.ShellClassInfo]
 UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
 -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]
 
 C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\DESKTOP.INI
 [.ShellClassInfo]
 UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
 -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]
 
 C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\IYNRJQ84\DESKTOP.INI
 [.ShellClassInfo]
 UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
 -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]
 
 C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\W6ZRGDII\DESKTOP.INI
 [.ShellClassInfo]
 UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
 -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]
 
 C:\WINDOWS\assembly\DESKTOP.INI
 [.ShellClassInfo]
 CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43}
 -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [null data]
 
 C:\WINDOWS\Fonts\DESKTOP.INI
 [.ShellClassInfo]
 UICLSID={BD84B380-8CA2-1069-AB1D-08000948F534}
 -> {HKLM...CLSID}\InProcServer32\(Default) = "fontext.dll" [null data]
 
 C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\NIBNO1VD\DESKTOP.INI
 [.ShellClassInfo]
 UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
 -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [null data]
 
 C:\WINDOWS\Tasks\DESKTOP.INI
 [.ShellClassInfo]
 CLSID={d6277990-4c6a-11cf-8d87-00aa0060f5bf}
 -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [null data]
 
 
 Startup items in "Daniele" & "All Users" startup folders:
 ---------------------------------------------------------
 
 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
 "Privoxy" -> shortcut to: "C:\Programmi\Privoxy\privoxy.exe" ["The Privoxy team - www.privoxy.org"]
 
 
 Enabled Scheduled Tasks:
 ------------------------
 
 "Critical Battery Alarm Program" -> WARNING -- The file "Critical Battery Alarm Program.job" is corrupt! (no executable)
 "MP Scheduled Scan" -> launches: "C:\Programmi\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [null data]
 "Packard Bell Data Secure for Daniele" -> launches: "C:\APPS\DataSecure\PBBackup.exe" ["Nec Computers International"]
 "{2F8EDB14-E005-4B9A-96A3-175BDCDBD8C8}_DANIELUVI_Daniele" -> launches: "C:\WINDOWS\system32\mobsync.exe  /Schedule="{2F8EDB14-E005-4B9A-96A3-175BDCDBD8C8}_DANIELUVI_Daniele"" [MS]
 
 
 Winsock2 Service Provider DLLs:
 -------------------------------
 
 Namespace Service Providers
 
 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [null data]
 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [null data]
 000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
 000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
 
 Transport Service Providers
 
 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
 %SystemRoot%\system32\mswsock.dll [MS], 01 - 06, 09 - 32
 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08
 
 
 Toolbars, Explorer Bars, Extensions:
 ------------------------------------
 
 Explorer Bars
 
 HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
 {21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
 -> {HKLM...CLSID} = "Shell Search Band"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
 
 Dormant Explorer Bars in "View, Explorer Bar" menu
 
 HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Ricerche"
 Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
 InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [null data]
 
 Extensions (Tools menu items, main toolbar menu buttons)
 
 HKLM\Software\Microsoft\Internet Explorer\Extensions\
 {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
 "MenuText" = "Sun Java Console"
 "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
 
 {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
 "ButtonText" = "Crea preferiti portatile"
 "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
 -> {HKLM...CLSID} = "Create Mobile Favorite"
 \InProcServer32\(Default) = "C:\Programmi\Microsoft ActiveSync\inetrepl.dll" [file not found]
 
 {653D93AF-C741-4E5E-8C1B-59BA43F93E16}\
 "ButtonText" = "Panda ActiveScan"
 "Exec" = "http://www.pandasoftware.com/activescan" [file not found]
 
 {86301D40-94C1-4A5E-843B-7F43965E364A}\
 "ButtonText" = "FlashKeeper"
 "Script" = "C:\Programmi\FlashKeeper\getflash.htm" [null data]
 
 
 Miscellaneous IE Hijack Points
 ------------------------------
 
 C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
 
 Added lines (compared with English-language version):
 (unwritable string)
 
 Missing lines (compared with English-language version):
 [Version]: 2 lines
 [RestoreHomePage]: 1 line
 [RestoreHomePage.reg]: 1 line
 [RestoreBrowserSettings.reg]: 12 lines
 [DeleteTemplates.reg]: 5 lines
 [DeleteAutosearch.reg]: 1 line
 [Strings]: 1 line
 [RestoreBrowserSettings]: 2 lines
 [Strings]: 3 lines
 
 
 Running Services (Display Name, Service Name, Path {Service DLL}):
 ------------------------------------------------------------------
 
 AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
 AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" [null data]
 Centro sicurezza PC, wscsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wscsvc.dll" [null data]}
 Connessioni di rete, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [null data]}
 ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Programmi\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
 Fax, Fax, "C:\WINDOWS\system32\fxssvc.exe" [MS]
 Listener RIP, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [null data]}
 Machine Debug Manager, MDM, ""C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
 NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
 Panda Process Protection Service, PavPrSrv, ""C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]
 Registro eventi, Eventlog, "C:\WINDOWS\system32\services.exe" [null data]
 Servizi semplici TCP/IP, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [null data]
 Servizio helper IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
 TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
 Windows Defender Service, WinDefend, ""C:\Programmi\Windows Defender\MsMpEng.exe"" [MS]
 Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
 WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]
 
 
 Print Monitors:
 ---------------
 
 HKLM\System\CurrentControlSet\Control\Print\Monitors\
 BJ Language Monitor2\Driver = "CNBJMON2.DLL" [null data]
 CutePDF Writer Monitor\Driver = "cpwmon2k.dll" [null data]
 Ice Monitor M\Driver = "BiMMonNT.dll" ["Black Ice Software"]
 LPR Port\Driver = "lprmon.dll" [MS]
 Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
 PrimoMon\Driver = "Primomonnt.dll" [file not found]
 
 
 ----------
 + This report excludes default entries except where indicated.
 + To see *everywhere* the script checks and *everything* it finds,
 launch it from a command prompt or a shortcut with the -all parameter.
 + The search for DESKTOP.INI DLL launch points on all local fixed drives
 took 440 seconds.
 + The search for all Registry CLSIDs containing dormant Explorer Bars
 took 130 seconds.
 ---------- (total run time: 697 seconds)
 |  |  
		| Top |  |  
		|  |  
		| Smjert Dio maturo
 
  
  
 Registrato: 01/04/06 18:19
 Messaggi: 1619
 Residenza: Perso nella rete
 
 | 
			
				|  Inviato: 05 Ott 2006 14:19    Oggetto: |   |  
				| 
 |  
				| Ma non si era già discusso di questo "problema" di Firefox o di IE? dato che anche a me succede che se digito wwwmetro.it vengo ridirezionato in quel sito... (e sono quasi convinto che chiunque provi avrà lo stesso risultato). |  |  
		| Top |  |  
		|  |  
		| uhuru Mortale devoto
 
  
 
 Registrato: 03/10/06 23:11
 Messaggi: 8
 
 
 | 
			
				|  Inviato: 05 Ott 2006 15:12    Oggetto: |   |  
				| 
 |  
				| Succede anche a te??? 
 Succede a tutti ????
 
 E vi sembra NORMALE????
 
 Se si era già discusso, allora vi prego indicatemi dove e soprattutto dove trovo la SOLUZIONE!
 
 Non mi sembra affatto accettabile che i browser ti dirottino verso siti non desiderati !
 
 Che ne dite?
 
 Ciao e grazie a tutti.
 |  |  
		| Top |  |  
		|  |  
		| Smjert Dio maturo
 
  
  
 Registrato: 01/04/06 18:19
 Messaggi: 1619
 Residenza: Perso nella rete
 
 | 
			
				|  Inviato: 05 Ott 2006 16:01    Oggetto: |   |  
				| 
 |  
				| Se il problema è quello che dico io non mi sembra che ci sia una soluzione. Cmq l'ho trovata la discussione  segui poi anche l'articolo.
 |  |  
		| Top |  |  
		|  |  
		| holifay Dio maturo
 
  
  
 Registrato: 08/03/05 10:48
 Messaggi: 2912
 Residenza: Milano
 
 | 
			
				|  Inviato: 05 Ott 2006 17:37    Oggetto: |   |  
				| 
 |  
				|   
 mi bacchetto le mani per non aver letto prima l´articolo di ZN
   
 Bhe, uhuru, mi spiace averti fatto perdere tempo, ma almeno una cosa la abbiamo ottenuta: il tuo log è pulitissimo!
  |  |  
		| Top |  |  
		|  |  
		| chemicalbit Dio maturo
 
  
  
 Registrato: 01/04/05 18:59
 Messaggi: 18597
 Residenza: Milano
 
 | 
			
				|  Inviato: 05 Ott 2006 19:51    Oggetto: |   |  
				| 
 |  
				| Ma solo se digiti quell'idnirizzo? 	  | uhuru ha scritto: |  	  | se digito wwwmetro.it (quindi senza il puntino . tra i www e metro) ottengo una pagina non richiesta, questa: http://www.ragazzelive.com/ | 
 O se digiti qualunque indirizzo inesistente?
 |  |  
		| Top |  |  
		|  |  
		| Smjert Dio maturo
 
  
  
 Registrato: 01/04/06 18:19
 Messaggi: 1619
 Residenza: Perso nella rete
 
 | 
			
				|  Inviato: 05 Ott 2006 20:05    Oggetto: |   |  
				| 
 |  
				| Rispondo io (penso anche per lui). No non con tutti gli indirizzi, io ad esempio se digito g (tipo quando voglio far venir fuori la tendina per selezionare google ma non mi mette automaticamente l'indirizzo) finisco su questo sito http://www.bologna-airport.it/.
 Non so con che criterio mi porti sul quell'altro sito porno... (se metto come indirizzo g mi porta su quest'ultimo sito perchè è il primo risultato della ricerca su google.it).
 |  |  
		| Top |  |  
		|  |  
		| uhuru Mortale devoto
 
  
 
 Registrato: 03/10/06 23:11
 Messaggi: 8
 
 
 | 
			
				|  Inviato: 05 Ott 2006 23:12    Oggetto: |   |  
				| 
 |  
				|  	  | holifay ha scritto: |  	  |   
 mi bacchetto le mani per non aver letto prima l´articolo di ZN
   
 Bhe, uhuru, mi spiace averti fatto perdere tempo, ma almeno una cosa la abbiamo ottenuta: il tuo log è pulitissimo!
  | 
 
 non è mai tempo perso se alla fine si capisce qualcosa di più!
 
 Quoto l'articolo di Attivissimo:
 "E per finire, se volete disabilitare questo comportamento di Firefox, potete digitare about:config nella casella dell'indirizzo per visualizzare una lunghissima serie di parametri di Firefox: trovate il parametro keyword.enabled e cliccatevi sopra in modo che assuma il valore false. Fatto questo, Firefox non tenterà più di passare "http" a Google (o al motore di ricerca che gli avete impostato), ma tenterà di trovare un sito che contenga la stringa "http" preceduta da "www" e seguita da "com", "org" e simili: troverà http.com, che lo redirigerà a Searchmachine.com.
 
 Paolo Attivissimo - Olimpo Informatico"
 
 Proverò, però mi sembra che alla fine ci sia sempre un motore di ricerca che fa quello che vuole lui!!!
 
 E' una questione di principio, io vorrei che il mio pc facesse quello che dico io, non quello che vuole lui o chi ha programmato il software!
 
 Ciao
 |  |  
		| Top |  |  
		|  |  
		|  |  
  
	| 
 
 | Non puoi inserire nuovi argomenti Non puoi rispondere a nessun argomento
 Non puoi modificare i tuoi messaggi
 Non puoi cancellare i tuoi messaggi
 Non puoi votare nei sondaggi
 
 |  
 
 |