Condividi:        

pagina iniziale di internet

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

pagina iniziale di internet

Postdi cricco » 10/04/10 22:31

Salve,
pur impostando la pagina iniziale di internet ad un sito, ad ogni accensione mi ripristina la pagina precedente.
il sistema operativo e windows XP.
Spybot, ad ogni accensione, mi chiede se voglio accettare il cambio di Start page.
Cosa devo fare?
Grazie
cricco
Utente Junior
 
Post: 25
Iscritto il: 10/10/07 07:54

Sponsor
 

Re: pagina iniziale di internet

Postdi cricco » 10/04/10 22:46

Posto anche il log di hijackthis:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22.30.59, on 10/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmi\IBM\Updater\jre\bin\javaw.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmi\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Programmi\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.it/clients/uploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30EE28EB-E72B-4386-9D97-4D861FA510C8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{30EE28EB-E72B-4386-9D97-4D861FA510C8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{30EE28EB-E72B-4386-9D97-4D861FA510C8}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 10361 bytes
cricco
Utente Junior
 
Post: 25
Iscritto il: 10/10/07 07:54

Re: pagina iniziale di internet

Postdi cricco » 11/04/10 08:21

nessuno mi può dare una mano?
grazie
cricco
Utente Junior
 
Post: 25
Iscritto il: 10/10/07 07:54

Re: pagina iniziale di internet

Postdi cricco » 12/04/10 15:02

GRAZIE A TUTTI PER L'AIUTO!
cricco
Utente Junior
 
Post: 25
Iscritto il: 10/10/07 07:54

Re: pagina iniziale di internet

Postdi -> EleKtrA <- » 13/04/10 08:43

Ciao cricco, capisco che per te risolvere questo fastidio sia di primaria importanza, ma ti ricordo che per tutti noi il forum è un hobby ed ognuno vi si dedica quando ha tempo e voglia.

Se non hai ancora risolto il problema procedi cosi:

Apri SpyBot > menù modalità > avanzata > utilità > resident e togli la spunta a TeaTimer.

Disattiva momentaneamente l'antivirus
Scarica Combofix | Tutorial
Non installare la recovery console
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: pagina iniziale di internet

Postdi cricco » 13/04/10 10:20

Scusa se sono stata scortese, non utilizzo i forum molto spesso e, dagli interventi, vedevo che le risposte in genere sono abbastanza celeri.
Il problema non l'ho ancora risolto ma, poichè si tratta del pc portatile di mio marito, proverò a fare quanto mi hai suggerito al più presto.
Ti ringrazio, buona giornata.
cricco
Utente Junior
 
Post: 25
Iscritto il: 10/10/07 07:54

Re: pagina iniziale di internet

Postdi cricco » 15/04/10 19:46

Ciao,
ho fatto passare combofix, ma il problema persiste.
Ti allego il log:
ComboFix 10-04-14.04 - Administrator 15/04/2010 20.10.51.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.758.383 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100415-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mswins.dll
c:\windows\system32\mswins.sys
c:\windows\system32\pwdmon.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-03-15 al 2010-04-15 )))))))))))))))))))))))))))))))))))
.

2010-04-12 08:58 . 2010-04-12 16:42 -------- d-----w- c:\programmi\DEI_TariffaRegioneLazio2007_EDILE
2010-04-11 14:49 . 2010-04-12 08:04 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-11 11:54 . 2010-04-11 11:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-11 10:38 . 2010-04-11 10:38 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Windows Search
2010-04-11 10:24 . 2010-04-11 10:24 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-04-11 10:23 . 2010-04-11 10:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-04-11 10:20 . 2010-04-11 10:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-11 10:19 . 2010-04-11 10:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-11 10:07 . 2010-02-25 06:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-11 10:07 . 2010-02-25 06:16 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-11 10:07 . 2010-04-14 13:58 -------- d-----w- c:\windows\ie8updates
2010-04-11 10:07 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-11 10:02 . 2010-04-11 10:06 -------- dc-h--w- c:\windows\ie8
2010-04-11 09:54 . 2010-04-11 09:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Windows Desktop Search
2010-04-11 09:53 . 2010-04-11 10:34 -------- d-----w- c:\programmi\Windows Desktop Search
2010-04-11 07:37 . 2010-04-11 07:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-04-11 07:37 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 07:37 . 2010-04-11 07:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-11 07:37 . 2010-04-11 07:37 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-11 07:37 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 20:36 . 2010-04-07 20:36 -------- d-----w- c:\programmi\IZArc
2010-03-20 19:54 . 2010-03-20 19:56 -------- d-----w- c:\windows\SHELLNEW
2010-03-20 19:53 . 2010-03-20 19:53 -------- d-----w- c:\programmi\Microsoft.NET
2010-03-20 19:51 . 2010-03-20 19:51 -------- d-----r- C:\MSOCache
2010-03-19 08:02 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 08:58 . 2008-08-07 20:56 290816 ------w- c:\windows\Setup1.exe
2010-04-12 08:58 . 2008-08-07 20:53 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-04-11 14:50 . 2006-01-09 21:11 -------- d-----w- c:\programmi\Lavasoft
2010-04-11 14:50 . 2008-04-22 19:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-04-11 10:14 . 1980-01-01 07:00 94050 ----a-w- c:\windows\system32\perfc010.dat
2010-04-11 10:14 . 1980-01-01 07:00 516138 ----a-w- c:\windows\system32\perfh010.dat
2010-04-11 07:28 . 2009-12-06 20:09 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-04-11 07:26 . 2009-06-21 12:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-07 20:30 . 2008-06-23 12:35 -------- d-----w- c:\programmi\CCleaner
2010-04-07 20:22 . 2007-10-08 18:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-04-07 07:48 . 2005-05-23 11:12 75176 -c--a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 1980-01-01 07:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:16 . 1980-01-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 1980-01-01 07:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 1980-01-01 07:00 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2002-09-09 20:34 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 1980-01-01 07:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1980-01-01 07:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-23 07:57 . 2010-01-23 07:57 388096 -c--a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"TrackPointSrv"="tp4serv.exe" [2003-11-13 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\programmi\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-07 94208]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\programmi\IBM\Updater\\ucstartup.exe" [2004-06-25 36864]
"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"ibmmessages"="c:\programmi\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCTRAY"="c:\programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2004-08-18 708608]
"QCWLICON"="c:\programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 81920]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\programmi\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 397312]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-10-25 282624]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-08-18 10:30 258048 ----a-w- c:\windows\system32\QConGina.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Programmi\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmi\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/10/2008 18.14.39 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/06/2009 18.26.45 114768]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [23/05/2005 13.49.47 16384]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/06/2009 18.26.45 20560]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10/03/2008 1.04.52 65536]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [01/01/1980 9.00.00 13904]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [23/05/2005 13.46.37 12288]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-15 c:\windows\Tasks\User_Feed_Synchronization-{49E82B10-DBA1-4AF9-9459-EA882EA4A2BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.yahoo.it
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {30EE28EB-E72B-4386-9D97-4D861FA510C8} = 208.67.222.222,208.67.220.220
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-UC_SMB - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 20:24
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spag.sys >>UNKNOWN [0x8378B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74f3f28
\Driver\ACPI -> ACPI.sys @ 0xf734ecb8
\Driver\atapi -> atapi.sys @ 0xf72ebb40
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf71dfbb0
PacketIndicateHandler -> NDIS.sys @ 0xf71cea0d
SendHandler -> NDIS.sys @ 0xf71e2b40
user & kernel MBR OK

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3895753961-738691795-396080738-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,ad,69,00,db,5e,8f,47,81,31,06,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,ad,69,00,db,5e,8f,47,81,31,06,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\WININET.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\system32\S24EvMon.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\windows\System32\QCONSVC.EXE
c:\windows\system32\tp4serv.exe
c:\windows\system32\RegSrvc.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\programmi\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\SearchIndexer.exe
c:\programmi\IBM\Updater\jre\bin\javaw.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-15 20:33:11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-15 18:33

Pre-Run: 15.661.989.888 byte disponibili
Post-Run: 15.768.387.584 byte disponibili

- - End Of File - - CF28A3FC3B9C0D735E39747C1C878802

Mi consigli di fare qualche altra cosa?
Grazie
cricco
Utente Junior
 
Post: 25
Iscritto il: 10/10/07 07:54

Re: pagina iniziale di internet

Postdi Luke57 » 16/04/10 07:18

Ciao, il report pare a posto. Aggiora malwarebytes e fai una scansione completa, postando il suo report.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: pagina iniziale di internet

Postdi -> EleKtrA <- » 16/04/10 16:48

Esegui una scansione con CWShredder, ed aggiorna Avast alla versione 5.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: pagina iniziale di internet

Postdi cricco » 18/04/10 16:52

Ecco il log di Malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 4004

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/04/2010 17.45.04
mbam-log-2010-04-18 (17-45-04).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 206774
Tempo trascorso: 1 ore, 42 minuti, 28 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)


Adesso provo quello che mi ha consigliato Elektra.
Grazie
cricco
Utente Junior
 
Post: 25
Iscritto il: 10/10/07 07:54

Re: pagina iniziale di internet

Postdi cricco » 18/04/10 16:57

questo è il log di CWshredder:
**** Run Keys ****

RUN: [S3TRAY2] S3Tray2.exe
RUN: [TrackPointSrv] tp4serv.exe
RUN: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
RUN: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
RUN: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
RUN: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
RUN: [TP4EX] tp4ex.exe
RUN: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
RUN: [UC_Start] C:\Programmi\IBM\Updater\\ucstartup.exe
RUN: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
RUN: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
RUN: [ibmmessages] C:\Programmi\IBM\Messages By IBM\\ibmmessages.exe
RUN: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
RUN: [QCTRAY] C:\Programmi\ThinkPad\ConnectUtilities\QCTRAY.EXE
RUN: [QCWLICON] C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
RUN: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
RUN: [BMMLREF] C:\Programmi\ThinkPad\Utilities\BMMLREF.EXE
RUN: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
RUN: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
RUN: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
RUN: [ibmmessages] C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


**** Browser Helper Objects ****

BHO: [Guida per l'accesso a Windows Live ID] C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


**** IE Toolbars ****

TOOLBAR: [&Windows Live Toolbar] C:\Programmi\Windows Live\Toolbar\wltcore.dll


**** IE Extensions ****

IEExt: []
IEExt: [Inserisci blog]
IEExt: [Ricerche]
IEExt: [Ricerche]
IEExt: [Messenger] C:\Programmi\Messenger\msmsgs.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

IEBypass: *.local
Default Page: http://go.microsoft.com/fwlink/?LinkId=69157
Default Search: http://go.microsoft.com/fwlink/?LinkId=54896
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: http://www.microsoft.com/isapi/redir.dl ... r=iesearch


**** IE Context Menu (Right click) ****

IEContext: [Nach Microsoft &Excel exportieren] res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD Tcpip [TCP/IPv6]
LSP: MSAFD Tcpip [UDP/IPv6]
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{30EE28EB-E72B-4386-9D97-4D861FA510C8}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{30EE28EB-E72B-4386-9D97-4D861FA510C8}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{33890053-5C7A-4B08-9EDD-9E0939ECE6BD}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{33890053-5C7A-4B08-9EDD-9E0939ECE6BD}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E03D9305-AE2B-41DE-8B52-FCF910255F48}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E03D9305-AE2B-41DE-8B52-FCF910255F48}] DATAGRAM 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{33890053-5C7A-4B08-9EDD-9E0939ECE6BD}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{33890053-5C7A-4B08-9EDD-9E0939ECE6BD}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{30EE28EB-E72B-4386-9D97-4D861FA510C8}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{30EE28EB-E72B-4386-9D97-4D861FA510C8}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3184612-7883-4D9B-B52A-0D41D20C5E13}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3184612-7883-4D9B-B52A-0D41D20C5E13}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36AFD19A-0264-4195-87E6-2729DE84B90E}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36AFD19A-0264-4195-87E6-2729DE84B90E}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab] C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab]
{CE3409C4-9E26-4F8E-83E4-778498F9E7B4} [http://www.pixdiscount.it/clients/uploader.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]


**** Windows Services ****

[6to4] %SystemRoot%\system32\svchost.exe -k netsvcs
[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[aswUpdSv] "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[Autodesk Licensing Service] "C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe"
[avast! Antivirus] "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
[avast! Mail Scanner] "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service
[avast! Web Scanner] "C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Bonjour Service] C:\Programmi\Bonjour\mDNSResponder.exe
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[clr_optimization_v2.0.50727_32] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[Dot3svc] %SystemRoot%\System32\svchost.exe -k dot3svc
[EapHost] %SystemRoot%\System32\svchost.exe -k eapsvcs
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[FLEXnet Licensing Service] "C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
[FontCache3.0.0.0] c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[fsssvc] "C:\Programmi\Windows Live\Family Safety\fsssvc.exe"
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[hkmsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[IBM Rapid Restore Ultra Service] "C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
[IBMPMSVC] %SystemRoot%\System32\ibmpmsvc.exe
[IDriverT] "C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[idsvc] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
[ImapiService] %systemroot%\system32\imapi.exe
[InstallShield Licensing Service] "C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe"
[iPod Service] "C:\Programmi\iPod\bin\iPodService.exe"
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[mi-raysat_3dsMax2009_32] "C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe"
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\system32\msdtc.exe
[MSIServer] %systemroot%\system32\msiexec.exe /V
[napagent] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetTcpPortSharing] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[ose] "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"
[PlugPlay] %SystemRoot%\system32\services.exe
[Pml Driver HPZ12] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[PsaSrv] C:\WINDOWS\system32\PsaSrv.exe
[QCONSVC] System32\QCONSVC.EXE
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RegSrvc] C:\WINDOWS\system32\RegSrvc.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[S24EventMonitor] C:\WINDOWS\system32\S24EvMon.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[SeaPort] "C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{2D67FBED-6848-428E-97FE-AD14167365B7}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TpKmpSVC] C:\WINDOWS\system32\TpKmpSVC.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[wlidsvc] "C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE"
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[WMPNetworkSvc] "C:\Programmi\Windows Media Player\WMPNetwk.exe"
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[WSearch] %systemroot%\system32\SearchIndexer.exe /Embedding
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WudfSvc] %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [Default_Search_URL] http://www.google.com/ie
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.yahoo.it
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [XMLHTTP]
IEOPT: [UseClearType] yes
IEOPT: [AlwaysShowMenus]
IEOPT: [Enable Browser Extensions] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Play_Animations] yes
IEOPT: [CompatibilityFlags]
IEOPT: [FullScreen] no
IEOPT: [SearchMigrated]
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Friendly http errors] yes
IEOPT: [AutoSearch]
IEOPT: [Use FormSuggest] no
IEOPT: [IE8RunOnceLastShown]
IEOPT: [IE8RunOnceLastShown_TIMESTAMP] ¿ aÙÊ
IEOPT: [IE8RunOncePerInstallCompleted]
IEOPT: [IE8RunOnceCompletionTime]
IEOPT: [IE8TourShown]
IEOPT: [IE8TourShownTime] @HR+aÙÊ
IEOPT: [Start Page Redirect Cache] http://it.msn.com/?ocid=iehp
IEOPT: [Start Page Redirect Cache_TIMESTAMP]
IEOPT: [Start Page Redirect Cache AcceptLangs] it
IEOPT: [RunOnceHasShown]
IEOPT: [RunOnceComplete]
IEOPT: [Check_Associations] yes
IEOPT: [Default_Page_URL] http://go.microsoft.com/fwlink/?LinkId=69157
IEOPT: [Default_Search_URL] http://go.microsoft.com/fwlink/?LinkId=54896
IEOPT: [Search Page] http://go.microsoft.com/fwlink/?LinkId=54896
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://go.microsoft.com/fwlink/?LinkId=69157
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.00.2800.1017
IEOPT: [FullScreen] no
IEOPT: [Default_Secondary_Page_URL]
IEOPT: [Extensions Off Page] about:NoAdd-ons
IEOPT: [Security Risk Page] about:SecurityRisk
IEOPT: [Check_Associations] yes


Credo non ci sia nulla: non è possibile che sia un'impostazione e che si possa cambiare?
Grazie comunque di tutto.
Saluti
cricco
Utente Junior
 
Post: 25
Iscritto il: 10/10/07 07:54


Torna a Sicurezza e Privacy


Topic correlati a "pagina iniziale di internet":


Chi c’è in linea

Visitano il forum: Nessuno e 100 ospiti