PcPrimiPassi.it FORUM: SICUREZZA INFORMATICA: Infezioni informatiche e Sicurezza informatica in generale
Topic: Post n° 23.466 - Postato: 30/Giugno/2005 alle 22:46
ciao ciao
Topic: Post n° 23.468 - Postato: 30/Giugno/2005 alle 22:49posso inviarti al tuo indirizzo qualcosa del genere? devo fartelo vedere perchè sn sicura che sono dialer credimi!!!! risp.
Topic: Post n° 23.469 - Postato: 30/Giugno/2005 alle 22:55
stai tranquilla hai l'adsl in teoria sei esente dagli effetti dei dialer!!!!!!!!!!ciao ciao
Topic: Post n° 23.470 - Postato: 30/Giugno/2005 alle 22:59Bè avremmo potuto fare come quell'altra volta...........
cmq quando ho eliminato quelli che tu mi avevi elencato avevano un simbolo simile a questi cioè un quadretto bianco con due colri giallo e verde hai presente, pensi allora che nn lo siano?
Topic: Post n° 23.471 - Postato: 30/Giugno/2005 alle 23:13 Topic: Post n° 23.475 - Postato: 30/Giugno/2005 alle 23:59Grazie Lu, ecco il log:
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TOSCDSPD" = "C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" ["TOSHIBA"]
"MSMSGS" = ""C:\Programmi\Messenger\msmsgs.exe" /background" [MS]
"MsnMsgr" = ""C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background" [MS]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"L05IXLRD_4392484" = ""C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia Premium DVD\EDICT.EXE" -m" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"00THotkey" = "C:\WINDOWS\System32\00THotkey.exe" ["TOSHIBA Corp."]
"000StTHK" = "000StTHK.exe" [null data]
"LTSMMSG" = "LTSMMSG.exe" ["LT"]
"Apoint" = "C:\Programmi\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
"TouchED" = "C:\Programmi\TOSHIBA\TouchED\TouchED.Exe" ["TOSHIBA Corporation"]
"PadTouch" = ""C:\Programmi\TOSHIBA\PadTouch\PadExe.exe" [file not found]
"TFNF5" = "TFNF5.exe" ["TOSHIBA Corp."]
"TPSMain" = "TPSMain.exe" ["TOSHIBA Corporation"]
"TFncKy" = "TFncKy.exe" ["TOSHIBA Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"9xadiras" = "9xadiras.exe" [file not found]
"2kadiras" = "2kadiras.exe" [empty string]
"msnappau" = ""C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"" [MS]
"gcasServ" = ""C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow ser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Estensione panoramica video del Pannello di controllo"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Estensione di icona di HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{C4213067-97B3-4929-9B98-B5600FBBBA13}" = "TouchED"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TOSHIBA\TouchED\TouchED.dll" ["TOSHIBA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Telefoni personali"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Teleca Software Solutions AB"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shel lExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Microsoft AntiSpyware\shellextension.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shel lState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Annalisa\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]
Startup items in "Annalisa" & "All Users" startup folders:
----------------------------------------------------------
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
"DSLMON" -> shortcut to: "C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe" [empty string]
"Microsoft Office" -> shortcut to: "C:\Programmi\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\N ameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\P rotocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll" [MS]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{9455301C-CF6B-11D3-A266-00C04F689C50}\ = "&Organizzatore ricerche" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL" [MS]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{9455301C-CF6B-11D3-A266-00C04F689C50}\ = "&Organizzatore ricerche" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{9455301C-CF6B-11D3-A266-00C04F689C50}\
"ButtonText" = "Organizzatore ricerche"
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programmi\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=file:///C:\Programmi\TOSHIBA\Free Update Service\splash.html
Missing lines (compared with English-language version):
[Strings]: 1 line
All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------ ---------------
AVSync Manager, AvSynMgr, ""C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe"" ["Network Associates, Inc."]
ConfigFree Service, CFSvcs, "C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe" ["TOSHIBA CORPORATION"]
Topic: Post n° 23.478 - Postato: 01/Luglio/2005 alle 00:08sei riuscita ad eliminare la cartella che hai creato per questo programma?fammi sapere ciao ciao
Topic: Post n° 23.479 - Postato: 01/Luglio/2005 alle 00:09
Topic: Post n° 23.480 - Postato: 01/Luglio/2005 alle 00:15
io l'ho eliminata non con pochi problemi
appunto te lo sto chiedendo,comunque fai come vuoi mickyciao ciao
Topic Attivi
Lista Membri
Calendario
Cerca
Aiuto
Registrati
Login
