posso inviarti al tuo indirizzo qualcosa del genere? devo fartelo vedere perchè sn sicura che sono dialer credimi!!!! risp.
Bè avremmo potuto fare come quell'altra volta...........
cmq quando ho eliminato quelli che tu mi avevi elencato avevano un simbolo simile a questi cioè un quadretto bianco con due colri giallo e verde hai presente, pensi allora che nn lo siano?
Grazie Lu, ecco il log:
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TOSCDSPD" = "C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" ["TOSHIBA"]
"MSMSGS" = ""C:\Programmi\Messenger\msmsgs.exe" /background" [MS]
"MsnMsgr" = ""C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background" [MS]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"L05IXLRD_4392484" = ""C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia Premium DVD\EDICT.EXE" -m" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"00THotkey" = "C:\WINDOWS\System32\00THotkey.exe" ["TOSHIBA Corp."]
"000StTHK" = "000StTHK.exe" [null data]
"LTSMMSG" = "LTSMMSG.exe" ["LT"]
"Apoint" = "C:\Programmi\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
"TouchED" = "C:\Programmi\TOSHIBA\TouchED\TouchED.Exe" ["TOSHIBA Corporation"]
"PadTouch" = ""C:\Programmi\TOSHIBA\PadTouch\PadExe.exe" [file not found]
"TFNF5" = "TFNF5.exe" ["TOSHIBA Corp."]
"TPSMain" = "TPSMain.exe" ["TOSHIBA Corporation"]
"TFncKy" = "TFncKy.exe" ["TOSHIBA Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"9xadiras" = "9xadiras.exe" [file not found]
"2kadiras" = "2kadiras.exe" [empty string]
"msnappau" = ""C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"" [MS]
"gcasServ" = ""C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow ser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Estensione panoramica video del Pannello di controllo"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Estensione di icona di HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{C4213067-97B3-4929-9B98-B5600FBBBA13}" = "TouchED"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TOSHIBA\TouchED\TouchED.dll" ["TOSHIBA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Telefoni personali"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Teleca Software Solutions AB"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shel lExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Microsoft AntiSpyware\shellextension.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shel lState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Annalisa\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]
Startup items in "Annalisa" & "All Users" startup folders:
----------------------------------------------------------
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
"DSLMON" -> shortcut to: "C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe" [empty string]
"Microsoft Office" -> shortcut to: "C:\Programmi\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\N ameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\P rotocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll" [MS]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{9455301C-CF6B-11D3-A266-00C04F689C50}\ = "&Organizzatore ricerche" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL" [MS]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{9455301C-CF6B-11D3-A266-00C04F689C50}\ = "&Organizzatore ricerche" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{9455301C-CF6B-11D3-A266-00C04F689C50}\
"ButtonText" = "Organizzatore ricerche"
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programmi\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=file:///C:\Programmi\TOSHIBA\Free Update Service\splash.html
Missing lines (compared with English-language version):
[Strings]: 1 line
All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------ ---------------
AVSync Manager, AvSynMgr, ""C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe"" ["Network Associates, Inc."]
ConfigFree Service, CFSvcs, "C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe" ["TOSHIBA CORPORATION"]