Condividi:        

Che disastro dopo una scansione !!! Help me please !!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Che disastro dopo una scansione !!! Help me please !!!

Postdi Marco83 » 13/10/06 20:04

Ciao a tutti ho un serio problema, ho installato active virus shield, e...neanche a dirlo mi ha trovato un paio di trojan e worm. Automaticamente li ho cancellati...Tutto sembrava essere a posto, funzionava benissimo tutto fino al riavvio del PC: le connessioni di alice sono sparite, quando avvio il computer, dopo aver inserito la password di account, prima di caricare il desktop ci mette circa 5 min, e mi da un errore di RUNDLL... Cosa è successo? Come posso risolvere il problema senza formattare? (non posso assolutamente formattare) A, un altra cosa, quando cerco di creare un altra connessione, tutto procede regolarmente tranne il fatto che l'icona di connessione non riesco a visualizzarla...Vi allego il mio log!!! Grazie mille a chi riesce a darmi una mano...Ciauuuu...
Marco83

Logfile of HijackThis v1.99.1
Scan saved at 20.47.11, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ntsystem.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Save\Save.exe
C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Lava\Desktop\aswclnr.exe
C:\Documents and Settings\Lava\Desktop\aswclnr.tmp
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Lava\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Programmi\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programmi\ShopperReports\Bin\2.0.0\ShprRprt.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {BE6592E9-A18A-4B0C-891F-260919425AB5} - C:\WINDOWS\lbbho.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
O4 - HKCU\..\Run: [WhenUSave] "C:\Programmi\Save\Save.exe"
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\MSN Toolbar Suite\DS\02.05.0001.1119\it-it\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?9555103618a643439f93797377383eef
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?9555103618a643439f93797377383eef
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Programmi\ShopperReports\Bin\2.0.0\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Programmi\ShopperReports\Bin\2.0.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#4 in chain of 4 missing)
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.powersoft.name
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.superspots.biz
O16 - DPF: {00000000-0000-0000-0000-000020050000} - http://www.sfondiweb.org/linko/karaoke.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/e/us050/e.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.powersoft.name/closer/close.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Marco83
Utente Senior
 
Post: 166
Iscritto il: 12/09/06 16:32

Sponsor
 

Postdi Marco83 » 14/10/06 09:59

Ecco, l'antivirus ora mi rileva un win32.wintol.p. Cosa posso fare per risolvere il problema? Ci sono dei strumenti che scaricandoli riescono a ripararmi il prblema? grazie ancora
Marco83
Marco83
Utente Senior
 
Post: 166
Iscritto il: 12/09/06 16:32

Postdi Luke57 » 14/10/06 10:42

Ciao, scarica Lspfix:
http://www.xdownload.it/go.asp?idl=2273
e lo tieni da parte.

Lanci Lspfix:
se sulla sinistra, insieme ad altre voci, ti appare la seguente:
newnetdonet***.dll
la sposti sulla parte destra del programma e la rimuovi, premendo finish
Non fare altre manovre con le altre voci.

Copia l’eseguibile di hijackthis (.exe) in una cartella del disco fisso (non desktop) appositamente dedicata, tipo C\HJT, in modo che il programma possa fare il backup delle voci eventualmente rimosse.

Apri il programma, disconnesso da internet e applicazioni chiuse, premi “open the misc tools selection” poi su “open process manager”, individui i processi (se non ci sono, vai avanti lo stesso):

C:\WINDOWS\system32\ntsystem.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\Save\Save.exe

Premi kill process

Torna al menu principale con back, premi “scan”, cerchi e spunti le seguenti voci:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programmi\ShopperReports\Bin\2.0.0\ShprRprt.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: C:\WINDOWS\lbbho.dll - {BE6592E9-A18A-4B0C-891F-260919425AB5} - C:\WINDOWS\lbbho.dll (file missing)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Programmi\Save\Save.exe"
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Programmi\ShopperReports\Bin\2.0.0\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Programmi\ShopperReports\Bin\2.0.0\ShprRprt.dll
O10 - Broken Internet access because of LSP chain gap (#4 in chain of 4 missing)
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.powersoft.name
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.superspots.biz
O16 - DPF: {00000000-0000-0000-0000-000020050000} - http://www.sfondiweb.org/linko/karaoke.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/e/us050/e.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.powersoft.name/closer/close.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)

Premi fix checked



Riavvia in modalità provvisoria
( Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows.
Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Rendi visibili file e cartelle nascosti
(vai in start>impostazioni>pannello di controllo>opzioni cartella, e clicca su "visualizzazione".
Seleziona "visualizza file e cartelle nascosti", " e deseleziona "nascondi file protetti e di sistema".
Clicca su OK.

Da pannello di controllo, installazioni\applicazioni, cerchi ed elimini tutti i programmi che non hai installato tu (Save, P2P Networking, Newnetdonet)

Cerca ed elimina i seguenti file e cartelle (se ci sono tutti):
C:\WINDOWS\system32\P2P Networking----- > la cartella
CC:\PROGRA~1\NEWDOT~1---------- > la cartella
C:\Programmi\Save------- >la cartella
C:\WINDOWS\system32\ntsystem.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\ShopperReports\------ >la cartella
C:\Programmi\MyGlobalSearch------ >la cartella

Poi elimina tutti i file temporanei di windows (temp e tmp, fai così start>cerca>tutti i file e cartelle, nello spazio bianco “nome del file o parte del nome” copi : *.temp; *.tmp ed elimini tutti quelli trovati),

da opzioni internet cancelli tutti i file temporanei di IE ( anche quelli non in linea), cronologia, cookies.

svuoti il cestino.

Riavvia in mod.normale

Se la connessione è lenta o hai problemi scarica TC/IP repair
http://www.p2pforum.it/forum/showthread.php?t=31969

Posta log di hijackthis di controllo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Marco83 » 14/10/06 14:27

Sei un grande, ora non mi da più l'errore all'avvio e il desktop si avvia facilmente. Una cosa però, active virus shield mi trova ancora win32.wintol.p . Come posso fare? Inoltre mi da accesso negato sull'eliminazione di alcuni tmp..
Grazie mille ancora
Marco83
Marco83
Utente Senior
 
Post: 166
Iscritto il: 12/09/06 16:32

Postdi Luke57 » 14/10/06 14:38

Ciao, posta nuovo log di hijackthis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Marco83 » 14/10/06 14:43

Ciao eccolo

Logfile of HijackThis v1.99.1
Scan saved at 15.40.59, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Lava\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?9555103618a643439f93797377383eef
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?9555103618a643439f93797377383eef
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Marco83
Utente Senior
 
Post: 166
Iscritto il: 12/09/06 16:32


Torna a Sicurezza e Privacy


Topic correlati a "Che disastro dopo una scansione !!! Help me please !!!":


Chi c’è in linea

Visitano il forum: Nessuno e 19 ospiti