MegaLab.it

ciao...sono nuovo di questo forum,e,su consiglio di Lelepal, mi sono iscritto!!!

Penso che il mio computer abbia un paio di problemi...è un po' lentuccio e nn va + come prima...

mi è stato cosigliato di usare questo programmino,HijackThis, ed ecco qui il file di log:
(ah,ovviamente ho passto prima sia ad-aware che spybot...ma ho trovato poco o niente)

Logfile of HijackThis v1.99.0
Scan saved at 16.16.34, on 21/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\AVPersonal\AVGUARD.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\Programmi\AVPersonal\AVWUPSRV.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\Mixer.exe
F:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
F:\Programmi\MSN Apps\Updater\01.02.0002.1001\it\msnappau.exe
F:\Programmi\File comuni\Real\Update_OB\realsched.exe
F:\Programmi\Ahead\InCD\InCD.exe
F:\Programmi\messenger plus!\MsgPlus.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Programmi\AVPersonal\AVGNT.EXE
F:\Programmi\mobile PhoneTools\WatchDog.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\WINDOWS\switpa.exe
F:\WINDOWS\System32\rundll32.exe
F:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
f:\progra~1\intern~1\iexplore.exe
F:\Programmi\Internet Explorer\iexplore.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Programmi\MSN Messenger\msnmsgr.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\wisptis.exe
F:\Programmi\Opera\Opera.exe
F:\Documents and Settings\utente\Desktop\strun\strun.exe
F:\Documents and Settings\utente\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pqaltxpgmdvqmum.biz/QWPBpFZz ... /wmK7.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wow.blizzardworld.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - F:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - F:\Programmi\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - :F:\Programmi\QuickSearch\QuickSearchBar1_27.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - :F:\Programmi\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmi\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - :F:\Programmi\MSN Apps\MSN Toolbar\01.02.2001.0001\it\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Programmi\MSN Apps\MSN Toolbar\01.02.2001.0001\it\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmi\google\googletoolbar2.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - :F:\Programmi\QuickSearch\QuickSearchBar1_27.dll (file missing)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [lsasss.exe] F:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [msnappau] "F:\Programmi\MSN Apps\Updater\01.02.0002.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] :F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] :F:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] :"F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmi\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVGCtrl] F:\Programmi\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [WatchDog] F:\Programmi\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Speaker Configuration] \Setup.exe /SPEAKER
O4 - HKLM\..\Run: [switp] :F:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 F:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [Uploadmail] F:\DOCUME~1\utente\DATIAP~1\THIRDB~1\default four start.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://f:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm119YYUS
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Backward Links - res://f:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Collegamenti a ritroso - res://f:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://f:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://f:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Translate into English - res://f:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Versione cache della pagina - res://f:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: F:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21e00d94076 ... 601_it.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47758298-A067-4BD4-8E67-3F78DC67682F}: NameServer = 217.141.250.206 151.99.125.1
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - F:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - F:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: InCD Helper - Ahead Software AG - F:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe



ciaoooooo

ciao..
prima che fai danno ti consiglio di aspettare la risposta di Crazy...
l'esperto dei file di log di hijack..è lui.
ad ogni modo se intanto vuoi informarti leggi qui la guida sul log.

http://www.tweakness.net/index.php?link ... li/a10.php

così su due piedi vedendo la riga

HKLM-O4..........LSASSS

sembra Sasser

ma aspetta altri consigli.

giamba

grazie gli ho dato un occhiata...però è meglio che lo guardi Crazy...

Ecco il problema.....
O10 - Hijacked Internet access by New.Net
Devi usare Cwshredder 2!
E subito!
Oppure c'è un removal apposito per il new.net che ho usato anch'io...


Intanto leggiti l'articolo e fai una scansione!!
Poi c'è questa da levare con hijack
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - F:\Programmi\NewDotNet\newdotnet6_38.dll

E giià che ci sei, adaware e spybot tanto per gradire. Dalla modalità provvisoria!

Mr.TFM ha scritto:Oppure c'è un removal apposito per il new.net che ho usato anch'io...

Eccolo!!!Passa LSP fix e elimini il new.net

crazy.cat ha scritto:scarica LSP-Fix da questo sito e fallo girare nel pc
http://cexx.org/newnet.htm

Prima però segui le istruzioni e usa l'uninstall che trovi in questa pagina
http://www.newdotnet.com/removal.html

Le voci da togliere sono queste

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pqaltxpgmdvqmum.biz/QWPBpFZz ... /wmK7.html
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - F:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - F:\Programmi\NewDotNet\newdotnet6_38.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - :F:\Programmi\QuickSearch\QuickSearchBar1_27.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - :F:\Programmi\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - :F:\Programmi\MSN Apps\MSN Toolbar\01.02.2001.0001\it\msntb.dll (file missing)
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - :F:\Programmi\QuickSearch\QuickSearchBar1_27.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 F:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

Virus
http://www.trendmicro.com/vinfo/virusen ... M_SASSER.E
O4 - HKLM\..\Run: [lsasss.exe] F:\WINDOWS\lsasss.exe

Sconosciuti
O4 - HKLM\..\Run: [switp] :F:\WINDOWS\switpa.exe
O4 - HKCU\..\Run: [Uploadmail] F:\DOCUME~1\utente\DATIAP~1\THIRDB~1\default four start.exe

Fai una scansione dei virus con questo
http://www.MegaLab.it/2333
e rifai anche la scansione degli spyware tutto dalla modalità provvisoria.
Alcune delle voci che hai Adware e spybot le dovevano togliere.

crazy.cat ha scritto:
Fai una scansione dei virus con questo
http://www.MegaLab.it/2153
e rifai anche la scansione degli spyware tutto dalla modalità provvisoria.
Alcune delle voci che hai Adware e spybot le dovevano togliere.

nn ho ben capito come è correlato questo articolo con il virus.
per il resto, questo è il nuovo log di hijack:

Logfile of HijackThis v1.99.0
Scan saved at 12.36.19, on 22/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\Mixer.exe
F:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
F:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
F:\Programmi\File comuni\Real\Update_OB\realsched.exe
F:\Programmi\messenger plus!\MsgPlus.exe
F:\PROGRA~1\Grisoft\AVG Free\avgcc.exe
F:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
F:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
f:\progra~1\intern~1\iexplore.exe
F:\Programmi\Internet Explorer\iexplore.exe
F:\Programmi\MSN Messenger\msnmsgr.exe
F:\WINDOWS\System32\rtcshare.exe
F:\Programmi\Messenger\msmsgs.exe
F:\PROGRA~1\NETMEE~1\conf.exe
F:\WINDOWS\System32\rundll32.exe
F:\Programmi\Skype\Phone\Skype.exe
F:\Programmi\Opera\Opera.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Documents and Settings\utente\Desktop\varie\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nbyzoacvumgquunrnwouz.com/QW ... /wmK7.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wow.blizzardworld.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmi\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Programmi\MSN Apps\MSN Toolbar\01.02.3000.1001\it\msntb.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [lsasss.exe] F:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [msnappau] "F:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] :F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] :F:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] :"F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmi\messenger plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [WatchDog] :F:\Programmi\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Speaker Configuration] \Setup.exe /SPEAKER
O4 - HKLM\..\Run: [switp] :F:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "F:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [Uploadmail] F:\DOCUME~1\utente\DATIAP~1\THIRDB~1\default four start.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://f:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Backward Links - res://f:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Collegamenti a ritroso - res://f:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Pagine simili - res://f:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://f:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Translate into English - res://f:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Versione cache della pagina - res://f:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - F:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: F:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21e00d94076 ... 601_it.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47758298-A067-4BD4-8E67-3F78DC67682F}: NameServer = 217.141.250.206 151.99.125.1
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: InCD Helper - Ahead Software AG - F:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe


Grazie di tutto!

Anche questa è da cancellare
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pqaltxpgmdvqmum.biz/QWPBpFZz ... /wmK7.html

Il Virus è questo e prova quindi a seguire le istruzioni
http://www.trendmicro.com/vinfo/virusen ... M_SASSER.E
O4 - HKLM\..\Run: [lsasss.exe] F:\WINDOWS\lsasss.exe

Questi due file sono sconosciuti e quindi potrebbero essere dei virus
O4 - HKLM\..\Run: [switp] :F:\WINDOWS\switpa.exe
O4 - HKCU\..\Run: [Uploadmail] F:\DOCUME~1\utente\DATIAP~1\THIRDB~1\default four start.exe

L'articolo che ti ho linkato è per fare una scansione di tutti i virus eventualmente presenti, siccome funziona bene e spesso vede cose che gli altri antivirus regolarmente installati non trovano.

scusa l'ignoranza Crazy...ma l'articolo che hai linkato nn parla di virus...o di scansioni....

Hai ragione avevo preso il numero di articolo sbagliato.
Ora è giusto.