Guest maurizio.tappi@gmail.com Posted July 20, 2007 Posted July 20, 2007 Hi you all, I've a problem with my windows XP SP2 Home edition installed on a Toshiba satellite S2450-401. The problem is that the windows firewall get disabled by itself and when I try to activate it by the control panel it remains deactivated! Moreover there is a lot of cpu work (I can hear the fan going very fast) with one of the prcesses svchost.exe that I can see in task manager. I attach a log by hijackthis where the file jhapri.dll seems to me very malicious... Can anybody help me? Thanks in advance, Maurizio Logfile of HijackThis v1.99.1 Scan saved at 15.44.08, on 20/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\flexlm\lmgrd.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\flexlm\SW_D.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Programmi\Analog Devices\SoundMAX\PmProxy.exe C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TFNF5.exe C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\TOSHIBA\TouchED\TouchED.Exe C:\Programmi\ClamWin\bin\ClamTray.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\Programmi\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Microsoft ActiveSync\wcescomm.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Programmi\OpenOffice.org 2.0\program\soffice.exe C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\Rising\Rav\CCenter.exe C:\Programmi\Rising\Rav\RavTask.exe C:\Programmi\Rising\Rav\Ravmond.exe C:\Programmi\Rising\Rav\RavMon.exe C:\Programmi\Rising\Rav\RavStub.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\Maurizio\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C: \WINDOWS\system32\secpol.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59- B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX \AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C: \Programmi\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [PmProxy] C:\Programmi\Analog Devices\SoundMAX \PmProxy.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TMESBS.EXE] C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE / Client O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28 O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programmi\TOSHIBA\Wireless Hotkey \TosHKCW.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TouchED] C:\Programmi\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" -- logon O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia \NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programmi\Java \jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RavTask] "C:\Programmi\Rising\Rav\RavTask.exe" - system O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" / background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe" O4 - Startup: mauri.bgi O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: dbw30daysevaluation.exe.lnk = C:\Documents and Settings\Gianluca\Desktop\dbw30daysevaluation.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF- AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C: \PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C: \PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38- d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic \xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2- BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C: \Programmi\Skype\toolbars\Shared\Skype4ComAPI.dll O20 - AppInit_DLLs: jhapri.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Programmi\Rising\Rav \CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Programmi\Rising\Rav\Ravmond.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite \Services\ServiceLayer.exe O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\lmgrd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices \SoundMAX\SMAgent.exe O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Programmi \TOSHIBA\TME3\Tmesbs32.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS \system32\UStorSrv.exe Quote
Guest Malke Posted July 20, 2007 Posted July 20, 2007 maurizio.tappi@gmail.com wrote: > Hi you all, > > I've a problem with my windows XP SP2 Home edition installed on a > Toshiba satellite S2450-401. The problem is that the windows firewall > get disabled by itself and when I try to activate it by the control > panel it remains deactivated! > Moreover there is a lot of cpu work (I can hear the fan going very > fast) with one of the prcesses svchost.exe that I can see in task > manager. > I attach a log by hijackthis where the file jhapri.dll seems to me > very malicious... (snip HJT log) Please don't post HijackThis logs here in the MS newsgroups. HJT logs take a great deal of time and expertise to analyze correctly and you will not get the attention you need here. Instead, post to one of the specialty forums listed below. You indeed do have a worm. Here are general malware removal steps: Go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2.html#Removing_Malware Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions http://pcdid.com/Multi_AV.htm - download When all else fails, run HijackThis and post your log in one of the specialty forums listed at the link above (not here, please). Not all tools used will work in Vista and you will need to run them elevated. Since Vista is so new, it will be a while before removal techniques and tools are developed. If you are unable to remove the infection by following the general steps, register at one of the HijackThis forums as suggested. Standard caveat: If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop (not your local version of BigComputerStore/GeekSquad). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. Have all your data backed up before you take the machine into a shop. http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 - another tutorial http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies *first*. http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html Malke -- Elephant Boy Computers http://www.elephantboycomputers.com "Don't Panic!" MS-MVP Windows - Shell/User Quote
Guest Milo (MSPSS) Posted July 20, 2007 Posted July 20, 2007 Add to such what malke indicated of a worm in your system, I dont see any Stand alone Security Application software in your system ( anti-virus or anti-spyware ), as option after proceeding with the previous recommendation. 1. http://safety.live.com ( online scanner ) 2. http://www.microsoft.com/defender ( download and install ) 3. http://www.ewido.net/en ( AVG optional trial version 3rd party Anti-spyware ) 4. Should everything fail you can proceed with Microsoft Security ( Free Support ) . - for this option prompt us of the outcome Thanks, -- Milo MSPSS "maurizio.tappi@gmail.com" wrote: > Hi you all, > > I've a problem with my windows XP SP2 Home edition installed on a > Toshiba satellite S2450-401. The problem is that the windows firewall > get disabled by itself and when I try to activate it by the control > panel it remains deactivated! > Moreover there is a lot of cpu work (I can hear the fan going very > fast) with one of the prcesses svchost.exe that I can see in task > manager. > I attach a log by hijackthis where the file jhapri.dll seems to me > very malicious... > > Can anybody help me? > Thanks in advance, > > Maurizio > > Logfile of HijackThis v1.99.1 > Scan saved at 15.44.08, on 20/07/2007 > Platform: Windows XP SP2 (WinNT 5.01.2600) > MSIE: Internet Explorer v7.00 (7.00.6000.16473) > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\csrss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\system32\spoolsv.exe > C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe > C:\WINDOWS\System32\nvsvc32.exe > C:\flexlm\lmgrd.exe > C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe > C:\flexlm\SW_D.EXE > C:\WINDOWS\System32\svchost.exe > C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe > C:\WINDOWS\system32\UStorSrv.exe > C:\WINDOWS\Explorer.EXE > C:\WINDOWS\System32\alg.exe > C:\Programmi\Analog Devices\SoundMAX\PmProxy.exe > C:\WINDOWS\System32\00THotkey.exe > C:\WINDOWS\system32\TPWRTRAY.EXE > C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE > C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe > C:\WINDOWS\system32\TFNF5.exe > C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe > C:\Programmi\Synaptics\SynTP\SynTPLpr.exe > C:\Programmi\Synaptics\SynTP\SynTPEnh.exe > C:\Programmi\TOSHIBA\TouchED\TouchED.Exe > C:\Programmi\ClamWin\bin\ClamTray.exe > C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE > C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe > C:\Programmi\QuickTime\qttask.exe > C:\WINDOWS\system32\ctfmon.exe > C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe > C:\Programmi\Messenger\msmsgs.exe > C:\Programmi\Microsoft ActiveSync\wcescomm.exe > C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe > C:\PROGRA~1\MICROS~4\rapimgr.exe > C:\Programmi\OpenOffice.org 2.0\program\soffice.exe > C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN > C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\system32\wscntfy.exe > C:\Programmi\Rising\Rav\CCenter.exe > C:\Programmi\Rising\Rav\RavTask.exe > C:\Programmi\Rising\Rav\Ravmond.exe > C:\Programmi\Rising\Rav\RavMon.exe > C:\Programmi\Rising\Rav\RavStub.exe > C:\Programmi\Internet Explorer\iexplore.exe > C:\Documents and Settings\Maurizio\Desktop\HijackThis.exe > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://go.microsoft.com/fwlink/?LinkId=69157 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL > = http://go.microsoft.com/fwlink/?LinkId=54896 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = > http://go.microsoft.com/fwlink/?LinkId=54896 > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > http://go.microsoft.com/fwlink/?LinkId=69157 > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet > Settings,ProxyOverride = 127.0.0.1 > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName > = Collegamenti > F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C: > \WINDOWS\system32\secpol.exe, > O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59- > B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX > \AcroIEHelper.dll > O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C: > \Programmi\Java\jre1.5.0_06\bin\ssv.dll > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon > initialize > O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet > O4 - HKLM\..\Run: [PmProxy] C:\Programmi\Analog Devices\SoundMAX > \PmProxy.exe > O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe > O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe > O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE > O4 - HKLM\..\Run: [TMESBS.EXE] C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE / > Client > O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28 > O4 - HKLM\..\Run: [TFNF5] TFNF5.exe > O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programmi\TOSHIBA\Wireless Hotkey > \TosHKCW.exe" > O4 - HKLM\..\Run: [synTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe > O4 - HKLM\..\Run: [synTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe > O4 - HKLM\..\Run: [TouchED] C:\Programmi\TOSHIBA\TouchED\TouchED.Exe > O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" -- > logon > O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia > \NOKIAP~1\LAUNCH~1.EXE -startup > O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programmi\Java > \jre1.5.0_06\bin\jusched.exe > O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" > -atboottime > O4 - HKLM\..\Run: [RavTask] "C:\Programmi\Rising\Rav\RavTask.exe" - > system > O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe > O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite > 6\PcSync2.exe /NoDialog > O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" / > background > O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft > ActiveSync\wcescomm.exe" > O4 - Startup: mauri.bgi > O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org > 2.0\program\quickstart.exe > O4 - Global Startup: dbw30daysevaluation.exe.lnk = C:\Documents and > Settings\Gianluca\Desktop\dbw30daysevaluation.exe > O8 - Extra context menu item: E&sporta in Microsoft Excel - > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} > - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll > O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF- > AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll > O9 - Extra button: Create Mobile Favorite - > {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C: > \PROGRA~1\MICROS~4\INetRepl.dll > O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} > - C:\PROGRA~1\MICROS~4\INetRepl.dll > O9 - Extra 'Tools' menuitem: Crea preferito portatile... - > {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C: > \PROGRA~1\MICROS~4\INetRepl.dll > O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} > - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38- > d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic > \xpnetdiag.exe (file missing) > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} > - C:\Programmi\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2- > BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe > O11 - Options group: [iNTERNATIONAL] International* > O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl > Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab > O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C: > \Programmi\Skype\toolbars\Shared\Skype4ComAPI.dll > O20 - AppInit_DLLs: jhapri.dll > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision > Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel > 32\IDriverT.exe > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA > Corporation - C:\WINDOWS\System32\nvsvc32.exe > O23 - Service: Rising Process Communication Center (RsCCenter) - > Beijing Rising Technology Co., Ltd. - C:\Programmi\Rising\Rav > \CCenter.exe > O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology > Co., Ltd. - C:\Programmi\Rising\Rav\Ravmond.exe > O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite > \Services\ServiceLayer.exe > O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision > Corporation - C:\flexlm\lmgrd.exe > O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service > (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices > \SoundMAX\SMAgent.exe > O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Programmi > \TOSHIBA\TME3\Tmesbs32.exe > O23 - Service: UStorage Server Service - OTi - C:\WINDOWS > \system32\UStorSrv.exe > > Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.