www.MegaLab.it

da **Pdc** » dom apr 01, 2007 5:20 pm

Ho un problema con un gioco..in pratica mi arriva fino al punto in cui si inizia a giocare(dopo tutti i video che ti spiegano la trama)e prorpio la schermata prima di iniziare a giocare mi si blocca e con Task Manager devo chiudere il gioco e come segnalazione errori tecnici mi scrive:
-C:\DOCUME 1\VENANTIO\IMPOST 1\Temp\WER58b8.dir00\ResidentEvil3.exe.mdmp
-C:\DOCUME 1\VENANTIO\IMPOST 1\Temp\WER58b8.dir00\appcompat.txt
Allora ho seguito i vostri consigli e mi sono scaricato HijackThis che mi ha trovato questo log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.29.20, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\AdsBlocker\stopAds.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\dwwin.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\Mdmp\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.extremeaccess.info/?rid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://goto.energy-factor.com//link.asp ... rofilo=993
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\system32\toshibautility.exe",
O1 - Hosts: 205.238.40.51 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
O1 - Hosts: 209.67.209.50 test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {4BAA7A23-79E7-3E90-CBE7-3505D675D027} - C:\WINDOWS\tyjyp1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Programmi\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SHA256] C:\Programmi\SHA256\secure.exe
O4 - HKLM\..\Run: [AdsBlocker] C:\Programmi\AdsBlocker\stopAds.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OlStatusMon] "C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKCU\..\Run: [ixplore] ""
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\winhp32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Programmi\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: www.extremeaccess.info
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.xbeta69.com
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 026_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE93D39B-FBC1-43E2-A3DE-6D139AC6189A}: NameServer = 85.37.17.57 85.38.28.80
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NetDfd - Unknown owner - \\?\C:\Programmi\File comuni\Services\com8.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: olMntrService - Olivetti - C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe

--
End of file - 11283 bytes

Cosa posso fare per giocare senza problemi?
Grazie in anticipo per il vostro aiuto

da **Amantide** » dom apr 01, 2007 5:53 pm

Ciao e benvenuto. [:)]

Per prima cosa abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti), termina dal task manager (Ctrl+Alt+Canc) il processo toshibautility.exe e con aiuto di AGVPFIX elimina questo file in rosso c:\windows\system32\toshibautility.exe

Scarica ed avvia Systemscan, spunta tutte le voci e clicca su Scan Now. A scansione terminata trova in C:\suspectfile il file report.txt, comprimilo in un archivio rar o zip ed allegalo qui.

da **crazy.cat** » dom apr 01, 2007 5:54 pm

Trova questo fle nel taskmanager e termina il suo processo
c:\windows\system32\toshibautility.exe
Poi tramite il tools della nod
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP
dovresti riuscire a cancellare lo stesso file

Poi scansiona con il tools della prevx e virit e gli fai cancellare tutto quello che trovano
http://www.prevx.com/gromozon.asp
http://www.tgsoft.it/italy/index_ita.html

rifai la scansione con hijackthis e selezioni queste righe e poi premi fix, sempre con il tools della nod cancella il file indicato in rosso.
Controlla se nell'ultima cartella indicata in rosso ci sono dei piccoli exe come quello indicato e in caso eliminali.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.extremeaccess.info/?rid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://goto.energy-factor.com//link.asp ... rofilo=993
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\system32\toshibautility.exe",
O2 - BHO: Class - {4BAA7A23-79E7-3E90-CBE7-3505D675D027} - C:\WINDOWS\tyjyp1.dll (file missing)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
O4 - HKCU\..\Run: [ixplore] ""
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\winhp32.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: www.extremeaccess.info
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.xbeta69.com
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 026_it.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: NetDfd - Unknown owner - \\?\C:\Programmi\File comuni\Services\com8.exe (file missing)

disinstalla questo programma dalla lista delle applicazioni
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Programmi\SpySpotter3\Defender.exe -startup

Sai cos'è questo programma?
O4 - HKLM\..\Run: [SHA256] C:\Programmi\SHA256\secure.exe

Alla fine riposta un log di hijackthis

da **Pdc** » dom apr 01, 2007 9:26 pm

scusa ma c:\windows\system32\toshibautility.exe non me lo trova e il sito di prevx nn mi si apre.Che faccio?
Grazie comunque dell'aiuto

da **Amantide** » dom apr 01, 2007 9:42 pm

Pdc ha scritto:scusa ma c:\windows\system32\toshibautility.exe non me lo trova

Hai abilitato la visualizzazione dei file nascosti?

da **Pdc** » dom apr 01, 2007 10:18 pm

si l'avevo già abilitato da prima..

da **Amantide** » dom apr 01, 2007 10:27 pm

Se rifai la scansione con Hijackthis la voce F2 è sempre questa?
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\system32\toshibautility.exe",

Prova aterminare dal task manager tutti i processi sospetti, simili al toshibautility.exe e poi fai la scansione con Virit.

Fammi anche il log di Systemscan.

da **Pdc** » dom apr 01, 2007 10:45 pm

O4 - HKLM\..\Run: [SHA256] C:\Programmi\SHA256\secure.exe è una cartella vuota.
Ho fatto tutto(o quasi)quello che mi avete detto,ora vi posto l'ultimo log di HijackThis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.45.31, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\VEXPLITE\VIRITEXP.EXE
C:\WINDOWS\system32\taskmgr.exe
D:\Mdmp\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgsoft.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.238.40.51 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
O1 - Hosts: 209.67.209.50 test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Programmi\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OlStatusMon] "C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Programmi\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE93D39B-FBC1-43E2-A3DE-6D139AC6189A}: NameServer = 85.37.17.57 85.38.28.80
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: olMntrService - Olivetti - C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 9900 bytes

Adesso?

da **Pdc** » dom apr 01, 2007 10:54 pm

Questo è il log di Systemscan,un po' lunghetto da leggere:
systemscan - www.suspectfile.com - ver. 2.0.24

Edited by Amantide:
Post ripulito. Log nell'allegato sotto.

da **Amantide** » lun apr 02, 2007 12:14 pm

Pdc ha scritto:Questo è il log di Systemscan,un po' lunghetto da leggere:

Non per caso avevo scritto...

Amantide prima ha scritto: A scansione terminata trova in C:\suspectfile il file report.txt, comprimilo in un archivio rar o zip ed allegalo qui

Non solo questo log interminabile rende impossibile la consultazione della discussione, ma non entra nemmeno all'interno di un post.

Ti pregherei di comprimere il log all'interno di un archivio ed allegarlo qui cliccando sul tasto Carica un File. Il log incompleto di Systemscan che avevi incollato prima è meglio se lo elimini.

Intanto vai su Start--> Esegui--> digiti control userpasswords2--> premi Invio--> ed elimina l'utente vLuMLGEqYRGxHUhXX

P.S. Carica il file C:\WINDOWS\ua2.dll sul www.virustotal.com e vedi di cosa si tratta.

da **Pdc** » lun apr 02, 2007 4:31 pm

Questo è quello che mi ha trovato su virustotal circa il file C:\WINDOWS\ua2.dll:
STATUS: FINISHEDComplete scanning result of "ua2.dll_", received in VirusTotal at 04.02.2007, 15:12:21 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.2.2 04.02.2007 no virus found
AntiVir 7.3.1.47 04.02.2007 no virus found
Authentium 4.93.8 03.31.2007 no virus found
Avast 4.7.936.0 04.02.2007 no virus found
AVG 7.5.0.447 04.01.2007 no virus found
BitDefender 7.2 04.02.2007 no virus found
CAT-QuickHeal 9.00 04.02.2007 no virus found
ClamAV devel-20070312 04.02.2007 no virus found
DrWeb 4.33 04.02.2007 no virus found
eSafe 7.0.15.0 04.02.2007 no virus found
eTrust-Vet 30.6.3527 03.31.2007 no virus found
Ewido 4.0 04.02.2007 no virus found
FileAdvisor 1 04.02.2007 No threat detected
Fortinet 2.85.0.0 04.02.2007 no virus found
F-Prot 4.3.1.45 03.30.2007 no virus found
F-Secure 6.70.13030.0 04.02.2007 no virus found
Ikarus T3.1.1.3 04.02.2007 no virus found
Kaspersky 4.0.2.24 04.02.2007 no virus found
McAfee 4997 03.31.2007 no virus found
Microsoft 1.2306 04.02.2007 no virus found
NOD32v2 2162 04.02.2007 no virus found
Norman 5.80.02 04.02.2007 no virus found
Panda 9.0.0.4 04.01.2007 no virus found
Prevx1 V2 04.02.2007 no virus found
Sophos 4.16.0 03.30.2007 no virus found
Sunbelt 2.2.907.0 03.31.2007 no virus found
Symantec 10 04.02.2007 no virus found
TheHacker 6.1.6.084 04.02.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.3 04.01.2007 no virus found
VirusBuster 4.3.7:9 04.02.2007 no virus found
Webwasher-Gateway 6.0.1 04.02.2007 no virus found

Aditional Information
File size: 77312 bytes
MD5: de02c4d04088b69e64ecc30a3d9e22e5
SHA1: a5f66d420b6a6ebb04242fb85ca462a99dbf89b6
Bit9 info: http://fileadvisor.bit9.com/services/ex ... 0a3d9e22e5

e qui sotto vi carico il log di Systemscan compresso:

da **Pdc** » lun apr 02, 2007 4:51 pm

In particolare quando devo terminare il gioco perche non mi rispondono più i tasti,l'errore me lo dà qui,C:\DOCUMENTSANDSETTINGS\VENANTIO\IMPOSTAZIONILOCALI\Temp\WERa630.dir00\appcompat.txt:
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="ResidentEvil3.exe" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="R3Setup.exe" SIZE="159744" CHECKSUM="0x7FCF47ED" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="08/21/2000 07:46:25" UPTO_LINK_DATE="08/21/2000 07:46:25" />
<MATCHING_FILE NAME="RE3_MERCE.exe" SIZE="1273856" CHECKSUM="0x73CD2273" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="10/19/2000 06:50:38" UPTO_LINK_DATE="10/19/2000 06:50:38" />
<MATCHING_FILE NAME="ResidentEvil3.exe" SIZE="1273856" CHECKSUM="0x73CD2273" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="10/19/2000 07:02:07" UPTO_LINK_DATE="10/19/2000 07:02:07" />
<MATCHING_FILE NAME="ResidentEvil3_menu.exe" SIZE="2830336" CHECKSUM="0x908E1CA2" BIN_FILE_VERSION="1.0.0.0" BIN_PRODUCT_VERSION="1.0.0.0" PRODUCT_VERSION="1.0.0.0" FILE_DESCRIPTION="Resident_Evil_3_menu MFC ?????????" COMPANY_NAME="" PRODUCT_NAME="Resident_Evil_3_menu ?????????" FILE_VERSION="1.0.0.0" ORIGINAL_FILENAME="Resident_Evil_3_menu.EXE" INTERNAL_NAME="Resident_Evil_3_menu" LEGAL_COPYRIGHT="Copyright (C) 2000" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.0.0" UPTO_BIN_PRODUCT_VERSION="1.0.0.0" LINK_DATE="10/31/2000 03:55:31" UPTO_LINK_DATE="10/31/2000 03:55:31" VER_LANGUAGE="Giapponese [0x411]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="1028096" CHECKSUM="0x871FAC66" BIN_FILE_VERSION="5.1.2600.2945" BIN_PRODUCT_VERSION="5.1.2600.2945" PRODUCT_VERSION="5.1.2600.2945" FILE_DESCRIPTION="DLL client di Windows NT BASE API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operativo Microsoft® Windows®" FILE_VERSION="5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. Tutti i diritti riservati." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x107F3F" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2945" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2945" LINK_DATE="07/05/2006 10:56:03" UPTO_LINK_DATE="07/05/2006 10:56:03" VER_LANGUAGE="Italiano (Italia) [0x410]" />
</EXE>
</DATABASE>
e qui,C:\DOCUMENTSANDSETTINGS\VENANTIO\IMPOSTAZIONILOCALI\Temp\WERa630.dir00\ResidenEvil3.exe.mdmp.

da **Amantide** » lun apr 02, 2007 6:12 pm

Allora, per prima cosa scarica ed esegui Rustbfix, servirà a rimuovere il rootkit Rustock, al termine dell'operazione salva il report e dopo postalo qui.

Poi scarica SDFix e cliccaci sopra. Verrà creata la cartella C:\SDFix.
- riavvia il pc in modalità provvisoria (F8 all'avvio);
- apri la cartella C:\SDFix e fai il doppio click su RunThis.bat per avviare il tool;
- digiti Y e premi Invio;
- quando verrà richiesto premi un tasto qualsiasi per riavviare il sistema ed effettuare la pulizia delle voci trovate;
- al riavvio del pc aspetta l'apparizione del messaggio Finished;
- premi un tasto qualsiasi per terminare l'operazione.
Alla fine posta qui il contenuto del log che troverai in C:\SDFix\report.txt

Alla fine scarica Gmer, estrai l'archivio sul desktop ed avvia il file gmer.exe. Vai sulla scheda Autostart, spunta la voce Show all e clicca su Scan. A scansione terminata clicca su Copy ed incolla il risultato sul Blocco note o direttamente qui. Ripeti l'operazione anche per la scheda Rootkit.

Fatte tutte le scansioni metti i 4 log ottenuti all'interno di un archivio ed allegalo qui.

da **Pdc** » mar apr 03, 2007 12:09 am

Ecco qui i log,Avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\iggngbux

*******************

Script file located at: \??\C:\WINDOWS\eoarceng.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.

Warning --- HKLM\Software did not load within MAX_WAIT_ITERATIONS

Could not set up D:\Rustbfix\2run.bat to run on reboot
Run on reboot of program D:\Rustbfix\2run.bat failed!
Status: 0xc0000034

Poi SDFix:

SDFix: Version 1.76

Run by VENANTIO - 02/04/2007 - 21.27.08,70

Microsoft Windows XP [Versione 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\VENANTIO\IMPOST~1\Temp\GLF17.tmp.dll - Deleted
C:\WINDOWS\system32\lzx32.sys - Deleted

ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Programmi\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Disabled:Age of Empires II"
"C:\\Programmi\\WinMX\\WinMX.exe"="C:\\Programmi\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Programmi\\Kazaa\\kazaa.exe"="C:\\Programmi\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop"
"C:\\Programmi\\Microsoft Games\\Age of Empires II\\Age2_X1\\AGE2_X1.ICD"="C:\\Programmi\\Microsoft Games\\Age of Empires II\\Age2_X1\\AGE2_X1.ICD:*:Disabled:Age of Empires II Expansion"
"C:\\Documents and Settings\\VENANTIO\\Documenti\\Giochi\\Guerra e Strategia\\Recwar\\RecWar.exe"="C:\\Documents and Settings\\VENANTIO\\Documenti\\Giochi\\Guerra e Strategia\\Recwar\\RecWar.exe:*:Disabled:RecWar"
"C:\\Programmi\\Infogrames\\Line of Sight - Vietnam\\vietnam.exe"="C:\\Programmi\\Infogrames\\Line of Sight - Vietnam\\vietnam.exe:*:Disabled:vietnam"
"C:\\Documents and Settings\\VENANTIO\\Documenti\\Giochi\\Need for kill\\NFK075\\NFK.exe"="C:\\Documents and Settings\\VENANTIO\\Documenti\\Giochi\\Need for kill\\NFK075\\NFK.exe:*:Disabled:NFK"
"C:\\Program Files\\Neoact\\Carom3D\\CaromEngLauncher.exe"="C:\\Program Files\\Neoact\\Carom3D\\CaromEngLauncher.exe:*:Disabled:Last Update 2001/08/22"
"C:\\Programmi\\DeaddyBear\\Tanks 3D - Reign of Steel\\tanks3d_ros.exe"="C:\\Programmi\\DeaddyBear\\Tanks 3D - Reign of Steel\\tanks3d_ros.exe:*:Disabled:tanks3d_ros"
"C:\\Documents and Settings\\VENANTIO\\Documenti\\Giochi\\Sport\\Biliardo\\Carom3d\\CaromEngLauncher.exe"="C:\\Documents and Settings\\VENANTIO\\Documenti\\Giochi\\Sport\\Biliardo\\Carom3d\\CaromEngLauncher.exe:*:Disabled:Last Update 2001/08/22"
"C:\\Programmi\\Messenger\\MSMSGS.EXE"="C:\\Programmi\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\System32\\dplaysvr.exe"="C:\\WINDOWS\\System32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Neoact\\Carom3D\\update.exe"="C:\\Program Files\\Neoact\\Carom3D\\update.exe:*:Disabled:Last Update 2001/08/22"
"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Documents and Settings\\VENANTIO\\Documenti\\Download 2\\eMule\\emule.exe"="C:\\Documents and Settings\\VENANTIO\\Documenti\\Download 2\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Documents and Settings\\VENANTIO\\Documenti\\winMX\\WinMX.exe"="C:\\Documents and Settings\\VENANTIO\\Documenti\\winMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"="C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"="C:\\Sierra\\Empire Earth\\Empire Earth.exe:*:Disabled:Empire Earth"
"C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe"="C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Programmi\\MSN Messenger\\msncall.exe"="C:\\Programmi\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Documents and Settings\\VENANTIO\\Documenti\\Download\\eMule\\emule.exe"="C:\\Documents and Settings\\VENANTIO\\Documenti\\Download\\eMule\\emule.exe:*:Enabled:eMule"
"E:\\Download\\eMule\\emule.exe"="E:\\Download\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programmi\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Programmi\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programmi\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Programmi\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Programmi\\MSN Messenger\\msncall.exe"="C:\\Programmi\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\realmon.exe.dat
C:\WINDOWS\system32\APVXDWIN.EXE.dat
C:\Documents and Settings\VENANTIO\service.exe
C:\Programmi\File comuni\Adobe\ESD\DLMCleanup.exe
C:\Programmi\HP\recguard.exe.dat
C:\Programmi\SmartStuff\fpwinldr.exe.dat
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR5.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS6.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR7.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS8.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR9.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTSA.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTRB.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTSC.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTRD.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTSE.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTRF.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS10.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR11.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS12.tmp

Finished

Poi vi carico gli altri due di Gmer:

da **Amantide** » mar apr 03, 2007 1:08 pm

Scarica The Avenger, estrai archivio in una cartella ed avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno del form copia ed incolla questo script:

Files to delete:
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR5.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS6.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR7.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS8.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR9.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTSA.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTRB.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTSC.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTRD.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTSE.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTRF.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS10.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR11.tmp
C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS12.tmp
C:\Documents and Settings\VENANTIO\service.exe
C:\SDFix\backups\backups.zip
C:\WINDOWS\system32\realmon.exe.dat
C:\WINDOWS\system32\APVXDWIN.EXE.dat
C:\Programmi\HP\recguard.exe.dat
C:\Programmi\SmartStuff\fpwinldr.exe.dat

Dopodichè clicca sul pulsante Done, poi 2 volte sull'icona del semaforo verde e rispondi alle successive domande Si .
Il pc dovrebbe riavviarsi da solo,se cosi non fosse riavvialo manualmente.
Alla fine allegami il log di Avenger che si trova in C:/avenger.txt

Prima di eseguire Avenger, mi controlli per piacere se questi file hanno le stesse dimensioni? Poi prendi uno a caso a carica sul www.virustotal.com per vedere se qualche antivirus è finalmente imparato a riconoscere questo male, che i file legittimi non sono di sicuro.
C:\WINDOWS\system32\realmon.exe.dat
C:\WINDOWS\system32\APVXDWIN.EXE.dat
C:\Programmi\HP\recguard.exe.dat
C:\Programmi\SmartStuff\fpwinldr.exe.dat

Poi fai la scansione con CCleaner ed AVG Anti-spyware dalla modalità provvisoria ed allega qui il nuovo log di Systemscan.

da **Pdc** » mar apr 03, 2007 5:58 pm

C:\WINDOWS\system32\realmon.exe.dat
C:\WINDOWS\system32\APVXDWIN.EXE.dat
Questi 2 sopra pesano 1 kb ciascuno e sono vecchi di 8-9 anni
C:\Programmi\HP\recguard.exe.dat
C:\Programmi\SmartStuff\fpwinldr.exe.dat
Questi altri 2 sopra pesano 894 byte e sono vecchi di 5-6 anni;non risultano contenere virus o altroché.
Qui sotto ti metto il log di Aveneger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\heclclbb

*******************

Script file located at: \??\C:\WINDOWS\system32\baygqahb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR5.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS6.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR7.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS8.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR9.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTSA.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTRB.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTSC.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTRD.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTSE.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTRF.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS10.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTR11.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\Impostazioni locali\Temp\ZTS12.tmp deleted successfully.
File C:\Documents and Settings\VENANTIO\service.exe deleted successfully.
File C:\SDFix\backups\backups.zip deleted successfully.
File C:\WINDOWS\system32\realmon.exe.dat deleted successfully.
File C:\WINDOWS\system32\APVXDWIN.EXE.dat deleted successfully.
File C:\Programmi\HP\recguard.exe.dat deleted successfully.
File C:\Programmi\SmartStuff\fpwinldr.exe.dat deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
E qui sotto ti carico il log di Systemscan:

da **Amantide** » mar apr 03, 2007 6:44 pm

Credevo che avevi già eliminato l'account creato da Gromozon. Esegui con Avenger questo ultimo script.

Folders to delete:
C:\documents and settings\vLuMLGEqYRGxHUhXX

registry values to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts | vLuMLGEqYRGxHUhXX

Ti consiglierei di sostituire l'antivirus AVG con uno più efficace, per esempio gratuiti Active Virus Shield oppure Antivir PE. Installa anche un buon firewall, e per la protezione in tempo reale e come il modulo HIPS ti consiglierei Spyware Terminator.

Se a questo punto avrai ancora i problemi con il gioco, non sarà a causa di virus [:)]

da **Franco89** » mer apr 11, 2007 5:09 pm

Mi date un'occhiata al log, per favore?? Grazie mille... A presto.

Logfile of HijackThis v1.99.1
Scan saved at 16.04.29, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmi\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Programmi\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programmi\Citrix\ICA Client\pnagent.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Programmi\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Programmi\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programmi\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aggiornamento del software del ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmi\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/it/it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9863685297
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{406F56FF-4D0C-4EBC-BFC4-1E2BA712B7A6}: NameServer = 85.37.17.57 85.38.28.80
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmi\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Programmi\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programmi\ThinkVantage\SystemUpdate\UCLauncherService.exe

da **Amantide** » mer apr 11, 2007 5:39 pm

Franco89 ha scritto:Mi date un'occhiata al log, per favore?? Grazie mille... A presto.

Logfile of HijackThis v1.99.1
.............

Tutto qui? [nonono]

-AVVISO PER TUTTI - LEGGERE PRIMA DI POSTARE

Codice: Seleziona tutto: 1) Le discussioni contenenti solo i log di hijackthis o Gmer dove non ci sia scritto anche i problemi che avete al pc e le prove che avete già fatto per risolvere il problema che avete riscontrato, verranno chiuse.

Non chiudo solo perché la discussione è stata iniziata da un altra persona.

da **Franco89** » mer apr 11, 2007 6:46 pm

Ok, beh...Non vi incazzate... Mamma mia... Tranquilli... Non credo sia successo il finimondo...
Non fa niente... Ciao...Alla prossima, o forse no...

www.MegaLab.it

Mi potete controllare log di HijackThis?GRAZIE

Mi potete controllare log di HijackThis?GRAZIE

Re: Mi potete controllare log di HijackThis?GRAZIE

Chi c’è in linea