Olimpo Informatico

[Lorhaf]

ciao a tutti, ho vari problemi con il mio pc , per prima cosa mi continua a dare appena entro nella schermata di windows l'errore "C:\WINDOWS\system32\printer.exe" ,poi, ho il task manager bloccato , ovvero con CTRL-ALT-CANC mi dice che tutto e' bloccato dall' amministratore, ma sono io l'unico utente di questo pc, temporaneamente son riuscito a sbloccare il task manager con questo programmino "xptaskmgrenab", e il task manager e' temporaneamente in funzione, il secondo problema e' ke se io clicco su il desktop e faccio propieta' mi dice:"Operazione annullata.Sul computer sono attivate delle restrizioni. Contattare l'amministratore del sistema." vi posto di seguito il mio hjiack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.48.11, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\QuickTime\QTTask.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\FreeRAM\FreeRAM.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lorhaf\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Programmi\FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ltkzmxh.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB8AD34F-204F-485E-9CA2-A2FA3D9E34FA}: NameServer = 85.37.17.13 85.38.28.81
O17 - HKLM\System\CS1\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: hadjajr.ini
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7626 bytes
attendo speranzoso vostre notizie , anke xke' mi serve x lavoro il pc

[ste_95]

Disattiva il ripristino e avvia in modalità provvisoria
avvia HijackThis, seleziona Do a system scan only, metti la spunta alle voci indicate e premi Fix checked:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll (file missing)
O4 - Startup: ltkzmxh.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: hadjajr.ini

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\vtr.dll

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

[bdoriano]

Prima di fare pasticci con avenger, vediamo di riprendere correttamente il controllo del pc.

Ciao lorhaf,

Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
Con CTRL+ALT+CANC apri Task manager
scegli: file -> nuova operazione --> digita regedit -->premi invio
portati alla chiave
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
guarda se esistono
- explorer.exe e se c'è riporta qui i valori.
- iexplore.exe e se c'è riporta qui i valori.

fai lo stesso con
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
individua nella finestra di destra Userinit
riporta qui i valori.

Dopo, continuiamo con il resto.

PS: se vuoi, puoi presentarti qui

[Lorhaf]

Allora , rieccomi,
mi sono portato allachiave
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options e ho visto che non esistono questi 2 file che tu mi avevi detto di controllare,
- explorer.exe
- iexplore.exe
mentre nella chiave


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
ho trovato Userinit e di seguito t posto i valori sperando d ave preso kuelli giusti

nome, tipo, dati

valori Userinit reg_SZ C:\WINDOWS\system32\userinit.exe


Dati Binari

0000 43 00 3A 00 5C 00 57 00 C.:.\.W.
0008 49 00 4E 00 44 00 4F 00 I.N.D.O.
0010 57 00 53 00 5C 00 73 00 W.S.\.s.
0018 79 00 73 00 74 00 65 00 y.s.t.e.
0020 6D 00 33 00 32 00 5C 00 m.3.2.\.
0028 75 00 73 00 65 00 72 00 u.s.e.r.
0030 69 00 6E 00 69 00 74 00 i.n.i.t.
0038 2E 00 65 00 78 00 65 00 ..e.x.e.
0040 2C 00 00 00 ,...


ciao a presto

[bdoriano]

Ok. I valori nel registro sono corretti.

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[Lorhaf]

nulla mi ha dato vari errori,

questo e' il log d avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs


Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\aanvvenc

*******************

Script file located at: \??\C:\ifwwbhac.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\printer.exe not found!
Deletion of file C:\WINDOWS\system32\printer.exe failed!

Could not process line:
C:\WINDOWS\system32\printer.exe
Status: 0xc0000034



File C:\WINDOWS\system32\vtr.dll not found!
Deletion of file C:\WINDOWS\system32\vtr.dll failed!

Could not process line:
C:\WINDOWS\system32\vtr.dll
Status: 0xc0000034



File C:\WINDOWS\ltkzmxh.exe not found!
Deletion of file C:\WINDOWS\ltkzmxh.exe failed!

Could not process line:
C:\WINDOWS\ltkzmxh.exe
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rxbjqlmo

*******************

Script file located at: lhwwovvq

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!
//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kgbjsoxv

*******************

Script file located at: \??\C:\WINDOWS\system32\nvbetahc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nctfvbom

*******************

Script file located at: \??\C:\Program Files\lufnefih.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\printer.exe not found!
Deletion of file C:\WINDOWS\system32\printer.exe failed!

Could not process line:
C:\WINDOWS\system32\printer.exe
Status: 0xc0000034



File C:\WINDOWS\system32\vtr.dll not found!
Deletion of file C:\WINDOWS\system32\vtr.dll failed!

Could not process line:
C:\WINDOWS\system32\vtr.dll
Status: 0xc0000034



File C:\WINDOWS\ltkzmxh.exe not found!
Deletion of file C:\WINDOWS\ltkzmxh.exe failed!

Could not process line:
C:\WINDOWS\ltkzmxh.exe
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pehxyafh

*******************

Script file located at: \??\C:\Documents and Settings\itnmeuym.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\printer.exe not found!
Deletion of file C:\WINDOWS\system32\printer.exe failed!

Could not process line:
C:\WINDOWS\system32\printer.exe
Status: 0xc0000034



File C:\WINDOWS\system32\vtr.dll not found!
Deletion of file C:\WINDOWS\system32\vtr.dll failed!

Could not process line:
C:\WINDOWS\system32\vtr.dll
Status: 0xc0000034



File C:\WINDOWS\ltkzmxh.exe not found!
Deletion of file C:\WINDOWS\ltkzmxh.exe failed!

Could not process line:
C:\WINDOWS\ltkzmxh.exe
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

e questa e' la nuova scansione con hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.37.17, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\QuickTime\QTTask.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\FreeRAM\FreeRAM.exe
C:\Programmi\BitTorrent\bittorrent.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lorhaf\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nxkaviam] C:\echilnua.bat
O4 - HKLM\..\Run: [tkgodbro] C:\imevccmk.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Programmi\FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ltkzmxh.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB8AD34F-204F-485E-9CA2-A2FA3D9E34FA}: NameServer = 85.37.17.13 85.38.28.81
O17 - HKLM\System\CS1\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: hadjajr.ini
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7369 bytes
grazie della Vostra pazienza

[bdoriano]

Riecchime, prima di far scendere in campo i pezzi da 90, fai una passata con ComboFix come indicato qui.
Vediamo cosa trova.

[Lorhaf]

di seguito il report d combofix:

ComboFix 07-11-19.3 - Lorhaf 2007-11-23 14.31.40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1664 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Lorhaf\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2007-10-23 al 2007-11-23 )))))))))))))))))))))))))))))))))))
.

2007-11-21 21:54 <DIR> d-------- C:\Programmi\CCleaner
2007-11-20 02:04 <DIR> d-------- C:\Programmi\Aliencelebrities
2007-11-20 02:04 10,236,709 --a------ C:\WINDOWS\system32\Prison Break Screensaver.scr
2007-11-07 22:27 <DIR> d-------- C:\Programmi\iPod
2007-11-07 22:22 <DIR> d-------- C:\Programmi\QuickTime
2007-11-05 23:30 <DIR> d-------- C:\Programmi\Macrogaming
2007-10-31 13:23 <DIR> d-------- C:\Programmi\Apple Software Update
2007-10-31 13:17 <DIR> d-------- C:\Programmi\File comuni\Apple
2007-10-31 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-10-31 13:07 <DIR> d-------- C:\Documents and Settings\Lorhaf\Dati applicazioni\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 09:33 --------- d-----w C:\Documents and Settings\Lorhaf\Dati applicazioni\AVG7
2007-11-19 14:36 --------- d-----w C:\Documents and Settings\Lorhaf\Dati applicazioni\OpenOffice.org2
2007-11-16 11:54 --------- d-----w C:\Documents and Settings\Lorhaf\Dati applicazioni\BitTorrent
2007-11-14 19:05 --------- d-----w C:\Programmi\MobMapUpdater
2007-11-13 14:58 --------- d-----w C:\Programmi\eMule
2007-11-08 00:46 --------- d-----w C:\Documents and Settings\Lorhaf\Dati applicazioni\Vso
2007-10-31 12:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-19 15:23 --------- d-----w C:\Documents and Settings\Lorhaf\Dati applicazioni\Skype
2007-10-11 20:54 --------- d-----w C:\Programmi\BitTorrent
2007-10-10 22:17 --------- d-----w C:\Documents and Settings\Lorhaf\Dati applicazioni\teamspeak2
2007-10-01 23:27 --------- d-----w C:\Programmi\Java
2007-10-01 10:26 --------- d-----w C:\Programmi\File comuni\Adobe
2007-10-01 08:50 --------- d-----w C:\Programmi\DivX
2007-09-25 13:07 --------- d-----w C:\Documents and Settings\Lorhaf\Dati applicazioni\.BitZip
2007-04-17 02:01 87,608 ----a-w C:\Documents and Settings\Lorhaf\Dati applicazioni\ezpinst.exe
2007-04-17 02:01 47,360 ----a-w C:\Documents and Settings\Lorhaf\Dati applicazioni\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 21:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-16 08:47]
"MsnMsgr"="~C:\Programmi\MSN Messenger\MsnMsgr.exe" []
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 01:17]
"BySoft FreeRAM"="C:\Programmi\FreeRAM\FreeRAM.exe" [2001-01-20 12:34]
"BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
"SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 21:58]
"NWEReboot"="" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-30 21:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-30 21:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"nxkaviam"="C:\echilnua.bat" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 21:58]

C:\Documents and Settings\Lorhaf\Menu Avvio\Programmi\Esecuzione automatica\
ltkzmxh.exe [2007-07-11 01:23:34]

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-23 12:36:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2007-11-21 23:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-08 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-14 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-23 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-23 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-23 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-23 13:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-22 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-22 15:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-22 16:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-22 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-23 00:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-22 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-22 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-20 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-21 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-21 22:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-23 01:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-23 02:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-09 03:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-09 04:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-09 05:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-09 06:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
"2007-11-08 07:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\NBB2iCm2.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 14:37:50
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2007-11-23 14:38:43 - machine was rebooted
.
--- E O F ---

[ste_95]

combofix non ha trovato nulla...

Segui questa guida per postare il log di System Scan.

[bdoriano]

Come "non ha trovato nulla"?

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[Lorhaf]

ecco di seguito il link di suspectfile:

Link to this page:
Direct Link: http://www.freefilehosting.net/download/Mzk1Mjg=
HTML Code: <a href="http://www.freefilehosting.net/files/Mzk1Mjg=">23_11_2007_15_09_report.zip</a>

Forum Link: [URL="http://www.freefilehosting.net/files/Mzk1Mjg="]23_11_2007_15_09_report.zip[/URL]


spero abbia trovato kualkosa...

[bdoriano]

Mi ripeto... giusto per sicurezza...

[Lorhaf]

eccomi bdoriano, scusa ma nn avevo letto il tuo post, negligenza mia, di seguito t posto il log d avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nkbgjhuj

*******************

Script file located at: \??\C:\WINDOWS\system32\croxkgdb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\echilnua.bat not found!
Deletion of file C:\echilnua.bat failed!

Could not process line:
C:\echilnua.bat
Status: 0xc0000034

File C:\Documents and Settings\Lorhaf\Menu Avvio\Programmi\Esecuzione automatica\ltkzmxh.exe deleted successfully.


File C:\WINDOWS\system32\NBB2iCm2.exe not found!
Deletion of file C:\WINDOWS\system32\NBB2iCm2.exe failed!

Could not process line:
C:\WINDOWS\system32\NBB2iCm2.exe
Status: 0xc0000034

File C:\WINDOWS\Tasks\At1.job deleted successfully.
File C:\WINDOWS\Tasks\At10.job deleted successfully.
File C:\WINDOWS\Tasks\At11.job deleted successfully.
File C:\WINDOWS\Tasks\At12.job deleted successfully.
File C:\WINDOWS\Tasks\At13.job deleted successfully.
File C:\WINDOWS\Tasks\At14.job deleted successfully.
File C:\WINDOWS\Tasks\At15.job deleted successfully.
File C:\WINDOWS\Tasks\At16.job deleted successfully.
File C:\WINDOWS\Tasks\At17.job deleted successfully.
File C:\WINDOWS\Tasks\At18.job deleted successfully.
File C:\WINDOWS\Tasks\At19.job deleted successfully.
File C:\WINDOWS\Tasks\At2.job deleted successfully.
File C:\WINDOWS\Tasks\At20.job deleted successfully.
File C:\WINDOWS\Tasks\At21.job deleted successfully.
File C:\WINDOWS\Tasks\At22.job deleted successfully.
File C:\WINDOWS\Tasks\At23.job deleted successfully.
File C:\WINDOWS\Tasks\At24.job deleted successfully.
File C:\WINDOWS\Tasks\At3.job deleted successfully.
File C:\WINDOWS\Tasks\At4.job deleted successfully.
File C:\WINDOWS\Tasks\At5.job deleted successfully.
File C:\WINDOWS\Tasks\At6.job deleted successfully.
File C:\WINDOWS\Tasks\At7.job deleted successfully.
File C:\WINDOWS\Tasks\At8.job deleted successfully.
File C:\WINDOWS\Tasks\At9.job deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|nxkaviam deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

e ora hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.35.17, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\QuickTime\QTTask.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\FreeRAM\FreeRAM.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\Lorhaf\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Programmi\FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB8AD34F-204F-485E-9CA2-A2FA3D9E34FA}: NameServer = 85.37.17.13 85.38.28.81
O17 - HKLM\System\CS1\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7149 bytes
Grazie ankora della pazienza


P.s: L'errore iniziale di windows\ system32 \printer.exe e' scomparso ora , il desktop pare rispondere correttamente , mentre il task manager senza programma nn funge mi dice sempre ke e' bloccato dall' amministratore...

[bdoriano]

I logs sembrano puliti, ora vediamo di eliminare le restrizioni che ti sono state imposte.

Apri il notepad, e copia/incolla questo codice:

[Lorhaf]

OOOOO YEAHHH!

funziona tutto alla perfezione....

nn so' come ringraziarvi!!!!!!!!!!!

se foste di genova inviterei fuori a bere

Grazie ankora a tutti della pazienza...... Lorhaf

[bdoriano]

Contento che hai risolto.

La prima volta che passo da quelle parti, vengo a cercarti...

Facciamo un ultimissimo controllo, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[Lorhaf]

Ciao , rieccomi son stato alkuni giorni fuori e senza pc
ho fatto il controllo ke mi hai rikiesto eccolo di seguito...

Controllo.html

[bdoriano]

C'è ancora qualcosina.

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[Lorhaf]

iao , ecco di seguito il report di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sjgmbtlq

*******************

Script file located at: \??\C:\Program Files\jxrpipqh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File D:\emule download\Vari\[PC GAME NO CD] Medieval 2 Total War crack.zip deleted successfully.
File C:\WINDOWS\system32\Y44c7UsJ.dll deleted successfully.
File C:\WINDOWS\system32\TPdURLMj.dll deleted successfully.
File C:\WINDOWS\system32\uu8nPqj4.dll deleted successfully.
File C:\WINDOWS\system32\62u21P00.dll deleted successfully.
File C:\WINDOWS\system32\3hlwF2NG.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


e di seguito kuello di HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.46.04, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\QuickTime\QTTask.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\FreeRAM\FreeRAM.exe
C:\Programmi\BitTorrent\bittorrent.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Lorhaf\Desktop\hijack\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Programmi\FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{23E82070-7BC4-479F-9D32-63DDF69C2BCB}: NameServer = 213.140.2.12,213.140.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7276 bytes

[bdoriano]

Ok. ora dovresti essere a posto.
Riscontri problemi?