sppolw;igfxsvc;aiuto computer lavoro

KIKKEST · 19-06-2007, 21:30

ciao, premtto che ho un computer di lavoro che adotta il S.O. Windows 2000
ed ultimamente mi crea questo problema:

1- Apertura di 3 o 4 pagine di ie32 all'avvio di windows
2- messaggio: iexplore_32 ha causato errori ecc....

premetto che ho provato tutto quello letto nelle precedenti discussioni,ma alcuni file tipo igfxsvc e spoolw ed altri non vengono mai cancellati ne con avenger ne con hijackthis.....
Vi invio la scansione di Hijackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.24.00, on 19/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\winnt\system32\winlogon.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\spoolw.exe
C:\WINNT\system32\igfxsvc.exe
C:\Programmi\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\AGRSMMSG.exe
C:\DOCUME~1\DIEGO~1.SAN\IMPOST~1\Temp\siqsaa.exe
C:\Documents and Settings\All Users.WINNT\Dati applicazioni\warnhopeloveref\log bleh.exe
C:\WINNT\iexplore_32.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\DOCUME~1\DIEGO~1.SAN\DATIAP~1\THISRO~1\Five Each.exe
C:\WINNT\iexplore_32.exe
C:\WINNT\iexplore_32.exe
C:\WINNT\system32\drwtsn32.exe
C:\WINNT\system32\spoolw.exe
C:\WINNT\system32\igfxsvc.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Documents and Settings\diego.sanna\Desktop\HiJackThis_v2.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINNT\system32\wuauclt.exe
C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\WARNHO~1\LOGBLE~1.EXE
C:\WINNT\iexplore_32.exe
C:\WINNT\iexplore_32.exe
C:\WINNT\system32\drwtsn32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B4E3797-976F-7360-CDED-6F224E402EB3} - C:\DOCUME~1\DIEGO~1.SAN\DATIAP~1\PROGRA~1\Cakecity.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\diego.sanna\618164750.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\Run: [3s5v55tt] C:\WINNT\system32\3s5v55tt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ImMsn] C:\WINNT\msncomm.exe /i
O4 - HKLM\..\Run: [MediaCtr] C:\WINNT\mediacon.exe -i
O4 - HKLM\..\Run: [msmmi] C:\WINNT\system32\msmmi.exe
O4 - HKLM\..\Run: [siqsaa.exe] C:\DOCUME~1\DIEGO~1.SAN\IMPOST~1\Temp\siqsaa.exe
O4 - HKLM\..\Run: [LoveRefHoldFork] C:\Documents and Settings\All Users.WINNT\Dati applicazioni\warnhopeloveref\log bleh.exe
O4 - HKLM\..\Run: [gpphaa.exe] C:\WINNT\TEMP\gpphaa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [OWNSJUMP] C:\DOCUME~1\DIEGO~1.SAN\DATIAP~1\THISRO~1\Five Each.exe
O4 - HKCU\..\Run: [spoolw] C:\WINNT\system32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINNT\system32\igfxsvc.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINNT\winsys.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: PortSrv.lnk = C:\Mv36bLT\lib\cmd-nt\portsrv80_13.bat
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://172.17.6.1/officescan/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://172.17.6.1/officescan/clientinstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://172.17.6.1/officescan/clientinstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://172.17.6.1/officescan/clienti...RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181143345617
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181143622004
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe

Vi prego aiutatemi

Bugs Bunny · 19-06-2007, 21:49

1)DISABILITA IL RIPRISTINO CONFIGURAZIONE DI SISTEMA.
2)il tuo log di hijackthis è STRAPIENO di SCHIFEZZE.
fixa:

O4 - HKLM\..\Run: [ImMsn] C:\WINNT\msncomm.exe /i

O4 - HKLM\..\Run: [MediaCtr] C:\WINNT\mediacon.exe -i

O4 - HKLM\..\Run: [msmmi] C:\WINNT\system32\msmmi.exe

O4 - HKLM\..\Run: [siqsaa.exe] C:\DOCUME~1\DIEGO~1.SAN\IMPOST~1\Temp\siqsaa.exe

O4 - HKLM\..\Run: [LoveRefHoldFork] C:\Documents and Settings\All Users.WINNT\Dati applicazioni\warnhopeloveref\log bleh.exe

O4 - HKLM\..\Run: [gpphaa.exe] C:\WINNT\TEMP\gpphaa.exe

O4 - HKCU\..\Run: [OWNSJUMP] C:\DOCUME~1\DIEGO~1.SAN\DATIAP~1\THISRO~1\Five Each.exe

O4 - HKCU\..\Run: [spoolw] C:\WINNT\system32\spoolw.exe

O4 - HKCU\..\Run: [igfxsvc] C:\WINNT\system32\igfxsvc.exe

O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINNT\winsys.exe

O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\diego.sanna\618164750.dll

O2 - BHO: (no name) - {1B4E3797-976F-7360-CDED-6F224E402EB3} - C:\DOCUME~1\DIEGO~1.SAN\DATIAP~1\PROGRA~1\Cakecity.exe

3)in avenger immetti questo script:

Quote:

Files to delete:
C:\WINNT\system32\spoolw.exe
C:\WINNT\system32\igfxsvc.exe
C:\DOCUME~1\DIEGO~1.SAN\IMPOST~1\Temp\siqsaa.exe
C:\Documents and Settings\All Users.WINNT\Dati applicazioni\warnhopeloveref\log bleh.exe
C:\WINNT\iexplore_32.exe
C:\DOCUME~1\DIEGO~1.SAN\DATIAP~1\THISRO~1\Five Each.exe
C:\WINNT\iexplore_32.exe
C:\WINNT\system32\spoolw.exe
C:\WINNT\system32\igfxsvc.exe
C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\WARNHO~1\LOGBLE~1.EXE
C:\Documents and Settings\diego.sanna\618164750.dll

4)dopo aver fatto ciò fai una passata con ccleaner e preparati a sradicare il peggio dal pc.
5)Scarica gmer e fai una scansione e riporta qui il nome dei files ed i percorsi che ti da in rosso.

Bugs Bunny · 19-06-2007, 21:50

dimenticavo... fai prima a formattare.

KIKKEST · 20-06-2007, 20:30

come si fa a disabilitare il "ripristino di sistema"???
ti ricordo che il mio è un S.O. Windows 2000 professional
grazie

p.s. vorrei formattarlo ma l'azienda non me lo permette!!

Bugs Bunny · 20-06-2007, 20:54

allora non credo che ci sia il ripristino conf di sys in win 2000... non l'ho mai usato quel s.o.

wizard1993 · 21-06-2007, 11:30

io si; e per tanto tempo; dopo che hai fatto riposta un log di hijackthis

KIKKEST · 21-06-2007, 21:42

Qui di seguito i files in rosso di GMER:

File C:\WINNT\system32\lzx32.sys
Service C:\WINT\system32\lzx32.sys [SYSTEM]pe386

Devo cancellarli?

Avenger dopo il riavvio del S.O. mi ha mandato un resoconto nel quale
scriveva di non aver trovato alcuni file e quindi di non averli cancellati....

dopo questo vi invio il log di Hijackthis

KIKKEST · 21-06-2007, 21:43

eccolo:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.36.46, on 21/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\winnt\system32\services.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\spoolw.exe
C:\WINNT\system32\igfxsvc.exe
C:\Programmi\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\AGRSMMSG.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINNT\TEMP\lazgaa.exe
C:\WINNT\system32\spoolw.exe
C:\WINNT\system32\igfxsvc.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\diego.sanna\Desktop\gmer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\diego.sanna\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\Run: [3s5v55tt] C:\WINNT\system32\3s5v55tt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [lazgaa.exe] C:\WINNT\TEMP\lazgaa.exe
O4 - HKCU\..\Run: [spoolw] C:\WINNT\system32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINNT\system32\igfxsvc.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: PortSrv.lnk = C:\Mv36bLT\lib\cmd-nt\portsrv80_13.bat
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://172.17.6.1/officescan/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://172.17.6.1/officescan/clientinstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://172.17.6.1/officescan/clientinstall/setup.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://172.17.6.1/officescan/clienti...RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181143345617
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181143622004
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 6107 bytes

Tidus Strife · 21-06-2007, 21:56

Il file lzx32.sys è un rootkit, Rustock.B. Ecco come rimuoverlo: CLICCA QUI
Oppure puoi provare ad eseguire direttamente questo: CLICCA X SCARICARE

Processi da terminare ed eliminare:
C:\WINNT\system32\spoolw.exe (2x)
C:\WINNT\system32\igfxsvc.exe (2x)
C:\WINNT\TEMP\lazgaa.exe

Da fixare:
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\Run: [3s5v55tt] C:\WINNT\system32\3s5v55tt.exe
O4 - HKLM\..\Run: [lazgaa.exe] C:\WINNT\TEMP\lazgaa.exe
O4 - HKCU\..\Run: [spoolw] C:\WINNT\system32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINNT\system32\igfxsvc.exe
O20 - AppInit_DLLs:

Da fixare al 99% ma non sono sicurissimo:
O4 - Global Startup: PortSrv.lnk = C:\Mv36bLT\lib\cmd-nt\portsrv80_13.bat

Poi scarica avenger da >Qui (CLICCA)<, avvialo, fai input script manually e clicca sulla lente di ingrandimento, poi in quello spazio copia e incolla questo:

Files to delete:
C:\WINNT\system32\spoolw.exe
C:\WINNT\system32\igfxsvc.exe
C:\WINNT\TEMP\lazgaa.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\WINNT\system32\3s5v55tt.exe
C:\Mv36bLT\lib\cmd-nt\portsrv80_13.bat

poi clicca su done e poi sul semaforo e riavvia il pc, poi vedi se avenger è riuscito ad eliminare i files.

wizard1993 · 21-06-2007, 21:58

disabilita il system restore
http://www.google.it/url?sa=t&ct=res...A9FIwdRJOSYdcQ

fixa
4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\Run: [lazgaa.exe] C:\WINNT\TEMP\lazgaa.exe
O4 - HKCU\..\Run: [spoolw] C:\WINNT\system32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINNT\system32\igfxsvc.exe
O20 - AppInit_DLLs:
riavvia
e fai una scan online con bitdefender

19-06-2007, 21:30	#1
KIKKEST Junior Member Iscritto dal: Jun 2007 Messaggi: 4	sppolw;igfxsvc;aiuto computer lavoro ciao, premtto che ho un computer di lavoro che adotta il S.O. Windows 2000 ed ultimamente mi crea questo problema: 1- Apertura di 3 o 4 pagine di ie32 all'avvio di windows 2- messaggio: iexplore_32 ha causato errori ecc.... premetto che ho provato tutto quello letto nelle precedenti discussioni,ma alcuni file tipo igfxsvc e spoolw ed altri non vengono mai cancellati ne con avenger ne con hijackthis..... Vi invio la scansione di Hijackthis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21.24.00, on 19/06/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe c:\winnt\system32\winlogon.exe C:\WINNT\explorer.exe C:\WINNT\system32\spoolw.exe C:\WINNT\system32\igfxsvc.exe C:\Programmi\Trend Micro\OfficeScan Client\ofcdog.exe C:\WINNT\System32\hkcmd.exe C:\WINNT\AGRSMMSG.exe C:\DOCUME~1\DIEGO~1.SAN\IMPOST~1\Temp\siqsaa.exe C:\Documents and Settings\All Users.WINNT\Dati applicazioni\warnhopeloveref\log bleh.exe C:\WINNT\iexplore_32.exe C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe C:\DOCUME~1\DIEGO~1.SAN\DATIAP~1\THISRO~1\Five Each.exe C:\WINNT\iexplore_32.exe C:\WINNT\iexplore_32.exe C:\WINNT\system32\drwtsn32.exe C:\WINNT\system32\spoolw.exe C:\WINNT\system32\igfxsvc.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Documents and Settings\diego.sanna\Desktop\HiJackThis_v2.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINNT\system32\wuauclt.exe C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\WARNHO~1\LOGBLE~1.EXE C:\WINNT\iexplore_32.exe C:\WINNT\iexplore_32.exe C:\WINNT\system32\drwtsn32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1B4E3797-976F-7360-CDED-6F224E402EB3} - C:\DOCUME~1\DIEGO~1.SAN\DATIAP~1\PROGRA~1\Cakecity.exe (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\diego.sanna\618164750.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe O4 - HKLM\..\Run: [3s5v55tt] C:\WINNT\system32\3s5v55tt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ImMsn] C:\WINNT\msncomm.exe /i O4 - HKLM\..\Run: [MediaCtr] C:\WINNT\mediacon.exe -i O4 - HKLM\..\Run: [msmmi] C:\WINNT\system32\msmmi.exe O4 - HKLM\..\Run: [siqsaa.exe] C:\DOCUME~1\DIEGO~1.SAN\IMPOST~1\Temp\siqsaa.exe O4 - HKLM\..\Run: [LoveRefHoldFork] C:\Documents and Settings\All Users.WINNT\Dati applicazioni\warnhopeloveref\log bleh.exe O4 - HKLM\..\Run: [gpphaa.exe] C:\WINNT\TEMP\gpphaa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKCU\..\Run: [OWNSJUMP] C:\DOCUME~1\DIEGO~1.SAN\DATIAP~1\THISRO~1\Five Each.exe O4 - HKCU\..\Run: [spoolw] C:\WINNT\system32\spoolw.exe O4 - HKCU\..\Run: [igfxsvc] C:\WINNT\system32\igfxsvc.exe O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINNT\winsys.exe O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: PortSrv.lnk = C:\Mv36bLT\lib\cmd-nt\portsrv80_13.bat O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://172.17.6.1/officescan/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://172.17.6.1/officescan/clientinstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://172.17.6.1/officescan/clientinstall/setup.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://172.17.6.1/officescan/clienti...RemoveCtrl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181143345617 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181143622004 O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe Vi prego aiutatemi

19-06-2007, 21:50	#3
Bugs Bunny Senior Member Iscritto dal: Aug 2005 Città: Genova Messaggi: 3397	dimenticavo... fai prima a formattare. __________________ Rimozione Worm/Rootkit Bagle - Rimozione Trojan Vundo - Rimozione virus MSN Messenger -Rimozione virus su chiavetta o errori di file mancante all'apertura del disco fisso - NT AUTHORITY SYSTEM spegne il pc ad ogni avvio. Cosa fare?(worm sasser/blaster/rustock) - Thread Ufficiale firewall software

20-06-2007, 20:54	#5
Bugs Bunny Senior Member Iscritto dal: Aug 2005 Città: Genova Messaggi: 3397	allora non credo che ci sia il ripristino conf di sys in win 2000... non l'ho mai usato quel s.o. __________________ Rimozione Worm/Rootkit Bagle - Rimozione Trojan Vundo - Rimozione virus MSN Messenger -Rimozione virus su chiavetta o errori di file mancante all'apertura del disco fisso - NT AUTHORITY SYSTEM spegne il pc ad ogni avvio. Cosa fare?(worm sasser/blaster/rustock) - Thread Ufficiale firewall software

21-06-2007, 11:30	#6
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	io si; e per tanto tempo; dopo che hai fatto riposta un log di hijackthis __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

21-06-2007, 21:58	#10
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	disabilita il system restore http://www.google.it/url?sa=t&ct=res...A9FIwdRJOSYdcQ fixa 4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe O4 - HKLM\..\Run: [lazgaa.exe] C:\WINNT\TEMP\lazgaa.exe O4 - HKCU\..\Run: [spoolw] C:\WINNT\system32\spoolw.exe O4 - HKCU\..\Run: [igfxsvc] C:\WINNT\system32\igfxsvc.exe O20 - AppInit_DLLs: riavvia e fai una scan online con bitdefender __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

20-06-2007, 20:30	#4
KIKKEST Junior Member Iscritto dal: Jun 2007 Messaggi: 4	come si fa a disabilitare il "ripristino di sistema"??? ti ricordo che il mio è un S.O. Windows 2000 professional grazie p.s. vorrei formattarlo ma l'azienda non me lo permette!!

21-06-2007, 21:42	#7
KIKKEST Junior Member Iscritto dal: Jun 2007 Messaggi: 4	Qui di seguito i files in rosso di GMER: File C:\WINNT\system32\lzx32.sys Service C:\WINT\system32\lzx32.sys [SYSTEM]pe386 Devo cancellarli? Avenger dopo il riavvio del S.O. mi ha mandato un resoconto nel quale scriveva di non aver trovato alcuni file e quindi di non averli cancellati.... dopo questo vi invio il log di Hijackthis

21-06-2007, 21:43	#8
KIKKEST Junior Member Iscritto dal: Jun 2007 Messaggi: 4	eccolo: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21.36.46, on 21/06/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe c:\winnt\system32\services.exe C:\WINNT\explorer.exe C:\WINNT\system32\spoolw.exe C:\WINNT\system32\igfxsvc.exe C:\Programmi\Trend Micro\OfficeScan Client\ofcdog.exe C:\WINNT\System32\hkcmd.exe C:\WINNT\AGRSMMSG.exe C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe C:\WINNT\TEMP\lazgaa.exe C:\WINNT\system32\spoolw.exe C:\WINNT\system32\igfxsvc.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINNT\system32\wuauclt.exe C:\Documents and Settings\diego.sanna\Desktop\gmer.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\diego.sanna\Desktop\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe O4 - HKLM\..\Run: [3s5v55tt] C:\WINNT\system32\3s5v55tt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [lazgaa.exe] C:\WINNT\TEMP\lazgaa.exe O4 - HKCU\..\Run: [spoolw] C:\WINNT\system32\spoolw.exe O4 - HKCU\..\Run: [igfxsvc] C:\WINNT\system32\igfxsvc.exe O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: PortSrv.lnk = C:\Mv36bLT\lib\cmd-nt\portsrv80_13.bat O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://172.17.6.1/officescan/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://172.17.6.1/officescan/clientinstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://172.17.6.1/officescan/clientinstall/setup.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://172.17.6.1/officescan/clienti...RemoveCtrl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181143345617 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181143622004 O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe -- End of file - 6107 bytes

21-06-2007, 21:56	#9
Tidus Strife Senior Member Iscritto dal: Feb 2007 Città: Spira, Zanarkand Messaggi: 394	Il file lzx32.sys è un rootkit, Rustock.B. Ecco come rimuoverlo: CLICCA QUI Oppure puoi provare ad eseguire direttamente questo: CLICCA X SCARICARE Processi da terminare ed eliminare: C:\WINNT\system32\spoolw.exe (2x) C:\WINNT\system32\igfxsvc.exe (2x) C:\WINNT\TEMP\lazgaa.exe Da fixare: O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe O4 - HKLM\..\Run: [3s5v55tt] C:\WINNT\system32\3s5v55tt.exe O4 - HKLM\..\Run: [lazgaa.exe] C:\WINNT\TEMP\lazgaa.exe O4 - HKCU\..\Run: [spoolw] C:\WINNT\system32\spoolw.exe O4 - HKCU\..\Run: [igfxsvc] C:\WINNT\system32\igfxsvc.exe O20 - AppInit_DLLs: Da fixare al 99% ma non sono sicurissimo: O4 - Global Startup: PortSrv.lnk = C:\Mv36bLT\lib\cmd-nt\portsrv80_13.bat Poi scarica avenger da >Qui (CLICCA)<, avvialo, fai input script manually e clicca sulla lente di ingrandimento, poi in quello spazio copia e incolla questo: Files to delete: C:\WINNT\system32\spoolw.exe C:\WINNT\system32\igfxsvc.exe C:\WINNT\TEMP\lazgaa.exe C:\Program Files\Media Pass\MediaPass.exe C:\WINNT\system32\3s5v55tt.exe C:\Mv36bLT\lib\cmd-nt\portsrv80_13.bat poi clicca su done e poi sul semaforo e riavvia il pc, poi vedi se avenger è riuscito ad eliminare i files.

Strumenti
Mostra una versione stampabile Invia questa pagina per email