Condividi:        

virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi fabrizius » 12/02/06 09:58

per rund1132.exe guarda qui:http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.f.html

e per shost.exe qui:http://securityresponse.symantec.com/avcenter/venc/data/w32.yodo@mm.html

cerca di seguire bene le spiegazioni e vedrai che riuscirai ad eliminarli definitivamente....
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Sponsor
 

virus

Postdi m@r10 » 12/02/06 18:31

Grazie fabrizius,
ma non sono molto bravo con l'inglese e questo è anche un linguaggio tecnico,mi sono applicato anche con un dizionario,ma non ci ho capito molto.
m@r10
Utente Senior
 
Post: 174
Iscritto il: 10/02/06 01:10

virus

Postdi m@r10 » 12/02/06 19:34

Sono riuscito a tradurre ed ho seguito le istruzioni,anche se non credo che il problema sia risolto.
Comunque ecco il log:


Logfile of HijackThis v1.99.1
Scan saved at 19.34.52, on 12/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Mario\Nuova cartella\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9671787573
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O23 - Service: Win Logon ( Microsoft Windows Logon Process) - Unknown owner - C:\WINNT\winlogon.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: windows dll service (dll service) - Unknown owner - C:\WINNT\rund1132.exe (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINNT\shost.exe (file missing)
m@r10
Utente Senior
 
Post: 174
Iscritto il: 10/02/06 01:10

Postdi fabrizius » 12/02/06 20:02

ciao prova a fare una ricerca nel registro di sistema.....start--->esegui--->digita regedit e dai ok.
Non dimenticare di fare una copia del registro:file--->esporta--->salvalo dove vuoi,in modo che se ci sono problemi basterà fare doppio click sul file creato e torna tutto come prima.
Nel menu contestuale del registro premi modifica---> trova,o F3 in alcuni pc e digita uno alla volta i file .exe e invia....se trova un file che non é quella che ti interessa ripremi invio fin quando non ti avvisa che la ricerca é finita
Stai attento a verificare il percorso esatto del file,deve conincidere alla lettera con il percorso indicato in hijackthis.....
Prova ma non é detto che le trovi
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

virus

Postdi m@r10 » 12/02/06 20:13

Ho fatto come mi hai detto.
ecco il log:


Logfile of HijackThis v1.99.1
Scan saved at 20.13.52, on 12/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Mario\Nuova cartella\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9671787573
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O23 - Service: Win Logon ( Microsoft Windows Logon Process) - Unknown owner - C:\WINNT\winlogon.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: windows dll service (dll service) - Unknown owner - C:\WINNT\rund1132.exe (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
m@r10
Utente Senior
 
Post: 174
Iscritto il: 10/02/06 01:10

Postdi fabrizius » 12/02/06 20:22

ne hai eliminato uno,shost.exe.....adesso sono rimasti i piu duri.....ma per quei due che sono rimasti credo che l'unica soluzione sia fare i passaggi descritti nelle pagine che ti ho linkato nei precedenti post.....almeno che ci sia qualche esperto che abbia un'altra soluzione....mai dire mai,intanto prova a rifare quelle procedure e adesso guardo anche io se trovo qualcosa
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi fabrizius » 12/02/06 20:57

http://vil.nai.com/vil/stinger/

questo é un tools per eliminare winlogon.exe...segui le istruzioni e con un po di pazienza vedi che ci riesci....non é difficile
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi fabrizius » 12/02/06 21:36

per rund1132.exe prova cercarlo sia qui:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rund1132.exe

e qui:HKCU\Software\Microsoft\Internet Explorer\Main\Start Page.

Prova a fare una ricerca generale per vedere se hai qualcosa del genere:

<Windows>\n0tepad.exe
<System>\n0tepad.exe
<Windows>\system\n0tepad.exe
<Windows>\system\Rund1132.exe
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi fabrizius » 12/02/06 21:49

vedi anche se hai qualcosa del genere: <Windows>\system\windll.dll
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi m@r10 » 13/02/06 02:18

Ho seguito le istruzioni peer winlogon,il risultato della scansione è stato:
"nunmber of clean files: 133263"

Ho trovato il file C:\WINNT\system32\rundll32.exe , devo eliminarlo?

la chiave HKCU\Software\Microsoft\Internet Explorer\Main\Start Page l'ho trovata ed eliminata

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rund1132.exe non l'ho trovata

I file n0tepad.exe e windll.dll non li ho trovati.

Ecco qui il log:

Logfile of HijackThis v1.99.1
Scan saved at 2.12.26, on 13/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Mario\cripty.exe
C:\WINNT\System32\SCardSvr.exe
C:\Mario\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9671787573
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O23 - Service: Win Logon ( Microsoft Windows Logon Process) - Unknown owner - C:\WINNT\winlogon.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: windows dll service (dll service) - Unknown owner - C:\WINNT\rund1132.exe (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
m@r10
Utente Senior
 
Post: 174
Iscritto il: 10/02/06 01:10

Postdi Luke57 » 13/02/06 08:31

Ciao, non lo eliminare è un file di sistema ( anche importante).
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi m@r10 » 13/02/06 10:03

Ok grazie,
quindi adesso posso stare tranquillo?
m@r10
Utente Senior
 
Post: 174
Iscritto il: 10/02/06 01:10

Postdi fabrizius » 13/02/06 12:13

il file da eliminare é: C:\WINNT\rund1132.exe non questo: C:\WINNT\system32\rundll32.exe---->file di sistema

Stai sempre attento che a volte dei malware hanno piu o meno lo stesso nome di file leggittimi,cambia solo qualche lettera

comunque a quanto vedo sono ancora presenti tutti e due.....
ma sei sicuro di averli cercati come si deve e di aver seguito alla lettera le procedure per la rimozione?

Normalmente con le procedure sarebbero dovuti partire

Aspettiamo se qualcuno piu esperto ha altri consigli
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "virus":


Chi c’è in linea

Visitano il forum: Nessuno e 23 ospiti

cron