Errore Rundll windows XP

di **Sgambo** » 26/02/09 08:34

giorno

ecco il log di combofix

Codice: Seleziona tutto: ComboFix 09-02-25.02 - utente 2009-02-26 8.12.58.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.191.59 [GMT 1:00] Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Creato nuovo punto di ripristino ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !! . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf . ((((((((((((((((((((((((( Files Creati Da 2009-01-26 al 2009-02-26 ))))))))))))))))))))))))))))))))))) . 2009-02-25 00:28 . 2009-02-25 00:28 <DIR> d-------- c:\programmi\CCleaner 2009-02-25 00:23 . 2009-02-25 00:23 <DIR> d-------- c:\programmi\Windows Media Connect 2 2009-02-25 00:19 . 2009-02-25 00:19 <DIR> d-------- c:\windows\system32\LogFiles 2009-02-25 00:19 . 2009-02-25 00:21 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-02-24 23:35 . 2009-02-24 23:35 <DIR> d-------- c:\windows\system32\it 2009-02-24 23:35 . 2009-02-24 23:35 <DIR> d-------- c:\windows\l2schemas 2009-02-24 22:45 . 2008-12-20 23:30 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-02-24 22:45 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-02-24 22:45 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-02-24 22:45 . 2008-12-20 23:30 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-02-24 22:45 . 2008-12-20 23:30 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-02-24 22:45 . 2008-12-20 23:30 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-02-24 22:45 . 2008-12-20 23:30 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-02-24 22:45 . 2008-12-20 23:30 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-02-24 22:45 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-02-24 22:44 . 2009-02-24 23:35 <DIR> d-------- c:\windows\system32\it-it 2009-02-24 22:37 . 2007-08-13 18:54 33,792 --a--c--- c:\windows\system32\dllcache\custsat.dll 2009-02-24 22:27 . 2006-11-02 23:33 1,678,336 -----c--- c:\windows\system32\dllcache\setup_wm.exe 2009-02-24 22:26 . 2008-09-10 02:14 1,307,648 --a------ c:\windows\system32\msxml6.dll 2009-02-24 22:25 . 2008-04-14 03:12 847,386 -----c--- c:\windows\system32\dllcache\msdxm.ocx 2009-02-24 22:24 . 2008-04-14 03:12 290,816 -----c--- c:\windows\system32\dllcache\l3codeca.acm 2009-02-24 22:24 . 2008-04-14 03:13 61,440 --------- c:\windows\system32\kmsvc.dll 2009-02-24 22:24 . 2008-04-14 03:13 37,376 --------- c:\windows\system32\l2gpstore.dll 2009-02-24 22:24 . 2008-04-14 03:12 6,144 --------- c:\windows\system32\kbdpash.dll 2009-02-24 22:24 . 2008-04-14 03:12 6,144 --------- c:\windows\system32\kbdnepr.dll 2009-02-24 22:24 . 2008-04-14 03:12 6,144 --------- c:\windows\system32\kbdiultn.dll 2009-02-24 22:24 . 2008-04-14 03:12 6,144 --------- c:\windows\system32\kbdbhc.dll 2009-02-24 22:24 . 2008-04-14 02:56 2,524 --------- c:\windows\system32\pid.inf 2009-02-24 22:22 . 2006-10-18 21:47 542,720 -----c--- c:\windows\system32\dllcache\blackbox.dll 2009-02-24 22:21 . 2008-04-14 03:13 136,192 --------- c:\windows\system32\aaclient.dll 2009-02-24 22:21 . 2006-11-02 22:54 7,680 -----c--- c:\windows\system32\dllcache\asferror.dll 2009-02-24 21:16 . 2008-06-14 18:32 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-02-24 21:13 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-24 21:13 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-24 21:13 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-24 21:13 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-24 21:13 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2009-02-24 21:12 . 2009-01-16 21:15 3,594,752 -----c--- c:\windows\system32\dllcache\mshtml.dll 2009-02-24 21:09 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-02-24 21:09 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-02-24 21:09 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2009-02-24 21:08 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-02-24 21:08 . 2008-05-01 15:34 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-02-24 21:02 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-02-24 21:02 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-02-24 21:02 . 2008-10-03 11:02 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll 2009-02-24 20:58 . 2009-02-25 00:04 <DIR> d--h----- c:\windows\$hf_mig$ 2009-02-24 20:12 . 2009-02-24 20:12 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Malwarebytes 2009-02-24 20:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-24 20:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-24 20:10 . 2009-02-24 20:12 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware 2009-02-24 20:10 . 2009-02-24 20:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2009-02-17 22:12 . 2009-02-17 22:13 1,726,379 --ahs---- c:\windows\system32\eyybfepc.ini 2009-02-14 21:26 . 2009-02-14 21:26 20,747 --a------ c:\windows\system32\drivers\AegisP.sys 2009-02-14 21:25 . 2009-02-14 21:25 <DIR> d-------- c:\programmi\ASUS 2009-02-14 21:25 . 2006-07-25 21:20 537,600 --a------ c:\windows\system32\ASWL2K.exe 2009-02-14 21:25 . 2004-05-06 12:21 496,640 --a------ c:\windows\system32\ASWLSVC.exe 2009-02-14 21:25 . 2006-06-08 10:49 344,064 --a------ c:\windows\system32\drivers\rt73.sys 2009-02-14 21:25 . 2005-10-17 19:50 245,376 --a------ c:\windows\system32\drivers\rt2500usb.sys 2009-02-14 21:25 . 2004-05-07 18:57 159,827 --a------ c:\windows\system32\RemSvc.exe 2009-02-14 21:25 . 2003-10-09 19:38 141,824 --a------ c:\windows\system32\ClientCpl.cpl 2009-02-14 21:25 . 2002-09-09 21:01 61,440 --a------ c:\windows\system32\ASUSW32N50.dll 2009-02-14 21:25 . 2002-09-09 19:54 16,269 --a------ c:\windows\system32\ASNDIS5.sys 2009-02-14 21:25 . 2001-04-16 05:48 15,577 --a------ c:\windows\system32\ASNDIS3.vxd . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-25 22:36 --------- d-----w c:\programmi\Alice MOBILE 2009-02-18 16:38 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8 2009-02-15 17:53 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-15 17:53 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-02-14 20:25 --------- d--h--w c:\programmi\InstallShield Installation Information 2009-02-13 17:29 --------- d-----w c:\documents and settings\utente\Dati applicazioni\MSN6 2009-01-22 16:19 --------- d-----w c:\programmi\File comuni\Adobe 2009-01-22 15:54 --------- d-----w c:\programmi\File comuni\InstallShield . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LtMoh"="c:\programmi\ltmoh\Ltmoh.exe" [2008-11-03 184320] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-15 1601304] "Control Center"="c:\programmi\ASUS\WLAN Card Utilities\Center.exe" [2006-08-15 1696256] "SoundMan"="SOUNDMAN.EXE" [2008-11-03 c:\windows\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2008-11-03 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-15 18:53 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\AVG\\AVG8\\avgemc.exe"= "c:\\Programmi\\AVG\\AVG8\\avgupd.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-03 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-03 107272] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-15 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-15 298264] R2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [2009-01-22 86016] R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2009-02-14 16269] S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [2009-01-22 104960] S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [2009-01-22 110080] S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [2009-01-22 104960] S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [2009-01-22 104960] S3 ONDAusbvoice;ONDA VoUSB Port;c:\windows\system32\drivers\ONDAusbvoice.sys [2009-01-22 105216] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{521777d1-a9d9-11dd-b899-00023f0c6f83}] \Shell\Auto\command - F:\fun.xls.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad37652b-a9c8-11dd-b898-00023f0c6f83}] \Shell\Auto\command - F:\sys.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0bfb02-a9db-11dd-b89a-00023f0c6f83}] \Shell\Auto\command - F:\sys.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe . - - - - CHIAVI ORFANE RIMOSSE - - - - HKCU-Run-MsnMsgr - c:\programmi\MSN Messenger\MsnMsgr.Exe . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.it/ IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-26 08:14:27 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . Ora fine scansione: 2009-02-26 8.15.52 ComboFix-quarantined-files.txt 2009-02-26 07:15:49 Pre-Run: 7.008.161.792 byte disponibili Post-Run: 7,002,894,336 byte disponibili 158 --- E O F --- 2009-02-24 23:53:45

di **Frate Aurelio** » 27/02/09 07:59

@Sgambo
Ciao e scusami il ritardo nello risponderti.

Esegui:
- Copiare e incollare le seguenti istrizioni su Blocco note.
- Salvare il file su desktop con tassativamente il nome CFScript.txt dove hai Combofix:

Codice: Seleziona tutto: File:: F:\fun.xls.exe F:\sys.exe C:\fun.xls.exe C:\sys.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad37652b-a9c8-11dd-b898-00023f0c6f83}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{521777d1-a9d9-11dd-b899-00023f0c6f83}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0bfb02-a9db-11dd-b89a-00023f0c6f83}]

- Trascinare il file CFScript.txt sull'icona di ComboFix.
- Attendere il termine della scansione
- Postare il nuovo log file log di Combofix.
- Postare un nuovo file log di Hijackthis.

Frate Aurelio
:oops:

di **Kayla** » 27/02/09 18:30

Ciao
Io ho lo stesso problema da settimane con il mio portatile, anche se ho Windows Vista . Seguendo lo stesso procendimento però, questi dannatissimi file rundll non sono andati via. Sono davvero fastidiosi! potreste aiutare anche me??
Grazie, confido nel vostro aiuto!

di **Mikizo** » 27/02/09 18:38

Il messaggio di errore non dice altro?

di **MIKI68** » 27/02/09 19:39

Ma te lo da all'avvio l'errore? Ti esce questo errore: Host Windows processo rundll32 ha smesso di funzionare?? Se ti dà quell'errore quando apri un immagine o un video allora prova a vedere in c:/windows/system32 e vedi se c'è il file lmpgspl.ax e rinominalo in 1lmpgspl.ax

Scaricati anche questo codec http://www.free-codecs.com/Vista_Codec_ ... wnload.htm 5.14

di **Frate Aurelio** » 27/02/09 20:17

@miki68
Ciao e grazie del tuo intervento.

Perdonami, ma ritengo che il problema più importante in questo momento siano queste infezioni:

Codice: Seleziona tutto: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{521777d1-a9d9-11dd-b899-00023f0c6f83}] \Shell\Auto\command - F:\fun.xls.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad37652b-a9c8-11dd-b898-00023f0c6f83}] \Shell\Auto\command - F:\sys.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0bfb02-a9db-11dd-b89a-00023f0c6f83}] \Shell\Auto\command - F:\sys.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe

Ritengo prioritaria la cancellazione di queste chiavi.

Frate Aurelio
:oops:

di **Sgambo** » 28/02/09 11:08

eccomi, allora

ti confermo che all'avvio del portatile non esce più l'errore rundll32, il pc si avvia tranquillamente senza nessun errore, è un po lentino, ma è un vecchio portatile potrebbe essere quello

questo il risultato che ho ottenuto dopo aver lanciato il file CFScript.txt con combofix

Codice: Seleziona tutto: ComboFix 09-02-25.02 - utente 2009-02-28 10.30.54.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.191.72 [GMT 1:00] Eseguito da: F:\ComboFix.exe Opzioni usate :: c:\documents and settings\utente\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Creato nuovo punto di ripristino ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !! . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\eyybfepc.ini . ((((((((((((((((((((((((( Files Creati Da 2009-01-28 al 2009-02-28 ))))))))))))))))))))))))))))))))))) . 2009-02-25 00:28 . 2009-02-25 00:28 <DIR> d-------- c:\programmi\CCleaner 2009-02-25 00:23 . 2009-02-25 00:23 <DIR> d-------- c:\programmi\Windows Media Connect 2 2009-02-25 00:19 . 2009-02-25 00:19 <DIR> d-------- c:\windows\system32\LogFiles 2009-02-25 00:19 . 2009-02-25 00:21 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-02-24 23:35 . 2009-02-24 23:35 <DIR> d-------- c:\windows\system32\it 2009-02-24 23:35 . 2009-02-24 23:35 <DIR> d-------- c:\windows\l2schemas 2009-02-24 22:45 . 2008-12-20 23:30 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-02-24 22:45 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-02-24 22:45 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-02-24 22:45 . 2008-12-20 23:30 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-02-24 22:45 . 2008-12-20 23:30 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-02-24 22:45 . 2008-12-20 23:30 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-02-24 22:45 . 2008-12-20 23:30 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-02-24 22:45 . 2008-12-20 23:30 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-02-24 22:45 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-02-24 22:44 . 2009-02-24 23:35 <DIR> d-------- c:\windows\system32\it-it 2009-02-24 22:37 . 2007-08-13 18:54 33,792 --a--c--- c:\windows\system32\dllcache\custsat.dll 2009-02-24 22:27 . 2006-11-02 23:33 1,678,336 -----c--- c:\windows\system32\dllcache\setup_wm.exe 2009-02-24 22:26 . 2008-09-10 02:14 1,307,648 --a------ c:\windows\system32\msxml6.dll 2009-02-24 22:25 . 2008-04-14 03:12 847,386 -----c--- c:\windows\system32\dllcache\msdxm.ocx 2009-02-24 22:24 . 2008-04-14 03:12 290,816 -----c--- c:\windows\system32\dllcache\l3codeca.acm 2009-02-24 22:24 . 2008-04-14 03:13 61,440 --------- c:\windows\system32\kmsvc.dll 2009-02-24 22:24 . 2008-04-14 03:13 37,376 --------- c:\windows\system32\l2gpstore.dll 2009-02-24 22:24 . 2008-04-14 03:12 6,144 --------- c:\windows\system32\kbdpash.dll 2009-02-24 22:24 . 2008-04-14 03:12 6,144 --------- c:\windows\system32\kbdnepr.dll 2009-02-24 22:24 . 2008-04-14 03:12 6,144 --------- c:\windows\system32\kbdiultn.dll 2009-02-24 22:24 . 2008-04-14 03:12 6,144 --------- c:\windows\system32\kbdbhc.dll 2009-02-24 22:24 . 2008-04-14 02:56 2,524 --------- c:\windows\system32\pid.inf 2009-02-24 22:22 . 2006-10-18 21:47 542,720 -----c--- c:\windows\system32\dllcache\blackbox.dll 2009-02-24 22:21 . 2008-04-14 03:13 136,192 --------- c:\windows\system32\aaclient.dll 2009-02-24 22:21 . 2006-11-02 22:54 7,680 -----c--- c:\windows\system32\dllcache\asferror.dll 2009-02-24 21:16 . 2008-06-14 18:32 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-02-24 21:13 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-24 21:13 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-24 21:13 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-24 21:13 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-24 21:13 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2009-02-24 21:12 . 2009-01-16 21:15 3,594,752 -----c--- c:\windows\system32\dllcache\mshtml.dll 2009-02-24 21:09 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-02-24 21:09 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-02-24 21:09 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2009-02-24 21:08 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-02-24 21:08 . 2008-05-01 15:34 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-02-24 21:02 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-02-24 21:02 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-02-24 21:02 . 2008-10-03 11:02 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll 2009-02-24 20:58 . 2009-02-25 00:04 <DIR> d--h----- c:\windows\$hf_mig$ 2009-02-24 20:12 . 2009-02-24 20:12 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Malwarebytes 2009-02-24 20:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-24 20:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-24 20:10 . 2009-02-24 20:12 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware 2009-02-24 20:10 . 2009-02-24 20:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2009-02-14 21:26 . 2009-02-14 21:26 20,747 --a------ c:\windows\system32\drivers\AegisP.sys 2009-02-14 21:25 . 2009-02-14 21:25 <DIR> d-------- c:\programmi\ASUS 2009-02-14 21:25 . 2006-07-25 21:20 537,600 --a------ c:\windows\system32\ASWL2K.exe 2009-02-14 21:25 . 2004-05-06 12:21 496,640 --a------ c:\windows\system32\ASWLSVC.exe 2009-02-14 21:25 . 2006-06-08 10:49 344,064 --a------ c:\windows\system32\drivers\rt73.sys 2009-02-14 21:25 . 2005-10-17 19:50 245,376 --a------ c:\windows\system32\drivers\rt2500usb.sys 2009-02-14 21:25 . 2004-05-07 18:57 159,827 --a------ c:\windows\system32\RemSvc.exe 2009-02-14 21:25 . 2003-10-09 19:38 141,824 --a------ c:\windows\system32\ClientCpl.cpl 2009-02-14 21:25 . 2002-09-09 21:01 61,440 --a------ c:\windows\system32\ASUSW32N50.dll 2009-02-14 21:25 . 2002-09-09 19:54 16,269 --a------ c:\windows\system32\ASNDIS5.sys 2009-02-14 21:25 . 2001-04-16 05:48 15,577 --a------ c:\windows\system32\ASNDIS3.vxd . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-26 11:59 --------- d-----w c:\programmi\Alice MOBILE 2009-02-18 16:38 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8 2009-02-15 17:53 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-15 17:53 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-02-15 17:53 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-02-14 20:25 --------- d--h--w c:\programmi\InstallShield Installation Information 2009-02-13 17:29 --------- d-----w c:\documents and settings\utente\Dati applicazioni\MSN6 2009-01-22 16:19 --------- d-----w c:\programmi\File comuni\Adobe 2009-01-22 15:54 --------- d-----w c:\programmi\File comuni\InstallShield 2008-12-20 22:31 826,368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LtMoh"="c:\programmi\ltmoh\Ltmoh.exe" [2008-11-03 184320] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-15 1601304] "Control Center"="c:\programmi\ASUS\WLAN Card Utilities\Center.exe" [2006-08-15 1696256] "SoundMan"="SOUNDMAN.EXE" [2008-11-03 c:\windows\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2008-11-03 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-15 18:53 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\AVG\\AVG8\\avgemc.exe"= "c:\\Programmi\\AVG\\AVG8\\avgupd.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-03 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-03 107272] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-15 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-15 298264] R2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [2009-01-22 86016] R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2009-02-14 16269] S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [2009-01-22 104960] S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [2009-01-22 110080] S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [2009-01-22 104960] S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [2009-01-22 104960] S3 ONDAusbvoice;ONDA VoUSB Port;c:\windows\system32\drivers\ONDAusbvoice.sys [2009-01-22 105216] --- Altri Servizi/Drivers In Memoria --- *NewlyCreated* - ASNDIS5 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dca2c24-e89d-11dd-b8d8-00023f0c6f83}] \Shell\AutoRun\command - F:\AutoRun.exe . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.it/ IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-28 10:32:29 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . Ora fine scansione: 2009-02-28 10.33.52 ComboFix-quarantined-files.txt 2009-02-28 09:33:49 ComboFix2.txt 2009-02-26 07:15:53 Pre-Run: 6.988.509.184 byte disponibili Post-Run: 6,976,188,416 byte disponibili 154 --- E O F --- 2009-02-24 23:53:45

qui il risultato con Hijackthis

Codice: Seleziona tutto: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11.05.00, on 28/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\SupportAppXL\onda_mon.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\ltmoh\Ltmoh.exe C:\Programmi\AVG\AVG8\avgcsrvx.exe C:\Programmi\ASUS\WLAN Card Utilities\Center.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\utente\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Control Center] C:\Programmi\ASUS\WLAN Card Utilities\Center.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232643189811 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\onda_mon.exe -- End of file - 4047 bytes

subito dopo ho fatto anche una scansione con malearebites

Codice: Seleziona tutto: Malwarebytes' Anti-Malware 1.34 Versione del database: 1799 Windows 5.1.2600 Service Pack 3 28/02/2009 10.58.41 mbam-log-2009-02-28 (10-58-41).txt Tipo di scansione: Scansione completa (C:\|D:\|F:\|) Elementi scansionati: 82892 Tempo trascorso: 14 minute(s), 33 second(s) Processi delle memoria infetti: 0 Moduli della memoria infetti: 0 Chiavi di registro infette: 0 Valori di registro infetti: 0 Elementi dato del registro infetti: 0 Cartelle infette: 0 File infetti: 0 Processi delle memoria infetti: (Nessun elemento malevolo rilevato) Moduli della memoria infetti: (Nessun elemento malevolo rilevato) Chiavi di registro infette: (Nessun elemento malevolo rilevato) Valori di registro infetti: (Nessun elemento malevolo rilevato) Elementi dato del registro infetti: (Nessun elemento malevolo rilevato) Cartelle infette: (Nessun elemento malevolo rilevato) File infetti: (Nessun elemento malevolo rilevato)

di **Frate Aurelio** » 28/02/09 12:31

@Sgambo
Ciao e buona giornata.

- Mi sembra che sia tutto OK
- Velocizziamo il PC:
Esegui:
● Correzione degli elementi trovati nelle "aree-chiave" del sistema da Hijackthis:

- Cliccare sulla icona Hijackthis sul Desktop
- Premere il pulsante:
- Do System scan only
- Fixare (premere il tasto Fix Checked di Hijackthis) dopo avere spuntato le seguenti voci:

Codice: Seleziona tutto: R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

Se non conosci la natura, la provenienza di onda_mon.exe Fixa anche:

Codice: Seleziona tutto: O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\onda_mon.exe

■ Pulizia file internet, temporanei etc. del PC
Effettua il download, l’ installazione e l’esecuzione di:
● CCleaner
http://www.ccleaner.com
● Importante:
In fase d’installazione levare la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni►Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

● ATF-Cleaner
- Scarica ATF-Cleaner (Non richiede installazione):
http://www.atribune.org/ccount/click.php?id=1
Spunta la voce:
- Select all
Premi il tasto:
- Empty Select

■ Deframmentazione HD
● Scaricare JkDefrag e installalo:
http://www.kessels.nl/JkDefrag/index.html
- Deframmentare l‘Hard Disk e in particolare quello del Sistema Operativo (SO di norma in C:)

■ Correzione errori File di Registro
● CCleaner
http://www.ccleaner.com
Cliccare i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati (Pulsante in basso a Destra)
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI

■ Deframmentazione File di Registro
- Scarica, installa ed esegui:
● Auslogics Registry Defrag
http://www.auslogics.com/en/software/re ... g/download

■ Installazione Firewall
Rilevo che non è installato nessun Firewall
Si può installare uno dei firewall gratuiti:
- PC Tools Firewall Plus™ 5 per Windows® Free in italiano
http://www.pctools.com/it/firewall/download/
oppure
http://www.pctools.com/it/firewall/
oppure
- Comodo. (In inglese)
http://www.personalfirewall.comodo.com/index.html
oppure
- Agnitum Outpost Free
http://www.agnitum.com/products/outpostfree/

■ Disinstallare Combofix
Eseguire:
- Start►Esegui
- Nella finestra scrivi:
- Combofix /u
- Premi OK
- cancella le cartelle in "C" di combofix (qoobox)

Ora è necessario provvedere affinché un ripristino di di sistema non reinstalli i virus cancellati:

● Importante:
Non effettuare assolutamente il Ripristino di Sistema prima di effettuare quanto segue:
Quando si è certi che il PC funziona in maniera corretta, ripeto quando si è certi, è necessario:

■ Procedura Disattivazione e Attivaziore ripristino di sistema
● Importante:
Non effettuare assolutamente il Ripristino di Sistema prima delle seguenti procedure.
Verrebbero altrimenti reinstallati i virus eliminati
Quando si è certi che il PC funziona in maniera corretta è necessario:
● Disattivare il Ripristino di sistema
eseguendo:
- Start►Risorse del computer
- Tasto Destro del mouse
- Proprietà►Ripristino configurazione di sistema
- Spuntare la voce:
- Disattiva ripristino configurazione di sistema su tutte le unità
- Cliccare sul pulsante:
- Applica
- Alla domanda di disattivare il Ripristino di configurazione di sistema rispondere:
- SI

● Riavviare il PC

● Attivare il Ripristino di sistema
eseguendo:
- Start>Risorse del computer
- Tasto Destro del mouse
- Proprietà►Ripristino configurazione di sistema
- Levare la spunta della voce:
- Disattiva ripristino configurazione di sistema su tutte le unità
- Attendere che nello stato sia scritto Monitoraggio
- Cliccare sul pulsante:
- Applica

Frate Aurelio
:oops:

N.B. Le mie risposte sono dettagliate per mettere in grado, a una importante parte della utenza non qualificata e che tuttavia leggono il Topic, di comprenderli ed eseguirli, indipendentemente dalla preparazione dell'utente a cui sono destinati.

di **Sgambo** » 28/02/09 14:26

onda_mon.exe è il pennino della telecom per la navigazione con alicemobile.

che devo fare, faccio lo stesso anche se conosco la provenienza?

di **Frate Aurelio** » 28/02/09 14:48

@Sgambo
Non fixare onda_mon.exe.

- Continuare con la procedura di pulizia e miglioramento prestazioni del PC.

Frate Aurelio
:oops:

di **Ludovik** » 01/03/09 17:39

Ciao,
anch'io avrei lo stesso problema solo k però a me appare così la finestra:

Errore durante il caricamento di C:\Users\User\AppData\Roaming\izyew.dll

seguendo ciò che è scritto nel topic viewtopic.php?f=25&t=78751&p=447190&hilit=run+dll#p447081 con Hijackthis appare:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.17.19, on 01/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\User\AppData\Local\wiies.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?sourceid=nav ... t&ie=UTF-8
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\SSPlus\Stup.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [wiies] "c:\users\user\appdata\local\wiies.exe" wiies
O4 - HKCU\..\Run: [kxtyqau] rundll32.exe "C:\Users\User\AppData\Roaming\izyew.dll",nsugqh
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O11 - Options group: [TBH] ??????
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.ex
--
End of file - 12846 bytes

di **Ludovik** » 01/03/09 17:42

Mi sono scordato di dire che il sistema k uso è vista.

di **Ludovik** » 01/03/09 22:28

Chiedo scusa di aver messo la domanda in questa sezione me ne accorgo ora dell'errore :oops:

Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Re: Errore Rundll windows XP

Topic correlati a "Errore Rundll windows XP":

Chi c’è in linea