Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Errore Rundll windows XP

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: -> EleKtrA <-, antoo69

Re: Errore Rundll windows XP

Postdi Sgambo » 26/02/09 08:34

giorno :)
ecco il log di combofix

Codice: Seleziona tutto
ComboFix 09-02-25.02 - utente 2009-02-26  8.12.58.1 - NTFSx86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1040.18.191.59 [GMT 1:00]

Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

 * Creato nuovo punto di ripristino



ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

.



(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\Autorun.inf



.

(((((((((((((((((((((((((   Files Creati Da 2009-01-26 al 2009-02-26  )))))))))))))))))))))))))))))))))))

.



2009-02-25 00:28 . 2009-02-25 00:28   <DIR>   d--------   c:\programmi\CCleaner

2009-02-25 00:23 . 2009-02-25 00:23   <DIR>   d--------   c:\programmi\Windows Media Connect 2

2009-02-25 00:19 . 2009-02-25 00:19   <DIR>   d--------   c:\windows\system32\LogFiles

2009-02-25 00:19 . 2009-02-25 00:21   <DIR>   d--------   c:\windows\system32\drivers\UMDF

2009-02-24 23:35 . 2009-02-24 23:35   <DIR>   d--------   c:\windows\system32\it

2009-02-24 23:35 . 2009-02-24 23:35   <DIR>   d--------   c:\windows\l2schemas

2009-02-24 22:45 . 2008-12-20 23:30   6,066,688   -----c---   c:\windows\system32\dllcache\ieframe.dll

2009-02-24 22:45 . 2007-04-17 10:32   2,455,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dat

2009-02-24 22:45 . 2007-03-08 06:11   1,032,192   -----c---   c:\windows\system32\dllcache\ieframe.dll.mui

2009-02-24 22:45 . 2008-12-20 23:30   459,264   -----c---   c:\windows\system32\dllcache\msfeeds.dll

2009-02-24 22:45 . 2008-12-20 23:30   383,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dll

2009-02-24 22:45 . 2008-12-20 23:30   267,776   -----c---   c:\windows\system32\dllcache\iertutil.dll

2009-02-24 22:45 . 2008-12-20 23:30   63,488   -----c---   c:\windows\system32\dllcache\icardie.dll

2009-02-24 22:45 . 2008-12-20 23:30   52,224   -----c---   c:\windows\system32\dllcache\msfeedsbs.dll

2009-02-24 22:45 . 2008-12-19 10:10   13,824   -----c---   c:\windows\system32\dllcache\ieudinit.exe

2009-02-24 22:44 . 2009-02-24 23:35   <DIR>   d--------   c:\windows\system32\it-it

2009-02-24 22:37 . 2007-08-13 18:54   33,792   --a--c---   c:\windows\system32\dllcache\custsat.dll

2009-02-24 22:27 . 2006-11-02 23:33   1,678,336   -----c---   c:\windows\system32\dllcache\setup_wm.exe

2009-02-24 22:26 . 2008-09-10 02:14   1,307,648   --a------   c:\windows\system32\msxml6.dll

2009-02-24 22:25 . 2008-04-14 03:12   847,386   -----c---   c:\windows\system32\dllcache\msdxm.ocx

2009-02-24 22:24 . 2008-04-14 03:12   290,816   -----c---   c:\windows\system32\dllcache\l3codeca.acm

2009-02-24 22:24 . 2008-04-14 03:13   61,440   ---------   c:\windows\system32\kmsvc.dll

2009-02-24 22:24 . 2008-04-14 03:13   37,376   ---------   c:\windows\system32\l2gpstore.dll

2009-02-24 22:24 . 2008-04-14 03:12   6,144   ---------   c:\windows\system32\kbdpash.dll

2009-02-24 22:24 . 2008-04-14 03:12   6,144   ---------   c:\windows\system32\kbdnepr.dll

2009-02-24 22:24 . 2008-04-14 03:12   6,144   ---------   c:\windows\system32\kbdiultn.dll

2009-02-24 22:24 . 2008-04-14 03:12   6,144   ---------   c:\windows\system32\kbdbhc.dll

2009-02-24 22:24 . 2008-04-14 02:56   2,524   ---------   c:\windows\system32\pid.inf

2009-02-24 22:22 . 2006-10-18 21:47   542,720   -----c---   c:\windows\system32\dllcache\blackbox.dll

2009-02-24 22:21 . 2008-04-14 03:13   136,192   ---------   c:\windows\system32\aaclient.dll

2009-02-24 22:21 . 2006-11-02 22:54   7,680   -----c---   c:\windows\system32\dllcache\asferror.dll

2009-02-24 21:16 . 2008-06-14 18:32   272,768   -----c---   c:\windows\system32\dllcache\bthport.sys

2009-02-24 21:13 . 2008-08-14 14:22   2,192,896   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-24 21:13 . 2008-08-14 14:22   2,148,864   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-24 21:13 . 2008-08-14 14:22   2,069,760   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-24 21:13 . 2008-08-14 14:22   2,027,520   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-24 21:13 . 2008-09-15 16:24   1,846,400   -----c---   c:\windows\system32\dllcache\win32k.sys

2009-02-24 21:12 . 2009-01-16 21:15   3,594,752   -----c---   c:\windows\system32\dllcache\mshtml.dll

2009-02-24 21:09 . 2008-10-24 12:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys

2009-02-24 21:09 . 2008-12-11 11:57   333,952   -----c---   c:\windows\system32\dllcache\srv.sys

2009-02-24 21:09 . 2008-05-08 15:02   203,136   -----c---   c:\windows\system32\dllcache\rmcast.sys

2009-02-24 21:08 . 2008-04-11 20:04   691,712   -----c---   c:\windows\system32\dllcache\inetcomm.dll

2009-02-24 21:08 . 2008-05-01 15:34   331,776   -----c---   c:\windows\system32\dllcache\msadce.dll

2009-02-24 21:02 . 2008-09-04 18:15   1,106,944   -----c---   c:\windows\system32\dllcache\msxml3.dll

2009-02-24 21:02 . 2008-10-15 17:36   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll

2009-02-24 21:02 . 2008-10-03 11:02   247,326   -----c---   c:\windows\system32\dllcache\strmdll.dll

2009-02-24 20:58 . 2009-02-25 00:04   <DIR>   d--h-----   c:\windows\$hf_mig$

2009-02-24 20:12 . 2009-02-24 20:12   <DIR>   d--------   c:\documents and settings\utente\Dati applicazioni\Malwarebytes

2009-02-24 20:11 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-24 20:11 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys

2009-02-24 20:10 . 2009-02-24 20:12   <DIR>   d--------   c:\programmi\Malwarebytes' Anti-Malware

2009-02-24 20:10 . 2009-02-24 20:10   <DIR>   d--------   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes

2009-02-17 22:12 . 2009-02-17 22:13   1,726,379   --ahs----   c:\windows\system32\eyybfepc.ini

2009-02-14 21:26 . 2009-02-14 21:26   20,747   --a------   c:\windows\system32\drivers\AegisP.sys

2009-02-14 21:25 . 2009-02-14 21:25   <DIR>   d--------   c:\programmi\ASUS

2009-02-14 21:25 . 2006-07-25 21:20   537,600   --a------   c:\windows\system32\ASWL2K.exe

2009-02-14 21:25 . 2004-05-06 12:21   496,640   --a------   c:\windows\system32\ASWLSVC.exe

2009-02-14 21:25 . 2006-06-08 10:49   344,064   --a------   c:\windows\system32\drivers\rt73.sys

2009-02-14 21:25 . 2005-10-17 19:50   245,376   --a------   c:\windows\system32\drivers\rt2500usb.sys

2009-02-14 21:25 . 2004-05-07 18:57   159,827   --a------   c:\windows\system32\RemSvc.exe

2009-02-14 21:25 . 2003-10-09 19:38   141,824   --a------   c:\windows\system32\ClientCpl.cpl

2009-02-14 21:25 . 2002-09-09 21:01   61,440   --a------   c:\windows\system32\ASUSW32N50.dll

2009-02-14 21:25 . 2002-09-09 19:54   16,269   --a------   c:\windows\system32\ASNDIS5.sys

2009-02-14 21:25 . 2001-04-16 05:48   15,577   --a------   c:\windows\system32\ASNDIS3.vxd



.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-25 22:36   ---------   d-----w   c:\programmi\Alice MOBILE

2009-02-18 16:38   ---------   d-----w   c:\documents and settings\All Users\Dati applicazioni\avg8

2009-02-15 17:53   325,128   ----a-w   c:\windows\system32\drivers\avgldx86.sys

2009-02-15 17:53   107,272   ----a-w   c:\windows\system32\drivers\avgtdix.sys

2009-02-14 20:25   ---------   d--h--w   c:\programmi\InstallShield Installation Information

2009-02-13 17:29   ---------   d-----w   c:\documents and settings\utente\Dati applicazioni\MSN6

2009-01-22 16:19   ---------   d-----w   c:\programmi\File comuni\Adobe

2009-01-22 15:54   ---------   d-----w   c:\programmi\File comuni\InstallShield

.



(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LtMoh"="c:\programmi\ltmoh\Ltmoh.exe" [2008-11-03 184320]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-15 1601304]

"Control Center"="c:\programmi\ASUS\WLAN Card Utilities\Center.exe" [2006-08-15 1696256]

"SoundMan"="SOUNDMAN.EXE" [2008-11-03 c:\windows\SOUNDMAN.EXE]

"AGRSMMSG"="AGRSMMSG.exe" [2008-11-03 c:\windows\AGRSMMSG.exe]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-15 18:53 10520 c:\windows\system32\avgrsstx.dll



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programmi\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=



R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-03 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-03 107272]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-15 903960]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-15 298264]

R2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [2009-01-22 86016]

R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2009-02-14 16269]

S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [2009-01-22 104960]

S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [2009-01-22 110080]

S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [2009-01-22 104960]

S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [2009-01-22 104960]

S3 ONDAusbvoice;ONDA VoUSB Port;c:\windows\system32\drivers\ONDAusbvoice.sys [2009-01-22 105216]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{521777d1-a9d9-11dd-b899-00023f0c6f83}]

\Shell\Auto\command - F:\fun.xls.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad37652b-a9c8-11dd-b898-00023f0c6f83}]

\Shell\Auto\command - F:\sys.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0bfb02-a9db-11dd-b89a-00023f0c6f83}]

\Shell\Auto\command - F:\sys.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe

.

- - - - CHIAVI ORFANE RIMOSSE - - - -



HKCU-Run-MsnMsgr - c:\programmi\MSN Messenger\MsnMsgr.Exe





.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.google.it/

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.



**************************************************************************



catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-26 08:14:27

Windows 5.1.2600 Service Pack 3 NTFS



scansione processi nascosti ...



scansione entrate autostart nascoste ...



Scansione files nascosti ...



Scansione completata con successo

Files nascosti: 0



**************************************************************************

.

Ora fine scansione: 2009-02-26  8.15.52

ComboFix-quarantined-files.txt  2009-02-26 07:15:49



Pre-Run: 7.008.161.792 byte disponibili

Post-Run: 7,002,894,336 byte disponibili



158   --- E O F ---   2009-02-24 23:53:45

Sgambo
Utente Senior
 
Post: 229
Iscritto il: 30/06/03 00:39
Località: Sardegna

Sponsor
 

Re: Errore Rundll windows XP

Postdi Frate Aurelio » 27/02/09 07:59

@Sgambo
Ciao e scusami il ritardo nello risponderti.

Esegui:
- Copiare e incollare le seguenti istrizioni su Blocco note.
- Salvare il file su desktop con tassativamente il nome CFScript.txt dove hai Combofix:

Codice: Seleziona tutto
File::
F:\fun.xls.exe
F:\sys.exe
C:\fun.xls.exe
C:\sys.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad37652b-a9c8-11dd-b898-00023f0c6f83}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{521777d1-a9d9-11dd-b899-00023f0c6f83}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0bfb02-a9db-11dd-b89a-00023f0c6f83}]


- Trascinare il file CFScript.txt sull'icona di ComboFix.
- Attendere il termine della scansione
- Postare il nuovo log file log di Combofix.
- Postare un nuovo file log di Hijackthis.

Frate Aurelio
:oops:
Ora et Labora
Avatar utente
Frate Aurelio
Moderatore
 
Post: 251
Iscritto il: 16/01/09 00:01

Re: Errore Rundll windows XP

Postdi Kayla » 27/02/09 18:30

Ciao
Io ho lo stesso problema da settimane con il mio portatile, anche se ho Windows Vista . Seguendo lo stesso procendimento però, questi dannatissimi file rundll non sono andati via. Sono davvero fastidiosi! potreste aiutare anche me??
Grazie, confido nel vostro aiuto!
Immagine
VOTATEMI CLICCANDO SULLA MOTO DAI!
Kayla
Newbie
 
Post: 8
Iscritto il: 27/02/09 14:47

Re: Errore Rundll windows XP

Postdi Mikizo » 27/02/09 18:38

Il messaggio di errore non dice altro?
Avatar utente
Mikizo
Download Admin
 
Post: 8517
Iscritto il: 05/01/02 01:00
Località: Outside

Re: Errore Rundll windows XP

Postdi MIKI68 » 27/02/09 19:39

Ma te lo da all'avvio l'errore? Ti esce questo errore: Host Windows processo rundll32 ha smesso di funzionare?? Se ti dà quell'errore quando apri un immagine o un video allora prova a vedere in c:/windows/system32 e vedi se c'è il file lmpgspl.ax e rinominalo in 1lmpgspl.ax ;) Scaricati anche questo codec http://www.free-codecs.com/Vista_Codec_ ... wnload.htm 5.14
Trucchi e impostazioni per un computer sempre efficiente http://miki68news.blogspot.com/
Avatar utente
MIKI68
Utente Senior
 
Post: 1732
Iscritto il: 17/10/08 15:26
Località: Bari

Re: Errore Rundll windows XP

Postdi Frate Aurelio » 27/02/09 20:17

@miki68
Ciao e grazie del tuo intervento.

Perdonami, ma ritengo che il problema più importante in questo momento siano queste infezioni:
Codice: Seleziona tutto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{521777d1-a9d9-11dd-b899-00023f0c6f83}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad37652b-a9c8-11dd-b898-00023f0c6f83}]
\Shell\Auto\command - F:\sys.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0bfb02-a9db-11dd-b89a-00023f0c6f83}]
\Shell\Auto\command - F:\sys.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe


Ritengo prioritaria la cancellazione di queste chiavi.

Frate Aurelio
:oops:
Ora et Labora
Avatar utente
Frate Aurelio
Moderatore
 
Post: 251
Iscritto il: 16/01/09 00:01

Re: Errore Rundll windows XP

Postdi Sgambo » 28/02/09 11:08

eccomi, allora

ti confermo che all'avvio del portatile non esce più l'errore rundll32, il pc si avvia tranquillamente senza nessun errore, è un po lentino, ma è un vecchio portatile potrebbe essere quello

questo il risultato che ho ottenuto dopo aver lanciato il file CFScript.txt con combofix

Codice: Seleziona tutto
ComboFix 09-02-25.02 - utente 2009-02-28 10.30.54.2 - NTFSx86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1040.18.191.72 [GMT 1:00]

Eseguito da: F:\ComboFix.exe

Opzioni usate :: c:\documents and settings\utente\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

 * Creato nuovo punto di ripristino



ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

.



(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\windows\system32\eyybfepc.ini



.

(((((((((((((((((((((((((   Files Creati Da 2009-01-28 al 2009-02-28  )))))))))))))))))))))))))))))))))))

.



2009-02-25 00:28 . 2009-02-25 00:28   <DIR>   d--------   c:\programmi\CCleaner

2009-02-25 00:23 . 2009-02-25 00:23   <DIR>   d--------   c:\programmi\Windows Media Connect 2

2009-02-25 00:19 . 2009-02-25 00:19   <DIR>   d--------   c:\windows\system32\LogFiles

2009-02-25 00:19 . 2009-02-25 00:21   <DIR>   d--------   c:\windows\system32\drivers\UMDF

2009-02-24 23:35 . 2009-02-24 23:35   <DIR>   d--------   c:\windows\system32\it

2009-02-24 23:35 . 2009-02-24 23:35   <DIR>   d--------   c:\windows\l2schemas

2009-02-24 22:45 . 2008-12-20 23:30   6,066,688   -----c---   c:\windows\system32\dllcache\ieframe.dll

2009-02-24 22:45 . 2007-04-17 10:32   2,455,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dat

2009-02-24 22:45 . 2007-03-08 06:11   1,032,192   -----c---   c:\windows\system32\dllcache\ieframe.dll.mui

2009-02-24 22:45 . 2008-12-20 23:30   459,264   -----c---   c:\windows\system32\dllcache\msfeeds.dll

2009-02-24 22:45 . 2008-12-20 23:30   383,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dll

2009-02-24 22:45 . 2008-12-20 23:30   267,776   -----c---   c:\windows\system32\dllcache\iertutil.dll

2009-02-24 22:45 . 2008-12-20 23:30   63,488   -----c---   c:\windows\system32\dllcache\icardie.dll

2009-02-24 22:45 . 2008-12-20 23:30   52,224   -----c---   c:\windows\system32\dllcache\msfeedsbs.dll

2009-02-24 22:45 . 2008-12-19 10:10   13,824   -----c---   c:\windows\system32\dllcache\ieudinit.exe

2009-02-24 22:44 . 2009-02-24 23:35   <DIR>   d--------   c:\windows\system32\it-it

2009-02-24 22:37 . 2007-08-13 18:54   33,792   --a--c---   c:\windows\system32\dllcache\custsat.dll

2009-02-24 22:27 . 2006-11-02 23:33   1,678,336   -----c---   c:\windows\system32\dllcache\setup_wm.exe

2009-02-24 22:26 . 2008-09-10 02:14   1,307,648   --a------   c:\windows\system32\msxml6.dll

2009-02-24 22:25 . 2008-04-14 03:12   847,386   -----c---   c:\windows\system32\dllcache\msdxm.ocx

2009-02-24 22:24 . 2008-04-14 03:12   290,816   -----c---   c:\windows\system32\dllcache\l3codeca.acm

2009-02-24 22:24 . 2008-04-14 03:13   61,440   ---------   c:\windows\system32\kmsvc.dll

2009-02-24 22:24 . 2008-04-14 03:13   37,376   ---------   c:\windows\system32\l2gpstore.dll

2009-02-24 22:24 . 2008-04-14 03:12   6,144   ---------   c:\windows\system32\kbdpash.dll

2009-02-24 22:24 . 2008-04-14 03:12   6,144   ---------   c:\windows\system32\kbdnepr.dll

2009-02-24 22:24 . 2008-04-14 03:12   6,144   ---------   c:\windows\system32\kbdiultn.dll

2009-02-24 22:24 . 2008-04-14 03:12   6,144   ---------   c:\windows\system32\kbdbhc.dll

2009-02-24 22:24 . 2008-04-14 02:56   2,524   ---------   c:\windows\system32\pid.inf

2009-02-24 22:22 . 2006-10-18 21:47   542,720   -----c---   c:\windows\system32\dllcache\blackbox.dll

2009-02-24 22:21 . 2008-04-14 03:13   136,192   ---------   c:\windows\system32\aaclient.dll

2009-02-24 22:21 . 2006-11-02 22:54   7,680   -----c---   c:\windows\system32\dllcache\asferror.dll

2009-02-24 21:16 . 2008-06-14 18:32   272,768   -----c---   c:\windows\system32\dllcache\bthport.sys

2009-02-24 21:13 . 2008-08-14 14:22   2,192,896   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-24 21:13 . 2008-08-14 14:22   2,148,864   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-24 21:13 . 2008-08-14 14:22   2,069,760   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-24 21:13 . 2008-08-14 14:22   2,027,520   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-24 21:13 . 2008-09-15 16:24   1,846,400   -----c---   c:\windows\system32\dllcache\win32k.sys

2009-02-24 21:12 . 2009-01-16 21:15   3,594,752   -----c---   c:\windows\system32\dllcache\mshtml.dll

2009-02-24 21:09 . 2008-10-24 12:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys

2009-02-24 21:09 . 2008-12-11 11:57   333,952   -----c---   c:\windows\system32\dllcache\srv.sys

2009-02-24 21:09 . 2008-05-08 15:02   203,136   -----c---   c:\windows\system32\dllcache\rmcast.sys

2009-02-24 21:08 . 2008-04-11 20:04   691,712   -----c---   c:\windows\system32\dllcache\inetcomm.dll

2009-02-24 21:08 . 2008-05-01 15:34   331,776   -----c---   c:\windows\system32\dllcache\msadce.dll

2009-02-24 21:02 . 2008-09-04 18:15   1,106,944   -----c---   c:\windows\system32\dllcache\msxml3.dll

2009-02-24 21:02 . 2008-10-15 17:36   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll

2009-02-24 21:02 . 2008-10-03 11:02   247,326   -----c---   c:\windows\system32\dllcache\strmdll.dll

2009-02-24 20:58 . 2009-02-25 00:04   <DIR>   d--h-----   c:\windows\$hf_mig$

2009-02-24 20:12 . 2009-02-24 20:12   <DIR>   d--------   c:\documents and settings\utente\Dati applicazioni\Malwarebytes

2009-02-24 20:11 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-24 20:11 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys

2009-02-24 20:10 . 2009-02-24 20:12   <DIR>   d--------   c:\programmi\Malwarebytes' Anti-Malware

2009-02-24 20:10 . 2009-02-24 20:10   <DIR>   d--------   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes

2009-02-14 21:26 . 2009-02-14 21:26   20,747   --a------   c:\windows\system32\drivers\AegisP.sys

2009-02-14 21:25 . 2009-02-14 21:25   <DIR>   d--------   c:\programmi\ASUS

2009-02-14 21:25 . 2006-07-25 21:20   537,600   --a------   c:\windows\system32\ASWL2K.exe

2009-02-14 21:25 . 2004-05-06 12:21   496,640   --a------   c:\windows\system32\ASWLSVC.exe

2009-02-14 21:25 . 2006-06-08 10:49   344,064   --a------   c:\windows\system32\drivers\rt73.sys

2009-02-14 21:25 . 2005-10-17 19:50   245,376   --a------   c:\windows\system32\drivers\rt2500usb.sys

2009-02-14 21:25 . 2004-05-07 18:57   159,827   --a------   c:\windows\system32\RemSvc.exe

2009-02-14 21:25 . 2003-10-09 19:38   141,824   --a------   c:\windows\system32\ClientCpl.cpl

2009-02-14 21:25 . 2002-09-09 21:01   61,440   --a------   c:\windows\system32\ASUSW32N50.dll

2009-02-14 21:25 . 2002-09-09 19:54   16,269   --a------   c:\windows\system32\ASNDIS5.sys

2009-02-14 21:25 . 2001-04-16 05:48   15,577   --a------   c:\windows\system32\ASNDIS3.vxd



.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-26 11:59   ---------   d-----w   c:\programmi\Alice MOBILE

2009-02-18 16:38   ---------   d-----w   c:\documents and settings\All Users\Dati applicazioni\avg8

2009-02-15 17:53   325,128   ----a-w   c:\windows\system32\drivers\avgldx86.sys

2009-02-15 17:53   107,272   ----a-w   c:\windows\system32\drivers\avgtdix.sys

2009-02-15 17:53   10,520   ----a-w   c:\windows\system32\avgrsstx.dll

2009-02-14 20:25   ---------   d--h--w   c:\programmi\InstallShield Installation Information

2009-02-13 17:29   ---------   d-----w   c:\documents and settings\utente\Dati applicazioni\MSN6

2009-01-22 16:19   ---------   d-----w   c:\programmi\File comuni\Adobe

2009-01-22 15:54   ---------   d-----w   c:\programmi\File comuni\InstallShield

2008-12-20 22:31   826,368   ----a-w   c:\windows\system32\wininet.dll

.



(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LtMoh"="c:\programmi\ltmoh\Ltmoh.exe" [2008-11-03 184320]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-15 1601304]

"Control Center"="c:\programmi\ASUS\WLAN Card Utilities\Center.exe" [2006-08-15 1696256]

"SoundMan"="SOUNDMAN.EXE" [2008-11-03 c:\windows\SOUNDMAN.EXE]

"AGRSMMSG"="AGRSMMSG.exe" [2008-11-03 c:\windows\AGRSMMSG.exe]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-15 18:53 10520 c:\windows\system32\avgrsstx.dll



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programmi\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=



R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-03 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-03 107272]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-15 903960]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-15 298264]

R2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [2009-01-22 86016]

R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2009-02-14 16269]

S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [2009-01-22 104960]

S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [2009-01-22 110080]

S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [2009-01-22 104960]

S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [2009-01-22 104960]

S3 ONDAusbvoice;ONDA VoUSB Port;c:\windows\system32\drivers\ONDAusbvoice.sys [2009-01-22 105216]



--- Altri Servizi/Drivers In Memoria ---



*NewlyCreated* - ASNDIS5



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dca2c24-e89d-11dd-b8d8-00023f0c6f83}]

\Shell\AutoRun\command - F:\AutoRun.exe

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.google.it/

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.



**************************************************************************



catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-28 10:32:29

Windows 5.1.2600 Service Pack 3 NTFS



scansione processi nascosti ...



scansione entrate autostart nascoste ...



Scansione files nascosti ...



Scansione completata con successo

Files nascosti: 0



**************************************************************************

.

Ora fine scansione: 2009-02-28 10.33.52

ComboFix-quarantined-files.txt  2009-02-28 09:33:49

ComboFix2.txt  2009-02-26 07:15:53



Pre-Run: 6.988.509.184 byte disponibili

Post-Run: 6,976,188,416 byte disponibili



154   --- E O F ---   2009-02-24 23:53:45


qui il risultato con Hijackthis

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11.05.00, on 28/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\SupportAppXL\onda_mon.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programmi\ltmoh\Ltmoh.exe

C:\Programmi\AVG\AVG8\avgcsrvx.exe

C:\Programmi\ASUS\WLAN Card Utilities\Center.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\utente\Desktop\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Control Center] C:\Programmi\ASUS\WLAN Card Utilities\Center.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232643189811

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\onda_mon.exe



--

End of file - 4047 bytes


subito dopo ho fatto anche una scansione con malearebites

Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.34

Versione del database: 1799

Windows 5.1.2600 Service Pack 3



28/02/2009 10.58.41

mbam-log-2009-02-28 (10-58-41).txt



Tipo di scansione: Scansione completa (C:\|D:\|F:\|)

Elementi scansionati: 82892

Tempo trascorso: 14 minute(s), 33 second(s)



Processi delle memoria infetti: 0

Moduli della memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Elementi dato del registro infetti: 0

Cartelle infette: 0

File infetti: 0



Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)



Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)



Chiavi di registro infette:

(Nessun elemento malevolo rilevato)



Valori di registro infetti:

(Nessun elemento malevolo rilevato)



Elementi dato del registro infetti:

(Nessun elemento malevolo rilevato)



Cartelle infette:

(Nessun elemento malevolo rilevato)



File infetti:

(Nessun elemento malevolo rilevato)
Sgambo
Utente Senior
 
Post: 229
Iscritto il: 30/06/03 00:39
Località: Sardegna

Re: Errore Rundll windows XP

Postdi Frate Aurelio » 28/02/09 12:31

@Sgambo
Ciao e buona giornata.

- Mi sembra che sia tutto OK
- Velocizziamo il PC:
Esegui:
Correzione degli elementi trovati nelle "aree-chiave" del sistema da Hijackthis:

- Cliccare sulla icona Hijackthis sul Desktop
- Premere il pulsante:
- Do System scan only
- Fixare (premere il tasto Fix Checked di Hijackthis) dopo avere spuntato le seguenti voci:

Codice: Seleziona tutto
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti


Se non conosci la natura, la provenienza di onda_mon.exe Fixa anche:

Codice: Seleziona tutto
O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\onda_mon.exe


Pulizia file internet, temporanei etc. del PC
Effettua il download, l’ installazione e l’esecuzione di:
CCleaner
http://www.ccleaner.com
Importante:
In fase d’installazione levare la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni►Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

ATF-Cleaner
- Scarica ATF-Cleaner (Non richiede installazione):
http://www.atribune.org/ccount/click.php?id=1
Spunta la voce:
- Select all
Premi il tasto:
- Empty Select

Deframmentazione HD
Scaricare JkDefrag e installalo:
http://www.kessels.nl/JkDefrag/index.html
- Deframmentare l‘Hard Disk e in particolare quello del Sistema Operativo (SO di norma in C:)

Correzione errori File di Registro
CCleaner
http://www.ccleaner.com
Cliccare i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati (Pulsante in basso a Destra)
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI

Deframmentazione File di Registro
- Scarica, installa ed esegui:
Auslogics Registry Defrag
http://www.auslogics.com/en/software/re ... g/download


Installazione Firewall
Rilevo che non è installato nessun Firewall
Si può installare uno dei firewall gratuiti:
- PC Tools Firewall Plus™ 5 per Windows® Free in italiano
http://www.pctools.com/it/firewall/download/
oppure
http://www.pctools.com/it/firewall/
oppure
- Comodo. (In inglese)
http://www.personalfirewall.comodo.com/index.html
oppure
- Agnitum Outpost Free
http://www.agnitum.com/products/outpostfree/

Disinstallare Combofix
Eseguire:
- Start►Esegui
- Nella finestra scrivi:
- Combofix /u
- Premi OK
- cancella le cartelle in "C" di combofix (qoobox)

Ora è necessario provvedere affinché un ripristino di di sistema non reinstalli i virus cancellati:

Importante:
Non effettuare assolutamente il Ripristino di Sistema prima di effettuare quanto segue:
Quando si è certi che il PC funziona in maniera corretta, ripeto quando si è certi, è necessario:

Procedura Disattivazione e Attivaziore ripristino di sistema
Importante:
Non effettuare assolutamente il Ripristino di Sistema prima delle seguenti procedure.
Verrebbero altrimenti reinstallati i virus eliminati
Quando si è certi che il PC funziona in maniera corretta è necessario:
Disattivare il Ripristino di sistema
eseguendo:
- Start►Risorse del computer
- Tasto Destro del mouse
- Proprietà►Ripristino configurazione di sistema
- Spuntare la voce:
- Disattiva ripristino configurazione di sistema su tutte le unità
- Cliccare sul pulsante:
- Applica
- Alla domanda di disattivare il Ripristino di configurazione di sistema rispondere:
- SI

Riavviare il PC

Attivare il Ripristino di sistema
eseguendo:
- Start>Risorse del computer
- Tasto Destro del mouse
- Proprietà►Ripristino configurazione di sistema
- Levare la spunta della voce:
- Disattiva ripristino configurazione di sistema su tutte le unità
- Attendere che nello stato sia scritto Monitoraggio
- Cliccare sul pulsante:
- Applica

Frate Aurelio
:oops:

N.B. Le mie risposte sono dettagliate per mettere in grado, a una importante parte della utenza non qualificata e che tuttavia leggono il Topic, di comprenderli ed eseguirli, indipendentemente dalla preparazione dell'utente a cui sono destinati.
Ora et Labora
Avatar utente
Frate Aurelio
Moderatore
 
Post: 251
Iscritto il: 16/01/09 00:01

Re: Errore Rundll windows XP

Postdi Sgambo » 28/02/09 14:26

onda_mon.exe è il pennino della telecom per la navigazione con alicemobile.

che devo fare, faccio lo stesso anche se conosco la provenienza?
Sgambo
Utente Senior
 
Post: 229
Iscritto il: 30/06/03 00:39
Località: Sardegna

Re: Errore Rundll windows XP

Postdi Frate Aurelio » 28/02/09 14:48

@Sgambo
Non fixare onda_mon.exe.

- Continuare con la procedura di pulizia e miglioramento prestazioni del PC.

Frate Aurelio
:oops:
Ora et Labora
Avatar utente
Frate Aurelio
Moderatore
 
Post: 251
Iscritto il: 16/01/09 00:01

Re: Errore Rundll windows XP

Postdi Ludovik » 01/03/09 17:39

Ciao,
anch'io avrei lo stesso problema solo k però a me appare così la finestra:

Errore durante il caricamento di C:\Users\User\AppData\Roaming\izyew.dll


seguendo ciò che è scritto nel topic viewtopic.php?f=25&t=78751&p=447190&hilit=run+dll#p447081 con Hijackthis appare:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.17.19, on 01/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\User\AppData\Local\wiies.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?sourceid=nav ... t&ie=UTF-8
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\SSPlus\Stup.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [wiies] "c:\users\user\appdata\local\wiies.exe" wiies
O4 - HKCU\..\Run: [kxtyqau] rundll32.exe "C:\Users\User\AppData\Roaming\izyew.dll",nsugqh
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O11 - Options group: [TBH] ??????
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.ex
--
End of file - 12846 bytes
Ludovik
Newbie
 
Post: 4
Iscritto il: 01/03/09 17:03

Re: Errore Rundll windows XP

Postdi Ludovik » 01/03/09 17:42

Mi sono scordato di dire che il sistema k uso è vista.
Ludovik
Newbie
 
Post: 4
Iscritto il: 01/03/09 17:03

Re: Errore Rundll windows XP

Postdi Ludovik » 01/03/09 22:28

Chiedo scusa di aver messo la domanda in questa sezione me ne accorgo ora dell'errore :oops:
Ludovik
Newbie
 
Post: 4
Iscritto il: 01/03/09 17:03

Precedente

Torna a Sistemi Operativi Windows


Topic correlati a "Errore Rundll windows XP":

Problema Windows 10
Autore: asso1998
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti