svchost.exe crash e connessione che cade spesso

[Ispanico82]

Ciao a tutti,

mi son beccato un virus mi sa... ogni volta che avvio il computer mi crasha il svchost.exe e mi da un paio di altri errori di "rundll" ho fatto la scansione con hijackthis e questo è il logfile:

codice:

Logfile of HijackThis v1.99.1
Scan saved at 0.55.54, on 05/05/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\EZ-DUB\EZ-DUB.exe
C:\Programmi\ZyXEL Corporation\ZyAIR WLAN Utility\ZyAIR.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\Opera\Opera.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\LUCA\IMPOST~1\Temp\Rar$EX18.484\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\tmp1.tmp.dll
O2 - BHO: (no name) - {3e5a237b-6527-4f69-a3b3-f280b8a45501} - C:\WINDOWS\SYSTEM32\Imagnce.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\vttrpn.dll",realset
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\System32\svehost.exe
O4 - HKLM\..\Run: [clcl3] C:\WINDOWS\System32\clcl3.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\gededa.dll",realset
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Programmi\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: ZyAIR.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: Imagnce - C:\WINDOWS\SYSTEM32\Imagnce.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\System32\IoCtlSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

il problema è che la connessione mi cade di frequente ora... prima non succedeva.

Qualcuno mi può dire come e se si può risolvere (senza formattare ) ?

Thanks

[ste-95]

scarica completamente hijackthis e estrailo in una cartella, ti conviene....

comunque secondo me devi fixare questi: VVoVe: VVoVe: VVoVe: VVoVe:

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\tmp1.tmp.dll

O2 - BHO: (no name) - {3e5a237b-6527-4f69-a3b3-f280b8a45501} - C:\WINDOWS\SYSTEM32\Imagnce.dll

O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\vttrpn.dll",realset

O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\System32\svehost.exe

O4 - HKLM\..\Run: [clcl3] C:\WINDOWS\System32\clcl3.exe

O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\gededa.dll",realset

O4 - Global Startup: ZyAIR.lnk = ?

O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\System32\IoCtlSvc.exe

ma comunque aspetta la conferma di qualcun'altro perchè sicuramente ho dimenticato qualcosa e non sono sicuro di avere detto tutto giusto, quindi aspetta....

[OYS]

Ci sono pure questi:


O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe (Sasser)

O20 - AppInit_DLLs:

O20 - Winlogon Notify: Imagnce - C:\WINDOWS\SYSTEM32\Imagnce.dll

O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll



Se lo hai impostato tu così nel file hosts allora non fixarlo:



O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

[ste-95]

credevo che
O20 - AppInit_DLLs:
fosse il divisore e che segnasse l'inizio degli 020....

gli altri due ero in dubbio ho preferito non metterli

[amvinfe]

così, tanto per promemoria.

"Fixare" solo le voci senza verificare la presenza dei file e la conseguente loro rimozione con The Avenger, KillBox o manualmente dalla modalità provvisoria non risolve i problemi.
Si corre il rischio, dopo il riavvio, di ritrovarsi nelle medesime condizioni o, peggio, con i valori modificati.

[OYS]

Originariamente inviato da amvinfe
così, tanto per promemoria.

"Fixare" solo le voci senza verificare la presenza dei file e la conseguente loro rimozione con The Avenger, KillBox o manualmente dalla modalità provvisoria non risolve i problemi.
Si corre il rischio, dopo il riavvio, di ritrovarsi nelle medesime condizioni o, peggio, con i valori modificati.

Grazie del promemoria
Iniziare col fixare, è comunque una buona cosa, almeno per le cose che si eliminano fixandole. Molto volte si risolve solo fixandole... Ma la maggior parte delle volte no. A questo punto, c'è systemscan, che fix o non fix, esegue il suo lavoro

[Ispanico82]

Ciao a tutti,

grazie delle vostre preziose risposte.

Ho cercato di fare un po'di pulizia... ho fixato quanto mi avete detto... poi ho utilizzato vari programmi... spybot, sysclean, killbox, filemonster, ccleaner che mi hanno cancellato qualche trojan che avevo.
Purtroppo però il problema persiste e mi sa che è relativo al fatto che, con qualsiasi programma che ho usato, non riesco a cancellare questi due trojan:

codice:

O20 - Winlogon Notify: Imagnce - C:\WINDOWS\SYSTEM32\Imagnce.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll

svchost mi crasha ancora quando avvio windows

Ecco il logfile completo di HijackThis in questo momento:

codice:

Logfile of HijackThis v1.99.1
Scan saved at 18.57.17, on 07/05/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\EZ-DUB\EZ-DUB.exe
C:\Programmi\ZyXEL Corporation\ZyAIR WLAN Utility\ZyAIR.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dwwin.exe
C:\Programmi\Opera\Opera.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3e5a237b-6527-4f69-a3b3-f280b8a45501} - C:\WINDOWS\SYSTEM32\Imagnce.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\System32\tmp1.tmp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\qopnom.dll",realset
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Programmi\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: ZyAIR.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - Winlogon Notify: Imagnce - C:\WINDOWS\SYSTEM32\Imagnce.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

tra l'altro ora anche questo mi crasha all'inizio

codice:

O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\qopnom.dll",realset

Qualche ulteriore suggerimento su cosa si può fare?

Grazie mille ancora

[OYS]

Da quello che vedo, penso tu abbia il trojan.vundo.



Fai andare questi due programmi:


SmitFraudFix

vundofix

[ste-95]

scarica avenger da qui:

http://swandog46.geekstogo.com/avenger.zip

eseguilo, clicca su input script mannualy e copia e incolla queste righe:

Files to delete:
C:\WINDOWS\SYSTEM32\Imagnce.dll
C:\WINDOWS\System32\rpcc.dll


se il problema persiste scarica system scan e posta il log

[Ispanico82]

Originariamente inviato da OYS
Da quello che vedo, penso tu abbia il trojan.vundo.



Fai andare questi due programmi:


SmitFraudFix

vundofix

Grazie della pronta risposta...

ecco il log di SmitFraudFix:

codice:

SmitFraudFix v2.176

Scan done at 19.44.26,87, 07/05/2007
Run from C:\Programmi\Opera\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\EZ-DUB\EZ-DUB.exe
C:\Programmi\ZyXEL Corporation\ZyAIR WLAN Utility\ZyAIR.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dwwin.exe
C:\Programmi\Opera\Opera.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LUCA


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LUCA\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LUCA\PREFER~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Pagina iniziale corrente"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: ZyAIR B-220 IEEE 802.11 USB Adapter - Miniport dell'Utilità di pianificazione pacchetti
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9A3118C-2E25-4350-856A-D5A0DB6A1AB9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B9A3118C-2E25-4350-856A-D5A0DB6A1AB9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B9A3118C-2E25-4350-856A-D5A0DB6A1AB9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

mentre per quanto riguarda VundoFix... mi segnala solo...

codice:

C:\WINDOWS\System32\tmp1.tmp.dll