rundll32

[asndc]

Ho un bel rundll 32 nei processi che potrebbe essere?

[canapa]

rundll32 - rundll32.exe - Process Information

Process File: rundll32 or rundll32.exe
Process Name: Microsoft Rundll32

Description:
rundll32.exe is a process which executes DLL's an places their libraries into the memory, so they can be used more efficiently by applications.

[asndc]

Logfile of HijackThis v1.98.2
Scan saved at 11.06.30, on 30/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\Programmi\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\windows\System32\rmctrl.exe
C:\Programmi\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
C:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Programmi\ICQLite\ICQLite.exe
C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\windows\System32\gearsec.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\Netscape\Netscape\Netscp.exe
C:\Programmi\Avant Browser\avant.exe
C:\downloads internet\SOFTWARE\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\windows\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\FILECO~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Power IE - {437434D2-065E-499D-A337-59657DF3342F} - C:\PROGRA~1\POWERI~1\CTBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [RdCtr] rdctr.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [RemoteControl] C:\windows\System32\rmctrl.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [mmtask] C:\Programmi\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\windows\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PSDrvCheck] C:\windows\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVPCC] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\RunServices: [RdCtr] rdctr.exe
O4 - HKLM\..\RunServices: [TrojanShield Protector] C:\Programmi\TrojanShield\Port.exe
O4 - HKCU\..\Run: [EPSON Stylus C62 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\windows\System32\E_S5.tmp"
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\iLookup\ezStub22.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Startup: C6 Client.LNK = C:\TinMessenger\TinMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Power IE &Block List... - C:\Programmi\Power IE\adblocking.htm
O8 - Extra context menu item: Aggiungi l'indirizzo alla Lista Nera della pubblicità - C:\Programmi\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Apri tutti i collegamenti nella pagina in linguette diverse - C:\Programmi\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Blocca tutte le immagini provenienti dal server di questa - C:\Programmi\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cerca con Google - C:\Programmi\Avant Browser\Search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Evidenzia in questa pagina - C:\Programmi\Avant Browser\Highlight.htm
O8 - Extra context menu item: Scarica con FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: ChatSpace Full Java Client 3.1.0.223 - http://surechat.com:9000/Java/cfs31223.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.cyberfast.org/font/tdserver.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/co...y/iesnoopy.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.c...ll/Xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O19 - User stylesheet: (file missing)

[asndc]

non mi convince
non c'era
e poi viene associato a virus tipo il syrcam

[canapa]

Ci sono 2 cose che non conosco:

O4 - HKLM\..\RunServices: [RdCtr] rdctr.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\iLookup\ezStub22.exe

Sai la provenienza?

Comunque vedo che hai il kav installato.
Fai una bella scansione con quello e poi un scan on-line.

[asndc]

rdctr è da un bel po che è sul mi pc
l'altro si è installato benchè abbia risposto di no alla domanda caricando temi di style xp
farò la scansione con kap il problema che mi blocca praticamente il pc mentre gira

[asndc]

up
scansione fatta con kav nulla di rilevato