|
|||||||
|
|
|
 |
|
|
Strumenti |
28-03-2009, 16:13
|
#1 |
|
Senior Member
Iscritto dal: Dec 2006
Messaggi: 345
|
Problema ad avvio computer con rundll32.exe
Ragazzi, ho biogno d'aiuto...
Il mio pc era infetto! Ho installato NOD32 e mi ha rilevato dei virus che mi ha cancellato! Solo che ora quando avvio il pc mi compare il seguente messaggio di errore: RUNDLL Errore durante il caricamento di dll32 Impossibile trovare il modulo specificato Ho notato che se mentre è presente il messaggio vado nel Task Manager il processo rundll32.exe è presente, mentre quando chiudo il messaggio scompare! Qualcuno ha idea di come fare per risolvere il problema? Siccome ho un pc assemblato e non ho il cd di windows xp ne ho preso un altro in prestito, l'ho inserito e ho provato a digitare da esegui: expand D:\i386\rundll32.ex_ c:\windows\system32\rundll32.exe Si apre una finestra stile DOS ch poi si chiude... Non so se il riprisino sia andato a buon fine... Sta di fatto che quando riavvio il pc l'errore riappare! Altre notazioni: Ho notato che a volte, sia quando avevo NOD32, sia ora che ho Avira Antivirus, non si carica bene e devo avviarlo manualmente! Inoltre il pc a volte si riavvia da solo, non so se sia dovuto a questo! Grazie a tutti coloro che mi aiuteranno! |
|
|
|
29-03-2009, 18:19
|
#2 |
|
Senior Member
Iscritto dal: Dec 2006
Messaggi: 345
|
Nessuno sa aiutarmi?
|
|
|
|
|
29-03-2009, 22:05
|
#3 |
|
Senior Member
Iscritto dal: Nov 2008
Città: Brindisi
Messaggi: 4048
|
Non hai ripulito bene il PC,succede che NOD32 scopre i virus,però non può cancellarli,perchè sono in uso,quindi dovresti andare nel percorso indicato da NOD32 e cancellare manualmente,naturalmente usando alcune procedure per poterlo fare,visto che Win non li molla perchè in uso,perchè protetti.
Allora per prima cosa devi scoprire file nascosti e protetti da sistema da Opzione cartella,fatto questo devi installare Unlocker che ti aiuta a cancella o rinaminare i file (così potranno essere cancellati tranquillamente dopo un riavvio),disattivare il ripristino configurazione di sistema,altrimenti ti conservi pure i virus. Anche lo spostamento del file infetto su desktop è una buona tecnica per cancellare il file,naturalmente dopo un riavvio,questo perchè i file se rinominati o spostati non saranno caricati da windows in avvio perchè non trovati. Poi ti consiglio di pulire e disinfettare il registro rispettivamente con CCleaner e Malwarebytes,ti consiglio di rimettere NOD32,questi devono essere aggiornati prima dell'uso,altrimenti le ultime infezioni non saranno riconosciute.
__________________
Dove l'ho sentita questa canzone ? www.plagimusicali.net AROS One Home Site  amiganews.it eab.abime.net Aros-Exec Arosworld
Ultima modifica di AMIGASYSTEM : 29-03-2009 alle 22:08. |
|
|
|
|
30-03-2009, 14:46
|
#4 |
|
Moderatore
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
|
disinstalla nod32 e impostando correttamente Avira fai una scansione completa, pubblica il report di tale scansione
 nod32 comunque è corrotto e andava reinstallato, visto che hai già installato avira, sfruttiamo prima quest'ultimo visto che l'infezione è nata per una non individuazione di nod32 nod32 lo possiedi con regolare licenza comprata?
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
02-04-2009, 17:06
|
#5 |
|
Senior Member
Iscritto dal: Dec 2006
Messaggi: 345
|
Ecco la prima scansione fatta da Antivir appena installato:
Codice:
Avira AntiVir Personal
Report file date: sabato 28 marzo 2009 17:17
Scanning for 1328914 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BOLLATO-9BEFBAD
Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 11:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:33:26
ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 22/03/2009 15:37:04
ANTIVIR3.VDF : 7.1.2.228 257024 Bytes 27/03/2009 15:37:05
Engineversion : 8.2.0.129
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 16:36:42
AESCRIPT.DLL : 8.1.1.70 369019 Bytes 28/03/2009 15:37:08
AESCN.DLL : 8.1.1.8 127346 Bytes 28/03/2009 15:37:08
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41
AEPACK.DLL : 8.1.3.11 397687 Bytes 28/03/2009 15:37:08
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 19:01:56
AEHEUR.DLL : 8.1.0.111 1679736 Bytes 28/03/2009 15:37:07
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 19:01:56
AEGEN.DLL : 8.1.1.31 340341 Bytes 28/03/2009 15:37:05
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 17/02/2009 13:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 06:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 10:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 14:55:12
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programmi\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: sabato 28 marzo 2009 17:17
Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)
Starting search for hidden objects.
'35998' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'NielsenOnline.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'NielsenOnline.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Starting master boot sector scan:
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '57' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Mail\Hotmail (ca d33\Posta in arrivo\2CD672AE-000000A9.eml
[0] Archive type: MIME
[NOTE] A backup was created as '4a124f68.qua' ( QUARANTINE )
[NOTE] The file was deleted!
--> file1.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
C:\Documents and Settings\PC\Impostazioni locali\Temp\jopaxx_1237032480.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[NOTE] A backup was created as '4a3e4fb6.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\PC\Impostazioni locali\Temp\jopaxx_1237463244.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[NOTE] A backup was created as '4e294237.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\PC\Impostazioni locali\Temp\Web-MediaPlayer_setup.exe
[0] Archive type: NSIS
[DETECTION] Contains recognition pattern of the ADSPY/Agent.lqj adware or spyware
[NOTE] A backup was created as '4a304ff1.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FFDEF422-64A1-4B27-8B29-1A10A38F92C6}\RP154\A0063973.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] A backup was created as '49fe52c9.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\887164\887164.dll
[DETECTION] Is the TR/BHO.Gen Trojan
[NOTE] A backup was created as '4a05543f.qua' ( QUARANTINE )
[NOTE] The file was deleted!
End of the scan: sabato 28 marzo 2009 17:46
Used time: 28:18 Minute(s)
The scan has been done completely.
4569 Scanned directories
176683 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
6 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
176676 Files not concerned
2687 Archives were scanned
1 Warnings
7 Notes
35998 Objects were scanned with rootkit scan
0 Hidden objects were found
Crasha anche abbastanza spesso Mozzilla, ma non so se sia collegato! Ho provato ad avvviare RegCure, ma il pc si riavvia quando controlla i file/path reference... Nod32 era regolare, solo che non so perchè nn faceva + gli aggiornamenti e non me ne ero accorto! Grazie a tutti! |
|
|
|
|
03-04-2009, 22:35
|
#6 |
|
Senior Member
Iscritto dal: Dec 2006
Messaggi: 345
|
Il pc continua a riavviarsi... Ogni 30 minuti o anche meno!
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 04:36.
