|
|||||||
|
|
|
 |
|
|
Strumenti |
16-10-2005, 09:57
|
#1 |
|
Junior Member
Iscritto dal: Apr 2003
Messaggi: 17
|
RDRIV.SYS grosso problema
Qualche giorno fa ho installato l'antivirus avg free ediction e ha rilevato diverse schifezze tra cui rdriv.sys, che non riesce a cancellare.
Da quando è presente questo virus non riesco ad andare in alcune pagine web (ebay.it ed altre). Nel computer sono presenti giant antispyware ed ewindo, che però non mi hanno aiutato. Potete darmi una mano? Posto il log: Logfile of HijackThis v1.99.1 Scan saved at 10.38.13, on 16/10/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe C:\Programmi\ewido\security suite\ewidoctrl.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\mjtajf.exe C:\Programmi\Winamp\Winampa.exe C:\WINDOWS\LTSMMSG.exe C:\Programmi\Acer\Launch Manager\LaunchAp.exe C:\Programmi\Acer\Launch Manager\PowerKey.exe C:\Programmi\Acer\Launch Manager\HotkeyApp.exe C:\Programmi\Acer\Launch Manager\KeyHook.exe C:\Programmi\Acer\Launch Manager\CtrlVol.exe C:\Programmi\Acer\Launch Manager\Wbutton.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Programmi\D-Tools\daemon.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\FCM\FCMLoad.exe C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\msiexec.exe C:\Programmi\mozilla.org\Mozilla\mozilla.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\Standard\IMPOST~1\Temp\Rar$EX00.338\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com* R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: (no name) - {F2672662-6A4A-48D8-8DD8-FB22F8D4111E} - C:\Documents and Settings\Standard\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\1inav.dat O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp\Winampa.exe" O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Programmi\Acer\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\Acer\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Programmi\Acer\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [KeyHook] "C:\Programmi\Acer\Launch Manager\KeyHook.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programmi\Acer\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Acer\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [dialud3c93] c:\windows\sfondi.exe m O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe O4 - HKLM\..\Run: [c:\windows\wnhelp2.exe] c:\windows\wnhelp2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [wginxy] C:\WINDOWS\System32\mjtajf.exe r O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Fantacalcio Manager 2005 - Web Edition Quick Loader.lnk = C:\Programmi\FCM\FCMLoad.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm185XXIT O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: www.master71.biz O15 - Trusted Zone: www.sfonditalia.biz O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/A091AEL.exe O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605957.exe O18 - Filter: text/html - (no CLSID) - (no file) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: Host Services - Unknown owner - C:\WINDOWS\svhosts.exe (file missing) O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe Sperando di risolvere questo problema vi ringrazio anticipatamente. |
|
|
|
16-10-2005, 10:10
|
#2 |
|
Senior Member
Iscritto dal: Mar 2004
Città: Rimini
Messaggi: 10296
|
Ciao,
si, hai parecchie schifezze su quel pc  Non so se non lo tieni aggiornato per qualche ragione particolare ma così sei parecchio vulnerabile. Ti consiglio una scansione preliminare con ewido oppure con la versione trial di spysweeper da mod. provvisoria. Probabilmente questi programmi ti rimuoveranno un bel po' di porcheria dopodichè posterai un nuovo log
__________________
sometimes they come back *** Life Happens! - (Professionista I.T. - Tecnico Telecomunicazioni) Latitude E6420 I7 2760QM SSD Crucial M4-512GB --- Tecra R840 I5 2520M SSD Samsung 830-256GB --- Macbook Pro 13,3" I5 2435M SSD Samsung 830-256GB |
|
|
|
|
16-10-2005, 10:20
|
#3 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Fixa:
C:\WINDOWS\System32\mjtajf.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com* R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {F2672662-6A4A-48D8-8DD8-FB22F8D4111E} - C:\Documents and Settings\Standard\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\1inav.dat O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O4 - HKLM\..\Run: [dialud3c93] c:\windows\sfondi.exe m O4 - HKLM\..\Run: [c:\windows\wnhelp2.exe] c:\windows\wnhelp2.exe O4 - HKLM\..\Run: [wginxy] C:\WINDOWS\System32\mjtajf.exe r O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZRxdm185XXIT O15 - Trusted Zone: www.master71.biz O15 - Trusted Zone: www.sfonditalia.biz O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/A091AEL.exe O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605957.exe O18 - Filter: text/html - (no CLSID) - (no file) O23 - Service: Host Services - Unknown owner - C:\WINDOWS\svhosts.exe (file missing) O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 11:40.
