• F
    User Attivo

    Problema con il registro di sistema

    Scusate ragazzi,ma sono sempre io che ho problemi...
    Ogni volta che accendo il pc il mio antivirus,nod 32,mi individua un trojan chiamato winsyst32.exe.Io ogni volta metto quarantine e magicamente mi si blocca il monitor e sono impossibilitato ad aprire ogni programma incluso anche taskmanager.

    Quindi ho riavviato ed ho fatto hijackthis per controllare il registro di sistema come un mio amico mi ha consigliato.Ve lo riporto qua sotto.

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Programmi\Eset\nod32krn.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Apps\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
    C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\Eset\nod32kui.exe
    C:\Programmi\QuickTime\qttask.exe
    D:\Documents and Settings\All Users\Dati applicazioni\Windows Media Directory\ImMSN.exe
    C:\Programmi\MSN Messenger\MsnMsgr.Exe
    C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    D:\Documents and Settings\Fondo\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    F3 - REG:win.ini: load=C:\WINDOWS\msupdate.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
    O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM..\Run: [ATICCC] "c:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
    O4 - HKLM..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM..\Run: [System] D:\Documents and Settings\All Users\Dati applicazioni\Windows Media Directory\ImMSN.exe /ni /t
    O4 - HKCU..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU..\Run: [Uniblue Registry Booster] C:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe /S
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Download &Flash Movies - C:\Programmi\Flash2X\Flash Hunter\save.htm
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programmi\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programmi\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8330EFC-F810-41C6-A948-0B8879BD14BA} - http://td8eau9td.com/49ed3d2b/50310/1/xp/FreeAccess.ocx
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS:zapotek.bmp C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
    O23 - Service: SecTqu - Unknown owner - C:\Programmi\File comuni\System\UKs.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Il file winsyst 32 non credo che si trovi qua(forse non ci vedo bene)ma almeno mi potete consigliare quali programmi non sono sicuri dato che al hijacktthis logfile non mi da indicazioni sicure...

    Se poi sapete come ovviare al problema di quel trojan mi fareste un piacere dato che l'unico modo che ho per usare bene il pc è tenermi l'avviso del nod32 in bela mostra che mi dice del trojan.Se lo chiudo questo avviso si blocca il monitor:(

    Vi ringrazio in anticipo e spero un giorno di poter aiutare voi;)

    0
  • S
    User Attivo

    Porta molta attenzione alle modifiche che fai al registro perchè potresti bloccare il sistema operativo.

    Prima di tutto farei una scansione in modalità provvisoria, per far questo devi premere "F8" poco dopo l'accensione del pc. Cancella tutti i file temporanei internet e controlla l'esecuzione automatica.

    0
  • G
    Super User

    Il primo, smss.exe lo puoi eliminare.

    0
  • wolf.otakar
    Consiglio Direttivo

    Ciao,
    oltre al trojan winsyst32.exe il nod32 trova anche la dll "scrss32.dll"....?

    Cmq scarica l'anti-virus Virit; http://www.tgsoft.it/italy/download.htm

    Aggiornalo, disattiva il tuo anti-virus ed effettua una scansione a pc disconnesso! Vediamo che trova...

    0
  • M
    User

    @Wolf Otakar said:

    Ciao,
    oltre al trojan winsyst32.exe il nod32 trova anche la dll "scrss32.dll"....?

    Cmq scarica l'anti-virus Virit; http://www.tgsoft.it/italy/download.htm

    Aggiornalo, disattiva il tuo anti-virus ed effettua una scansione a pc disconnesso! Vediamo che trova...

    Questa operazione la provo io, che ho un problema simile.

    0
Effettua l'accesso per rispondere