View Full Version : www.casinopalazzo.com ed errori in librerie dinamiche
Zio Nick
23-09-2004, 01:08
Ciaoa tutti, vengo subito al dunque: il mio problema è dovuto alla ripetizione continua di errori causati dalle più diverse applicazioni : spesso non riesco a chiudere correttamente windows e al riavvio persino scandisk causa errori in "sconosciuto" o in qualche libreria dinamica...ho effettuato la scansione col norton security, con adaware,spybot e cws shredder,ma dopo una sommaria pulizia il problema ritorna e persiste... dirò di più: durante la normale navigazione in internet capita ogni volta che venga reindirizzato senza la mia volontà verso siti di gambling on line o pubblicitari che comunque sono sempre gli stessi.Inoltre ad ogni avvio di internet explorer mi si ricrea il virus mfplay.exe e sul desktop appare una icona con una grossa "x" gialla in campo blu che connette a casinopalazzo.com. L'antivirus vede il virus ed ogni volta mi comunica la sua corretta eliminazione, ma ogni volta il problema si ripete. Mi rivolgo a chi ne sa più di me (e siete tanti!):per favore date uno sguardo e ditemi cosa ne pensate: allego il log di HJT ... Ogni consiglio è il benvenuto!
Grazie in anticipo dal
Buon Vecchio Zio Nick
Logfile of HijackThis v1.98.0
Scan saved at 1.45.50, on 23/09/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAMMI\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMMI\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAMMI\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAMMI\PESTPATROL\PPCONTROL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\MSCONFIG.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TASKMGN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qinetiq.com/home_etps.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINDOWS\SYSTEM\WINNET.DLL
O2 - BHO: - {ADDB1117-BA0B-4D12-AE6C-B3F0D57CC49B} - C:\WINDOWS\SYSTEM\L.DLL
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRAMMI\PESTPATROL\CookiePatrol.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRAMMI\PESTPATROL\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRAMMI\PESTPATROL\PPControl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX (copia 1)] C:\WINDOWS\SYSTEM\E_S4I0M2.EXE /P31 "EPSON Stylus Photo RX (copia 1)" /O7 "EPUSB1:" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\SYSTEM\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /O7 "EPUSB1:" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [NPROTECT] C:\Programmi\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmi\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: C:\Programmi\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~5\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Programmi\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programmi\Norton SystemWorks\Norton CleanSweep\csinject.exe
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\FILECO~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\FILECO~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programmi\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\WebshotsTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .3dml: C:\Programmi\Flatland\NProver.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - [url]http://212.141.212.204/activex/AxisCamControl.ocx
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4364/mcfscan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O20 - AppInit_DLLs: apitrap.dll;
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL
Zio Nick
23-09-2004, 01:16
...ed ecco qua il fault log di windows. Ragazzi aspetto consigli!
Data 09/12/2004 Ora 22:52
EXPLORER ha provocato un errore di pagina non valida nel
modulo <sconosciuto> in dbb7:06dd4c1a.
Registri:
EAX=8177932c CS=0177 EIP=06dd4c1a EFLGS=00210246
EBX=00000000 SS=017f ESP=0175fa68 EBP=06dd4c1a
ECX=00000001 DS=017f ESI=7ffd2f18 FS=2747
EDX=004932b0 ES=017f EDI=000005dc GS=0000
Byte all'indirizzo CS:EIP:
Immagine dello stack:
7ff58610 0175fa9c 000005dc 7ffd2f18 00000018 7ff5ac19 00000019 00000001 0175fac0 817cfa90 00000000 fff7c951 00000019 0175fac4 7ff5ab64 7ff5a430
**********************************************************************
Data 09/13/2004 Ora 14:24
WEBSHOTS ha provocato un errore di pagina non valida nel
modulo WEBSHOTS.SCR in 0177:00427461.
Registri:
EAX=011d1600 CS=0177 EIP=00427461 EFLGS=00010286
EBX=011d0900 SS=017f ESP=01defd48 EBP=011d2880
ECX=00000000 DS=017f ESI=011d24c0 FS=270f
EDX=800093f0 ES=017f EDI=000000ed GS=0000
Byte all'indirizzo CS:EIP:
8b 51 04 52 ff 15 d4 50 47 00 85 ff 7e 48 8b 5c
Immagine dello stack:
00000000 000000ed 011d24c0 011d0900 011d2c30 0000ec13 00000000 011d2c40 000000ed 011d0900 011d24c0 004275ce 01defd8c 000000b3 011d0b08 00000001
**********************************************************************
Data 09/13/2004 Ora 14:39
WEBSHOTS ha provocato un errore di pagina non valida nel
modulo WEBSHOTS.SCR in 0177:00427461.
Registri:
EAX=011d13f0 CS=0177 EIP=00427461 EFLGS=00010282
EBX=011d0900 SS=017f ESP=01defd48 EBP=011d2880
ECX=00000000 DS=017f ESI=011d24c0 FS=1437
EDX=800066e0 ES=017f EDI=000000ed GS=0000
Byte all'indirizzo CS:EIP:
8b 51 04 52 ff 15 d4 50 47 00 85 ff 7e 48 8b 5c
Immagine dello stack:
00000000 000000ed 011d24c0 011d0900 011d2c30 0000ec13 00000000 011d2c40 000000ed 011d0900 011d24c0 004275ce 01defd8c 000000b3 011d0b08 00000001
**********************************************************************
Data 09/13/2004 Ora 15:11
EXPLORER ha provocato un errore di pagina non valida nel
modulo KERNEL32.DLL in 0197:bff8e1ad.
Registri:
EAX=c002fa54 CS=0197 EIP=bff8e1ad EFLGS=00010216
EBX=0188ff88 SS=019f ESP=0184ff44 EBP=018501e0
ECX=00000000 DS=019f ESI=01850330 FS=1d0f
EDX=bff6682d ES=019f EDI=0188ff74 GS=0000
Byte all'indirizzo CS:EIP:
53 8b 15 f4 bc fb bf 56 89 4d e4 57 89 4d dc 89
Immagine dello stack:
**********************************************************************
Data 09/13/2004 Ora 22:16
MSIMN ha provocato un errore di pagina non valida nel
modulo KERNEL32.DLL in 0197:bff6bb07.
Registri:
EAX=00000000 CS=0197 EIP=bff6bb07 EFLGS=00200246
EBX=01d5aeb8 SS=019f ESP=076cf8e8 EBP=076cfc34
ECX=01d5aeb0 DS=019f ESI=01d5aeb8 FS=6847
EDX=076cf92c ES=019f EDI=076cfc2c GS=0000
Byte all'indirizzo CS:EIP:
ff 76 04 e8 8a 87 ff ff 5e c2 04 00 56 8b 74 24
Immagine dello stack:
01d5aeb0 100139d9 01d5aeb8 00fc2af4 1000e7d0 1000e8e5 01d5aeb0 1001b7f8 63000000 00000000 fa3a12d3 076cf92c 076cfa2c 00000000 01d5aeb0 076cfc38
**********************************************************************
Data 09/14/2004 Ora 00:19
IEXPLORE ha provocato un errore di stack nel modulo KERNEL32.DLL in 0197:bff624a5.
Registri:
EAX=002a0037 CS=0197 EIP=bff624a5 EFLGS=00000202
EBX=f928d000 SS=019f ESP=0815cca4 EBP=0815ccb8
ECX=0000007b DS=019f ESI=0815ccc8 FS=9e2f
EDX=84b4d098 ES=019f EDI=84b4d098 GS=0000
Byte all'indirizzo CS:EIP:
6a ff e8 a8 b1 01 00 eb e7 55 8b ec 56 57 53 8b
Immagine dello stack:
f928d000 84b4d0a0 0815ccc8 0815cce4 81744050 0815cd24 bff62830 84b4d098 0815ccc8 096f00c1 01cf0028 00000000 000000ff 000007d0 ac3f0000 00000002
**********************************************************************
Data 09/14/2004 Ora 14:08
MSIMN ha provocato un errore di pagina non valida nel
modulo MSHTMLED.DLL in 0197:70f72931.
Registri:
EAX=03ce0144 CS=0197 EIP=70f72931 EFLGS=00010206
EBX=028d3ab0 SS=019f ESP=00565648 EBP=00565658
ECX=00000000 DS=019f ESI=00000000 FS=2337
EDX=00565720 ES=019f EDI=00565720 GS=0000
Byte all'indirizzo CS:EIP:
f6 46 04 02 74 75 8d 45 08 50 ff 75 0c e8 f0 fc
Immagine dello stack:
028cd910 00000000 03ce0144 00000000 005656b4 70f398ff 028d3ab0 004b79c0 00565720 70f424bd 03ce0144 028d3ab0 004b79c0 00565720 00000000 637dc535
**********************************************************************
Data 09/14/2004 Ora 14:08
MSIMN ha provocato un errore di pagina non valida nel
modulo SHLWAPI.DLL in 0197:70a95a5a.
Registri:
EAX=00000065 CS=0197 EIP=70a95a5a EFLGS=00210212
EBX=00000001 SS=019f ESP=0056f8f4 EBP=0056f964
ECX=00000000 DS=019f ESI=635c67a6 FS=2337
EDX=00000001 ES=019f EDI=00000000 GS=0000
Byte all'indirizzo CS:EIP:
0f b7 0a 42 42 83 f9 41 7c 08 83 f9 5a 7f 03 83
Immagine dello stack:
00568e58 635c695c 635c67a4 00000001 00000000 029054b0 0047e498 00000000 00000000 0000000e 00000045 637ec0d8 0056f950 6358e482 02905046 000000b7
**********************************************************************
Data 09/14/2004 Ora 14:09
MSIMN ha provocato un errore di pagina non valida nel
modulo MSHTMLED.DLL in 0197:70f72931.
Registri:
EAX=03c50144 CS=0197 EIP=70f72931 EFLGS=00210206
EBX=028d0a30 SS=019f ESP=00565648 EBP=00565658
ECX=00000000 DS=019f ESI=00000000 FS=1677
EDX=00565720 ES=019f EDI=00565720 GS=0000
Byte all'indirizzo CS:EIP:
f6 46 04 02 74 75 8d 45 08 50 ff 75 0c e8 f0 fc
Immagine dello stack:
028cd910 00000000 03c50144 00000000 005656b4 70f398ff 028d0a30 004e3b5c 00565720 70f424bd 03c50144 028d0a30 004e3b5c 00565720 00000000 637dc535
**********************************************************************
Data 09/14/2004 Ora 14:09
MSIMN ha provocato un errore di pagina non valida nel
modulo <sconosciuto> in cc88:00000003.
Registri:
EAX=005656b4 CS=0197 EIP=00000003 EFLGS=00010206
EBX=00000000 SS=019f ESP=0056eb54 EBP=028c4e10
ECX=00565830 DS=019f ESI=028c4df0 FS=1677
EDX=00404021 ES=019f EDI=028dc910 GS=0000
Byte all'indirizzo CS:EIP:
12 2b 04 70 00 c3 e2 00 f0 2b 04 70 00 2b 04 70
Immagine dello stack:
636fac43 005656b4 028dc910 028c4e10 0056ec38 00000000 00000000 00000001 028c4df0 00000000 00000000 028c4e10 bff6bb26 00000018 00000000 00000000
**********************************************************************
Data 09/15/2004 Ora 15:58
MSIMN ha provocato un errore di pagina non valida nel
modulo MSHTMLED.DLL in 018f:70f72931.
Registri:
EAX=04ff0144 CS=018f EIP=70f72931 EFLGS=00010206
EBX=03560e00 SS=0197 ESP=00565648 EBP=00565658
ECX=00000000 DS=0197 ESI=00000000 FS=1c1f
EDX=00565720 ES=0197 EDI=00565720 GS=0000
Byte all'indirizzo CS:EIP:
f6 46 04 02 74 75 8d 45 08 50 ff 75 0c e8 f0 fc
Immagine dello stack:
0353d910 00000000 04ff0144 00000000 005656b4 70f398ff 03560e00 004543ac 00565720 70f424bd 04ff0144 03560e00 004543ac 00565720 00000000 637dc535
**********************************************************************
Data 09/15/2004 Ora 16:13
MSIMN ha provocato un errore di pagina non valida nel
modulo MSI.DLL in 018f:05a5bb04.
Registri:
EAX=00000000 CS=018f EIP=05a5bb04 EFLGS=00010a07
EBX=03534e10 SS=0197 ESP=0056e6a8 EBP=51abea00
ECX=00000000 DS=0197 ESI=636fac47 FS=1c1f
EDX=0056e770 ES=0197 EDI=0354f5b0 GS=0000
Byte all'indirizzo CS:EIP:
20 20 20 00 55 6e 6b 6e 6f 77 6e 00 25 73 20 28
Immagine dello stack:
00000001 03534df0 00000000 00000000 03534e10 bff6bb26 00000018 00000000 00000000 00000000 03534e34 637ec0d8 03534000 0056e770 00404021 00000000
**********************************************************************
Data 09/15/2004 Ora 16:34
EXPLORER ha provocato un errore di pagina non valida nel
modulo <sconosciuto> in dd6c:02f57450.
Registri:
EAX=06e1f698 CS=018f EIP=02f57450 EFLGS=00010202
EBX=00000001 SS=0197 ESP=06e1f678 EBP=06e1f69c
ECX=00000007 DS=0197 ESI=00000744 FS=3c57
EDX=868d9c54 ES=0197 EDI=7ffd2f18 GS=3116
Byte all'indirizzo CS:EIP:
Immagine dello stack:
7ff501ac 06e1fb0c 7ff225d0 06e1f698 06e1fb28 7ffd2f18 0000001f 02f57450 00000000 06e1f6d8 7ff52a0a 0000001f 00000000 06e1fb0c 7ff225d0 06e1fb28
**********************************************************************
Data 09/15/2004 Ora 16:35
EXPLORER ha provocato un errore di pagina non valida nel
modulo SHLWAPI.DLL in 018f:70aa8c9e.
Registri:
EAX=829a9a00 CS=018f EIP=70aa8c9e EFLGS=00010202
EBX=70aa8c8c SS=0197 ESP=03c8e574 EBP=03c8e580
ECX=829a96a8 DS=0197 ESI=06030a70 FS=63ef
EDX=00000006 ES=0197 EDI=80004005 GS=0000
Byte all'indirizzo CS:EIP:
8b 06 8d 4d 08 51 68 a0 da a8 70 56 ff 10 85 c0
Immagine dello stack:
00000006 0049a850 829a96a8 00000000 7fbd1520 06030a70 00000000 80004005 0049a84c 03c8e5b8 00477404 70aa8cbc 0049a850 00000000 03c8ed68 bff4595a
**********************************************************************
Data 09/15/2004 Ora 16:35
EXPLORER ha provocato un errore di pagina non valida nel
modulo <sconosciuto> in dd6c:03d21cc0.
Registri:
EAX=81781ab0 CS=018f EIP=03d21cc0 EFLGS=00010246
EBX=00000000 SS=0197 ESP=03c8fa68 EBP=03d21cc0
ECX=00000001 DS=0197 ESI=7ffd2f18 FS=63ef
EDX=00483448 ES=0197 EDI=00000744 GS=0000
Byte all'indirizzo CS:EIP:
Immagine dello stack:
7ff58610 03c8fa9c 00000744 7ffd2f18 0000001e 7ff5ac19 0000001f 00000001 03c8fac0 817b8aa0 00000000 fff0ec93 0000001f 03c8fac4 7ff5ab64 7ff5a430
**********************************************************************
Data 09/15/2004 Ora 16:38
EXPLORER ha provocato un errore di pagina non valida nel
modulo <sconosciuto> in dd6c:03d21cd0.
Registri:
EAX=0198d4a8 CS=018f EIP=03d21cd0 EFLGS=00210202
EBX=00000001 SS=0197 ESP=0198d488 EBP=0198d4ac
ECX=00000000 DS=0197 ESI=00000744 FS=334f
EDX=81760ff0 ES=0197 EDI=7ffd2f18 GS=13ce
Byte all'indirizzo CS:EIP:
Immagine dello stack:
7ff501ac 0198d91c 7ff225d0 0198d4a8 0198d938 7ffd2f18 0000001f 03d21cd0 00000000 0198d4e8 7ff52a0a 0000001f 00000000 0198d91c 7ff225d0 0198d938
**********************************************************************
Data 09/15/2004 Ora 16:39
EXPLORER ha provocato un errore di pagina non valida nel
modulo COMCTL32.DLL in 018f:bfbd08c8.
Registri:
EAX=00dbfdc4 CS=018f EIP=bfbd08c8 EFLGS=00010297
EBX=005aedd4 SS=0197 ESP=005aec78 EBP=005aec80
ECX=00000004 DS=0197 ESI=005aed30 FS=13bf
EDX=00000000 ES=0197 EDI=ac3b5bcc GS=0000
Byte all'indirizzo CS:EIP:
89 44 8f f0 8b 44 8e f4 89 44 8f f4 8b 44 8e f8
Immagine dello stack:
829aaf2c 829a0dd8 005aed70 bfb798f1 ac3b5bcc 005aed30 00000010 00000001 00000001 7fbd12d8 829aaf2c 7fffffff 005aed30 00000000 0729f808 00000400
**********************************************************************
Data 09/15/2004 Ora 16:39
EXPLORER ha provocato un errore di pagina non valida nel
modulo KERNEL32.DLL in 018f:bff6a4e9.
Registri:
EAX=829a7e4c CS=018f EIP=bff6a4e9 EFLGS=00210216
EBX=00000018 SS=0197 ESP=005afcd8 EBP=005afcfc
ECX=28829a47 DS=0197 ESI=829a0dd9 FS=13bf
EDX=82999000 ES=0197 EDI=009fffe8 GS=0000
Byte all'indirizzo CS:EIP:
89 41 08 8b 56 04 8b 46 08 89 50 04 8d 04 1e 50
Immagine dello stack:
009fffe8 00000000 8299900c 82999000 829a0dd9 00000040 00000000 000833a0 000829a1 005afd24 bff6a6b1 82999000 829a0dd9 00000018 00000040 7170923c
**********************************************************************
Data 09/15/2004 Ora 16:41
SCANDSKW ha provocato un errore di segmento non presente
nel modulo DSKMAINT.DLL in 0004:00001d8c.
Registri:
EAX=005c8d20 CS=1727 EIP=00001d8c EFLGS=00000206
EBX=170f1000 SS=16b7 ESP=00002590 EBP=0000259a
ECX=00001000 DS=1767 ESI=000209e0 FS=16bf
EDX=cc66000c ES=1767 EDI=000207a0 GS=0000
Byte all'indirizzo CS:EIP:
9a 52 07 2f 17 0b c0 74 05 80 8c 90 02 10 9a 14
Immagine dello stack:
009c09e0 00000000 25f80000 0a5224c8 8d2015b7 07a0000c 09e015bf 07a015bf 1ca0009c 2beb0770 333e07a0 07a01ca0 260215bf 15af4282 07a01ca0 1029009c
**********************************************************************
Data 09/15/2004 Ora 17:01
SCANDSKW ha provocato un errore di segmento non presente
nel modulo DSKMAINT.DLL in 0004:00001d9f.
Registri:
EAX=005c0000 CS=173f EIP=00001d9f EFLGS=00000246
EBX=17270010 SS=16df ESP=00002590 EBP=0000259a
ECX=00001000 DS=177f ESI=000209e0 FS=16e7
EDX=cc66000c ES=003b EDI=000207a0 GS=0000
Byte all'indirizzo CS:EIP:
9a 96 3a 5f 17 9a 10 82 4f 17 9a 68 42 57 17 eb
Immagine dello stack:
009c09e0 00000000 25f80000 0a5224c8 8d2015bf 07a0000c 09e015c7 07a015c7 1ca0009c 2beb0770 333e07a0 07a01ca0 260215c7 15b74282 07a01ca0 1101009c
**********************************************************************
Data 09/15/2004 Ora 17:04
SCANDSKW ha provocato un errore di segmento non presente
nel modulo DSKMAINT.DLL in 0004:00001d9f.
Registri:
EAX=005c0000 CS=1707 EIP=00001d9f EFLGS=00000246
EBX=16ef0010 SS=16b7 ESP=00002590 EBP=0000259a
ECX=00001000 DS=1747 ESI=000209e0 FS=16bf
EDX=cc66000c ES=003b EDI=000207a0 GS=0000
Byte all'indirizzo CS:EIP:
9a 96 3a 27 17 9a 10 82 17 17 9a 68 42 1f 17 eb
Immagine dello stack:
009809e0 00000000 25f80000 0a5224c8 8d2015b7 07a0000c 09e015bf 07a015bf 1ca00098 2beb0770 333e07a0 07a01ca0 260215bf 15af4282 07a01ca0 11040098
**********************************************************************
Data 09/15/2004 Ora 17:08
MSIMN ha provocato un errore di pagina non valida nel
modulo MSHTMLED.DLL in 018f:70f72931.
Registri:
EAX=05030144 CS=018f EIP=70f72931 EFLGS=00010206
EBX=0344b850 SS=0197 ESP=00565648 EBP=00565658
ECX=00000000 DS=0197 ESI=00000000 FS=68ff
EDX=00565720 ES=0197 EDI=00565720 GS=0000
Byte all'indirizzo CS:EIP:
f6 46 04 02 74 75 8d 45 08 50 ff 75 0c e8 f0 fc
Immagine dello stack:
0342d910 00000000 05030144 00000000 005656b4 70f398ff 0344b850 004e7bc0 00565720 70f424bd 05030144 0344b850 004e7bc0 00565720 00000000 637dc535
**********************************************************************
Data 09/15/2004 Ora 17:08
MSIMN ha provocato un errore di protezione generale
nel modulo <sconosciuto> in cc7b:0000000c.
Registri:
EAX=005656b4 CS=018f EIP=0000000c EFLGS=00210206
EBX=00000000 SS=0197 ESP=00000000 EBP=03424e11
ECX=0056582f DS=0197 ESI=03424def FS=68ff
EDX=00404021 ES=0197 EDI=0343e90f GS=0000
Byte all'indirizzo CS:EIP:
58 50 4c 4f 52 45 52 2e 45 58 45 00 77 a5 00 f0
Immagine dello stack:
575c3a43 4f444e49 455c5357 4f4c5058 2e524552 00455845 f000a577 f000ff53 cc000000 061f0842 f000ff33 f000ff33 f000ff33 f000ff33 f000ef57 f000f67b
**********************************************************************
Data 09/17/2004 Ora 19:37
SCANDSKW ha provocato un errore di segmento non presente
nel modulo DSKMAINT.DLL in 0004:00001d8c.
Registri:
EAX=005c8d20 CS=1727 EIP=00001d8c EFLGS=00000206
EBX=170f1000 SS=16b7 ESP=00002590 EBP=0000259a
ECX=00001000 DS=1767 ESI=000209e0 FS=16bf
EDX=cc62000c ES=1767 EDI=000207a0 GS=0000
Byte all'indirizzo CS:EIP:
9a 52 07 2f 17 0b c0 74 05 80 8c 90 02 10 9a 14
Immagine dello stack:
009c09e0 00000000 25f80000 0a5224c8 8d2015b7 07a0000c 09e015bf 07a015bf 1ca0009c 2beb0770 333e07a0 07a01ca0 260215bf 15af4282 07a01ca0 1325009c
**********************************************************************
Data 09/19/2004 Ora 10:55
SPOOL32 ha provocato un errore di pagina non valida nel
modulo SPOOL32.EXE in 018f:00402075.
Registri:
EAX=00000004 CS=018f EIP=00402075 EFLGS=00010283
EBX=00000000 SS=0197 ESP=00d7ff84 EBP=00000000
ECX=cc76fe00 DS=0197 ESI=bff6ca1e FS=3d7f
EDX=bffbb490 ES=0197 EDI=bff8306c GS=0000
Byte all'indirizzo CS:EIP:
ff 33 55 e8 73 f0 ff ff 89 03 e8 e4 0c 00 00 89
Immagine dello stack:
00000000 00000004 00d7ffcc 817c4530 00000008 817c25a0 bff79391 00000000 817c4530 00000008 817c25a0 00000007 00d7ffa4 00d7fdb4 ffffffff bffb1b20
**********************************************************************
Data 09/19/2004 Ora 11:09
EXPLORER ha provocato un errore di pagina non valida nel
modulo SHLWAPI.DLL in 018f:70aa8c9e.
Registri:
EAX=8289fc4c CS=018f EIP=70aa8c9e EFLGS=00010202
EBX=70aa8c8c SS=0197 ESP=03e8e574 EBP=03e8e580
ECX=828a1dc8 DS=0197 ESI=08800a70 FS=45f7
EDX=00000005 ES=0197 EDI=80004005 GS=0000
Byte all'indirizzo CS:EIP:
8b 06 8d 4d 08 51 68 a0 da a8 70 56 ff 10 85 c0
Immagine dello stack:
00000005 004c4c98 828a1dc8 00000000 7fbd1520 08800a70 00000000 80004005 004c4c94 03e8e5b8 004e7440 70aa8cbc 004c4c98 00000000 03e8ed68 bff4595a
**********************************************************************
Data 09/19/2004 Ora 11:09
EXPLORER ha provocato un errore di pagina non valida nel
modulo <sconosciuto> in cc7b:01f91cc0.
Registri:
EAX=817945ec CS=018f EIP=01f91cc0 EFLGS=00010246
EBX=00000000 SS=0197 ESP=03e8fa68 EBP=01f91cc0
ECX=00000001 DS=0197 ESI=7ffd2f18 FS=45f7
EDX=0052a078 ES=0197 EDI=00000708 GS=0000
Byte all'indirizzo CS:EIP:
Immagine dello stack:
7ff58610 03e8fa9c 00000708 7ffd2f18 0000001b 7ff5ac19 0000001e 00000001 03e8fac0 8181fc6c 00000000 ff0a9eb3 0000001e 03e8fac4 7ff5ab64 7ff5a430
**********************************************************************
Data 09/19/2004 Ora 11:09
EXPLORER ha provocato un errore di pagina non valida nel
modulo <sconosciuto> in cc7b:01f91cd0.
Registri:
EAX=03e8e550 CS=018f EIP=01f91cd0 EFLGS=00210202
EBX=00000001 SS=0197 ESP=03e8e530 EBP=03e8e554
ECX=00000007 DS=0197 ESI=00000708 FS=618f
EDX=817cfb04 ES=0197 EDI=7ffd2f18 GS=309e
Byte all'indirizzo CS:EIP:
Immagine dello stack:
7ff501ac 03e8e9c4 7ff225d0 03e8e550 03e8e9e0 7ffd2f18 0000001e 01f91cd0 00000000 03e8e590 7ff52a0a 0000001e 00000000 03e8e9c4 7ff225d0 03e8e9e0
**********************************************************************
Data 09/21/2004 Ora 19:22
SCANDSKW ha provocato un errore di segmento non presente
nel modulo DSKMAINT.DLL in 0004:00001d8c.
Registri:
EAX=005c8d20 CS=1677 EIP=00001d8c EFLGS=00000206
EBX=165f1000 SS=162f ESP=00002590 EBP=0000259a
ECX=00001000 DS=16b7 ESI=000209e0 FS=1637
EDX=cc66000c ES=16b7 EDI=000207a0 GS=0000
Byte all'indirizzo CS:EIP:
9a 52 07 7f 16 0b c0 74 05 80 8c 90 02 10 9a 14
Immagine dello stack:
009809e0 00000000 25f80000 0a5224c8 8d201537 07a0000c 09e0153f 07a0153f 1ca00098 2beb0770 333e07a0
per me il tuo antivirus non pulisce bene
prova a usarene uno on line tipo:
http://housecall.trendmicro.com/
ciaooo
hai usato una versione vecchia di hijackthis
ti consiglio di scaricare la nuova e chiudere più programmi possibili prima di generare un nuovo log
Zio Nick
29-09-2004, 20:44
allora... ho scaricato ieri la versione 1.98.1 di hjt e posto qui il nuovo log:
Logfile of HijackThis v1.98.1
Scan saved at 21.35.19, on 29/09/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAMMI\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMMI\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAMMI\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAMMI\PESTPATROL\PPCONTROL.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
C:\PROGRAMMI\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qinetiq.com/home_etps.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: - {ADDB1117-BA0B-4D12-AE6C-B3F0D57CC49B} - C:\WINDOWS\SYSTEM\L.DLL
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRAMMI\PESTPATROL\CookiePatrol.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRAMMI\PESTPATROL\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRAMMI\PESTPATROL\PPControl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\FILECO~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\FILECO~1\SYMANT~1\SNDSRVC.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programmi\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\WebshotsTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .3dml: C:\Programmi\Flatland\NProver.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.141.212.204/activex/AxisCamControl.ocx
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4364/mcfscan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O20 - AppInit_DLLs: apitrap.dll;
Aspetto consigli, ciao!:confused:
perdonami...
ma lo faccio per te... esiste la versione 1.98.2
MIRROR @ Majorgeeks (http://www.majorgeeks.com/download3155.html)
Zio Nick
29-09-2004, 22:13
grrr....:grrr:
ok,ecco il log con il .2 ...
ora mi dai qualche dritta?:help:
Logfile of HijackThis v1.98.2
Scan saved at 23.01.45, on 29/09/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAMMI\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMMI\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAMMI\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAMMI\PESTPATROL\PPCONTROL.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
C:\PROGRAMMI\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\ICQ\ICQ.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qinetiq.com/home_etps.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: - {ADDB1117-BA0B-4D12-AE6C-B3F0D57CC49B} - C:\WINDOWS\SYSTEM\L.DLL
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRAMMI\PESTPATROL\CookiePatrol.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRAMMI\PESTPATROL\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRAMMI\PESTPATROL\PPControl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\FILECO~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\FILECO~1\SYMANT~1\SNDSRVC.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programmi\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\WebshotsTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .3dml: C:\Programmi\Flatland\NProver.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.141.212.204/activex/AxisCamControl.ocx
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4364/mcfscan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O20 - AppInit_DLLs: apitrap.dll;
allora
queste restrizioni le hai messe tu?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
se no fixa queste righe poi fixa
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qinetiq.com/home_etps.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: - {ADDB1117-BA0B-4D12-AE6C-B3F0D57CC49B} - C:\WINDOWS\SYSTEM\L.DLL
O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} -
e
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.141.212.204/activex/AxisCamControl.ocx
se non la riconosci
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.