fu_gazzi
19-11-2004, 10:28
Questo e' il messaggio di errore che mi appare:
spybot non finisce la scansione, bloccandosi su win.in.
qual e' il processo che lo blocca? e come devo intervenire?
Grazie.
fu_gazzi
****
Error during check!: Cabrotor (Datei C:\WINNT\win.ini kann nicht geöffnet werden. The process cannot access the file because
it is being used by another process) ()
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2562506095-1415077195-1391891001-7443\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
---------------------------------------------------------
--- Spybot - Search && Destroy version: 1.3 ---
2004-08-11 Includes\Cookies.sbi
2004-11-17 Includes\Dialer.sbi
2004-11-17 Includes\Hijackers.sbi
2004-11-17 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-11-17 Includes\Malware.sbi
2004-08-11 Includes\plugin-ignore.ini
2004-05-12 Includes\Revision.sbi
2004-10-25 Includes\Security.sbi
2004-11-17 Includes\Spybots.sbi
2004-10-21 Includes\Tracks.uti
2004-11-17 Includes\Trojans.sbi
-------------------------------------------------
------------------------------------------------
Logfile of HijackThis v1.97.7
-----------------------------------------------------
-----------------------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 10.55.37, on 19/11/2004
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\SERVICE_Inventory.exe
D:\my-prog\nero\InCD\InCDsrv.exe
C:\WINNT\System32\mgasc.exe
C:\WINNT\System32\mgactrl.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\system32\RKillSrv.exe
C:\WINNT\system32\RpcSs.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\winmgmt.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\VE2045.EXE
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\loadwc.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE
C:\WINNT\System32\MGAHOOK.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp3.exe
D:\my-prog\nero\InCD\InCD.exe
D:\Program Files\Garzanti Linguistica\Hazon clic\HAZON.EXE
D:\my-prog\potiit\psnotes.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\WINNT\system32\ntvdm.exe
D:\a_moz\Firefox 1.0\firefox\firefox.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\Profiles\my\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = testo rimosso
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = testo rimosso
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=%SystemRoot%\RunEver.lnk
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [cryptoex] C:\WINNT\system32\wscript.exe "C:\Program Files\CryptoEx Security Suite\PolicyUpdate.vbs"
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MGA QuickDesk] "C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE"
O4 - HKLM\..\Run: [MGA Hook] "C:\WINNT\System32\MGAHOOK.EXE"
O4 - HKLM\..\Run: [FinePrint Dispatcher] C:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp3.exe
O4 - HKLM\..\Run: [InCD] D:\my-prog\nero\InCD\InCD.exe
O4 - HKLM\..\Run: [Hazon clic] "D:\Program Files\Garzanti Linguistica\Hazon clic\HAZON.EXE" -I
O4 - Startup: connetti.bat.lnk = ?
O4 - Global Startup: Post-it® Software Notes.lnk = D:\my-prog\potiit\psnotes.exe
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\XMLSPY\spy.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Edit with XML Spy (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\Plus!\MICROS~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {A3863C2E-86EB-11D1-A9DB-00C04FB16F9E} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
spybot non finisce la scansione, bloccandosi su win.in.
qual e' il processo che lo blocca? e come devo intervenire?
Grazie.
fu_gazzi
****
Error during check!: Cabrotor (Datei C:\WINNT\win.ini kann nicht geöffnet werden. The process cannot access the file because
it is being used by another process) ()
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2562506095-1415077195-1391891001-7443\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
---------------------------------------------------------
--- Spybot - Search && Destroy version: 1.3 ---
2004-08-11 Includes\Cookies.sbi
2004-11-17 Includes\Dialer.sbi
2004-11-17 Includes\Hijackers.sbi
2004-11-17 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-11-17 Includes\Malware.sbi
2004-08-11 Includes\plugin-ignore.ini
2004-05-12 Includes\Revision.sbi
2004-10-25 Includes\Security.sbi
2004-11-17 Includes\Spybots.sbi
2004-10-21 Includes\Tracks.uti
2004-11-17 Includes\Trojans.sbi
-------------------------------------------------
------------------------------------------------
Logfile of HijackThis v1.97.7
-----------------------------------------------------
-----------------------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 10.55.37, on 19/11/2004
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\SERVICE_Inventory.exe
D:\my-prog\nero\InCD\InCDsrv.exe
C:\WINNT\System32\mgasc.exe
C:\WINNT\System32\mgactrl.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\system32\RKillSrv.exe
C:\WINNT\system32\RpcSs.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\winmgmt.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\VE2045.EXE
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\loadwc.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE
C:\WINNT\System32\MGAHOOK.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp3.exe
D:\my-prog\nero\InCD\InCD.exe
D:\Program Files\Garzanti Linguistica\Hazon clic\HAZON.EXE
D:\my-prog\potiit\psnotes.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\WINNT\system32\ntvdm.exe
D:\a_moz\Firefox 1.0\firefox\firefox.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\Profiles\my\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = testo rimosso
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = testo rimosso
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=%SystemRoot%\RunEver.lnk
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [cryptoex] C:\WINNT\system32\wscript.exe "C:\Program Files\CryptoEx Security Suite\PolicyUpdate.vbs"
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MGA QuickDesk] "C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE"
O4 - HKLM\..\Run: [MGA Hook] "C:\WINNT\System32\MGAHOOK.EXE"
O4 - HKLM\..\Run: [FinePrint Dispatcher] C:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp3.exe
O4 - HKLM\..\Run: [InCD] D:\my-prog\nero\InCD\InCD.exe
O4 - HKLM\..\Run: [Hazon clic] "D:\Program Files\Garzanti Linguistica\Hazon clic\HAZON.EXE" -I
O4 - Startup: connetti.bat.lnk = ?
O4 - Global Startup: Post-it® Software Notes.lnk = D:\my-prog\potiit\psnotes.exe
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\XMLSPY\spy.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Edit with XML Spy (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\Plus!\MICROS~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {A3863C2E-86EB-11D1-A9DB-00C04FB16F9E} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab