ciao a tutti da qualche giorno ho dei problemi con il computer, ogni tanto mi si apre la finestra "about-blank" e poi non mi funzionano più le chat in java e infine ho anche dei problemi nel funzionamento di acrobat reader.
questo è il log fatto con hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 10.02.59, on 21/02/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\SIS630_V1.01B.02\UTILITY\3D\KHOOKER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAMMI\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epaca.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {F585B584-55EE-11BD-B8FB-004032FAB48C} - C:\WINDOWS\SYSTEM\MOGDFA.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS KHooker] C:\Programmi\SiS630_V1.01b.02\utility\3d\khooker.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [nneeymntw] C:\WINDOWS\SYSTEM\jrzpaek.exe
O4 - HKLM\..\Run: [ljxrqqn] C:\WINDOWS\SYSTEM\JRZPAEK.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMMI\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000410-78E1-11D2-B60F-006097C998 E7}\misc.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\TIZIANO\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\TIZIANO\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAMMI\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAMMI\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (file missing) (HKCU)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {FFD1E45F-2B11-4742-BF47-3822FE02EE0F} (Yahoo! Foto - salva e condividi le tue foto su Yahoo! E' facile!l Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropp er/ydropper1_4it.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - https://intranet.epaca.it/Stampe/activexviewer.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = tin.it
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.2,151.99.250.2,151.99.125.3
ho provato sia con Ad-weare sia con spybot
Un grazie sincero per il vostro aiuto.
ciao a tutti alex
sono sempre io su un altro computer invece ho questo tipo di problema:
IL SITO TREMENDO E' WWW.MASTER69.BIZ.
DOPO CHE APPARE FACCIO LA SCANZIONE CON AD-AWARE E NATURALMENTE TROVA UN INFETTO CHE IO ELIMINO, MA APPENA MI COLLEGO RIAPPARE LA FRASE VIETATO AI MINORI DI 18 NNAI ECC. E SE CLICCHI SI SI APRE IL SITO SE CLICCHI NO SI SPENGE IL COLLEGAMENTO.
provato ad eliminarlo con Ad-weare ma ogni volta che si riaccende il computer si rigenera.
grazie anche per questo
questo è il nuovo log
Logfile of HijackThis v1.99.1
Scan saved at 18.07.13, on 21/02/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\SIS630_V1.01B.02\UTILITY\3D\KHOOKER.EXE
C:\PROGRAMMI\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMMI\BHODEMON 2\BHODEMON.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epaca.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS KHooker] C:\Programmi\SiS630_V1.01b.02\utility\3d\khooker.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMMI\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000410-78E1-11D2-B60F-006097C998 E7}\misc.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Programmi\BHODemon 2\BHODemon.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\TIZIANO\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\TIZIANO\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {FFD1E45F-2B11-4742-BF47-3822FE02EE0F} (Yahoo! Foto - salva e condividi le tue foto su Yahoo! E' facile!l Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropp er/ydropper1_4it.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - https://intranet.epaca.it/Stampe/activexviewer.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = tin.it
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.2,151.99.250.2,151.99.125.3
PS. può essere utile navigare in internet con netscape anziche con explorer?
ciao e grazie
su questa macchina per ora tutto bene a parte i problemi di apertura di acrobat reader, questa mattina ho avviato internet e non ci sono stati più problemi di finestre che si aprono da sole o di reindirizzamenti.
Ho dei problemi simili su di un altro pc, appena avrò il log lo posterò così mi dai qualche consiglio.
grazie per la tua disponibilità ciao Alex
il problema con acrobat non l'ho risolto comunque è lo stesso.
adesso sto usando mozzilla e mi sembra funzioni ok anche se in alcuni siti tipo quello dell'INPS non funziona molto bene.
ti posto il log dell'altro computer
mi sai dire qualcosa? a prima vista ci sono alcune cose che non vanno
Logfile of HijackThis v1.99.1
Scan saved at 11.35.02, on 22/02/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAMMI\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMMI\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\APPLICATION DATA\SGRUNT\IE4321.EXE
C:\PROGRAMMI\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.10\ADULTO.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.master69.biz?29
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EVILLA] C:\WINDOWS\SYSTEM\eVILLA.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Olympic] C:\WINDOWS\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
O4 - HKCU\..\Run: [ALUAlert] C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /A "C:\WINDOWS\SYSTEM\E_SA3B1.TMP"
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.master69.biz
O16 - DPF: {1FB464C8-09BB-4017-A2F5-EB742F04392F} (Microsoft Terminal Services Control (redist)) - http://80.126.26.10:8082/lgtermdir/mstscax.cab
O16 - DPF: {9F5BB9E1-31AE-4A13-8734-15CED0F60A3D} (myActiveXCOM Class) - http://dialer.eroticando.com/activex_manager/cabs/activex1.0 .0.15.cab
ciao e grazie