---

Ciao a tutti, è un po' di tempo che un messaggio di errore mi assilla ogni qualvolta cerco di accedere ad alcune applicazioni o programmi (funzioni pannello di controllo, spegniemnt pc, cartella stampante, modifica dell'orario, attivazione automatica dell'antivirus,ecc) che ho sul pc con WINDOWS ME.

Il messaggio dice:"il file RUNDLL32.EXE è collegato all'esportazione mancante KERNEL32.DLL:ActivateActCtx". Un ulteriore messaggio mi avvisa che è impossibile accedere alla periferica o al file specificato in quanto non dispongo delle autorizzazioni necessarie.
Vi allego il LOG
Grazie

Logfile of HijackThis v1.99.1
Scan saved at 11.59.34, on 02/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAMMI\COMMON FILES\DPI\DPI.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMMI\ENERGYPLUGIN\ENERGYPLUGIN.EXE
C:\WINDOWS\SYSTEM\REALMON.EXE
C:\WINDOWS\SYSTEM\HXKTD.EXE
C:\PROGRAMMI\PTSS\LRTR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {8EB5DCFB-9921-4E33-9628-E1957EA9CAA3} - C:\WINDOWS\SYSTEM\COIILAA.DLL (file missing)
O2 - BHO: (no name) - {00CD7CE1-CD0A-C8F8-2F34-9CDC4E3CBB9C} - C:\WINDOWS\SYSTEM\HNMYIQQT.DLL (file missing)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL
O2 - BHO: (no name) - {8F5EC641-27AB-2555-879E-76A2D8A0699F} - C:\WINDOWS\SYSTEM\ACAW.DLL (file missing)
O2 - BHO: (no name) - {E5B629B0-C858-9BA5-2734-CCA9389F5B96} - C:\WINDOWS\SYSTEM\WCFYSL.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Dpi] C:\PROGRAMMI\COMMON FILES\DPI\DPI.EXE
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\SYSTEM\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Programmi\HP\recguard.exe
O4 - HKLM\..\Run: [ACMonitor_X23] C:\Programmi\Lexmark\all-in-one_printer\ACMonitor_X23.exe
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\SYSTEM\APVXDWIN.EXE
O4 - HKLM\..\Run: [IPSecMon] C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\Run: [REAL] C:\Programmi\REAL\realjbox.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Ognkiysc] C:\WINDOWS\SYSTEM\hxktd.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRAMMI\AHEAD\NERO BACKITUP\NBJ.EXE"
O4 - HKCU\..\Run: [Ceea] C:\Programmi\ptss\lrtr.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://ricercaperfetta.com/ (file missing)
O9 - Extra 'Tools' menuitem: Loghi e suonerie - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://ricercaperfetta.com/ (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://66.181.170.109/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {17176065-B807-4CF1-BF1C-B85008597878} - http://www.scaricasoftware.com/lg029808.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?1&4&04.00.04.03&unknown&unknown&http://www.integraitalia.com/mosciano/tav_9b/tav_9b.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1019486.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/dialer/it/activex_261_it.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/default.cab?uid=16&id=28753&ex&1s&ppd=3&start=050529
O18 - Filter: text/html - {CC687DEC-AD90-4CFD-9DBC-6927EFCB4E5D} - C:\WINDOWS\SYSTEM\COIILAA.DLL
O18 - Filter: text/plain - {CC687DEC-AD90-4CFD-9DBC-6927EFCB4E5D} - C:\WINDOWS\SYSTEM\COIILAA.DLL

Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=298&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
-
O2 - BHO: (no name) - {8EB5DCFB-9921-4E33-9628-E1957EA9CAA3} - C:\WINDOWS\SYSTEM\COIILAA.DLL (file missing)
O2 - BHO: (no name) - {00CD7CE1-CD0A-C8F8-2F34-9CDC4E3CBB9C} - C:\WINDOWS\SYSTEM\HNMYIQQT.DLL (file missing)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL
O2 - BHO: (no name) - {8F5EC641-27AB-2555-879E-76A2D8A0699F} - C:\WINDOWS\SYSTEM\ACAW.DLL (file missing)
O2 - BHO: (no name) - {E5B629B0-C858-9BA5-2734-CCA9389F5B96} - C:\WINDOWS\SYSTEM\WCFYSL.DLL
-
O4 - HKLM\..\Run: [Dpi] C:\PROGRAMMI\COMMON FILES\DPI\DPI.EXE
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile
-
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
-
O4 - HKCU\..\Run: [Ognkiysc] C:\WINDOWS\SYSTEM\hxktd.exe
-
O4 - HKCU\..\Run: [Ceea] C:\Programmi\ptss\lrtr.exe
-
O9 - Extra button: (no name) - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://ricercaperfetta.com/ (file missing)
O9 - Extra 'Tools' menuitem: Loghi e suonerie - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://ricercaperfetta.com/ (file missing)
-
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://66.181.170.109/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {17176065-B807-4CF1-BF1C-B85008597878} - http://www.scaricasoftware.com/lg029808.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
-
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?1&4&04.00.04.03&unknown&unknown&http://www.integraitalia.com/mosciano/tav_9b/tav_9b.html
-
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
-
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1019486.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/dialer/it/activex_261_it.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
-
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
-
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/default.cab?uid=16&id=28753&ex&1s&ppd=3&start=050529
O18 - Filter: text/html - {CC687DEC-AD90-4CFD-9DBC-6927EFCB4E5D} - C:\WINDOWS\SYSTEM\COIILAA.DLL
O18 - Filter: text/plain - {CC687DEC-AD90-4CFD-9DBC-6927EFCB4E5D} - C:\WINDOWS\SYSTEM\COIILAA.DLL
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
SearchBar.htm
COIILAA.DLL
HNMYIQQT.DLL
CERBMOD.DLL
ACAW.DLL
WCFYSL.DLL
DPI.EXE
cmd32.exe
internat.dll
EnergyPlugin.exe
hxktd.exe
lrtr.exe
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA


al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.


Dopo aver fatto tutto come indicato fai una scansione antivirus on line da questo indirizzo
http://security.symantec.com/default.asp?productid=symhome&langid=it&venid=sym

Antivirus e Firewall risultano disattivati, riattivali se non ci sono virus dalla scansione on line, altrimenti formatta il disco fisso e reinstalla tutto.

---

Collaboratore Aiutamici