testo errore:
EXPLORER ha provocato un errore di pagina non valida nel
modulo MSVCRT.DLL in 019f:780154a7.
Registri:
EAX=7803a152 CS=019f EIP=780154a7 EFLGS=00010246
EBX=00000010 SS=01a7 ESP=036d9428 EBP=036d9438
ECX=000074f5 DS=01a7 ESI=772a74f5 FS=6f3f
EDX=0fffffff ES=01a7 EDI=036d9472 GS=0000
Byte all'indirizzo CS:EIP:
66 8b 04 48 a8 04 74 5b 83 c1 d0 3b cb 73 7b 83
Immagine dello stack:
036d94e0 772a41cc 00000000 00000000 036d9494 7801540c 036d9470 00000000 0000000f 00000000 637a2718 036d9470 00000000 00000010 036d9500 0628502c
estrazione di hijackthis.log:
Logfile of HijackThis v1.99.1
Scan saved at 14.16.41, on 27/12/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SCARDSVR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAMMI\FILE COMUNI\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAMMI\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMMI\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMMI\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\ATIP.EXE
C:\WINDOWS\SYSTEM\W98EJECT.EXE
C:\PROGRAMMI\DATE MANAGER\DATEMANAGER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WSCOMP\NITERM32.EXE
C:\WINDOWS\SYSTEM\NAUDPWC3.DRV
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\EXCEL.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://lookfor.cc/sp.php?pin=51014R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://lookfor.cc/sp.php?pin=51014R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://lookfor.cc?pin=51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://lookfor.cc/sp.php?pin=51014R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://lookfor.cc/sp.php?pin=51014R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://lookfor.cc/sp.php?pin=51014R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://lookfor.cc?pin=51014
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {854604F6-7639-916F-EFED-29E3BDC1A5E3} - C:\WINDOWS\ADDBI32.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAMMI\FILE COMUNI\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [Connector] C:\WINDOWS\SYSTEM\ShellExt\ATX1.EXE -n
O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min
O4 - HKLM\..\Run: [AtiPanel] C:\WINDOWS\atip.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SCardSvr] C:\WINDOWS\SYSTEM\SCardSvr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ADDPX32.EXE] C:\WINDOWS\SYSTEM\ADDPX32.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [dm_service] C:\WINDOWS\SYSTEM\SCREENSAVER.V.2.1[1].EXE
O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Date Manager.lnk = C:\PROGRA~1\Date Manager\DateManager.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Connector - {FFB51760-344E-4FFB-BFFF-4B18C7AC1D63} - C:\WINDOWS\SYSTEM\SHELLEXT\ATX1.EXE (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} -
http://deposito.hostance.net/dialer/504990.exeO16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) -
http://secure2.comned.com/signuptemplates/ActiveSecurity.cabO16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) -
http://www.a99b.com/go/cax.cabO16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cabO16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) -
http://secure2.comned.com/signuptemplates/AktiveSekurity.cabO16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -
http://secure2.comned.com/signuptemplates/securelogin-devel.cabO17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 213.140.2.49,213.140.2.43