Ciao!
Ho problema su un pc di un utente, quando accede a documenti sul portale aziendale (sharepoint) riceve il messaggio "modulo che ha provocato l'errore kernell32.dll......."
Allego il log di HJT
mi date una mano?
GRAZIE
Ho problema su un pc di un utente, quando accede a documenti sul portale aziendale (sharepoint) riceve il messaggio "modulo che ha provocato l'errore kernell32.dll......."
Allego il log di HJT
mi date una mano?
GRAZIE
Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.59.01, on 05/03/10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\BNLService\BNLService.exe
C:\Programmi\Serden\InterAct ES\Bin\IAManager.exe
C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\OfficeScanNT\ntrtscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\RCSERV.EXE
C:\Programmi\OfficeScanNT\tmlisten.exe
C:\Programmi\Serden\InterAct ES\Bin\IAProvider.exe
C:\WINDOWS\TEMP\FB1904.EXE
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmi\OfficeScanNT\CNTAoSMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://b2e.group.echonet/"]http://b2e.group.echonet[/URL]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [URL]http://iweb/[/URL]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy02:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *bnl.it;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\OfficeScanNT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [lcfep] "C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SwdisUsrPCN.CL086D9418] "C:\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "c:\Tivoli\swdis\1\wdusrpcn.env"
O4 - HKLM\..\Run: [IAUsrSession] "C:\Programmi\Serden\InterAct ES\Bin\IAUsrSession.exe"
O4 - HKUS\S-1-5-21-1801674531-1343024091-682003330-18862506\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'OI42781')
O4 - HKUS\S-1-5-21-1801674531-1343024091-682003330-18862506\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe" (User 'OI42781')
O4 - S-1-5-18 Startup: RU_registry.lnk = C:\Programmi\BMC\registry\RU_registry.bat (User 'SYSTEM')
O4 - S-1-5-18 Startup: wmpflag.lnk = C:\Softdist\WMP\wmpflag.bat (User 'SYSTEM')
O4 - .DEFAULT Startup: RU_registry.lnk = C:\Programmi\BMC\registry\RU_registry.bat (User 'Default user')
O4 - .DEFAULT Startup: wmpflag.lnk = C:\Softdist\WMP\wmpflag.bat (User 'Default user')
O4 - .DEFAULT User Startup: RU_registry.lnk = C:\Programmi\BMC\registry\RU_registry.bat (User 'Default user')
O4 - .DEFAULT User Startup: wmpflag.lnk = C:\Softdist\WMP\wmpflag.bat (User 'Default user')
O4 - Startup: RU_registry.lnk = C:\Programmi\BMC\registry\RU_registry.bat
O4 - Startup: wmpflag.lnk = C:\Softdist\WMP\wmpflag.bat
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://b2e.group.echonet
O15 - Trusted Zone: [URL="http://download.com.com/"]Free software downloads and software reviews - CNET Download.com[/URL] (HKLM)
O15 - Trusted Zone: [URL="http://forums.us.dell.com/"]http://forums.us.dell.com[/URL] (HKLM)
O15 - Trusted Zone: [URL="http://support.dell.com/"]Welcome to Dell Support[/URL] (HKLM)
O15 - Trusted Zone: [URL="http://forums1.itrc.hp.com/"]IT Resource Center forums[/URL] (HKLM)
O15 - Trusted Zone: [URL="http://du.ilsole24ore.com/"]http://du.ilsole24ore.com[/URL] (HKLM)
O15 - Trusted Zone: [URL="http://www.24oreborsaonline.ilsole24ore.com/"]Borsa: quotazioni azioni e titoli, valute e obbligazioni - Money24[/URL] (HKLM)
O15 - Trusted Zone: [URL="http://www.sanpaoloimi.com/"]Intesa Sanpaolo[/URL] (HKLM)
O15 - Trusted Zone: [URL="http://www.soldionline.it/"]Soldionline.it : Informazione finanziaria indipendente[/URL] (HKLM)
O15 - Trusted Zone: [URL="http://ansi.wbt.it/"]http://ansi.wbt.it[/URL] (HKLM)
O15 - Trusted Zone: [URL="http://www.winnetmag.com/"]Windows IT Pro - The leading independent community for IT pros[/URL] (HKLM)
O16 - DPF: WdkPluginCab - [URL]http://parva9000535:9081/webtop53/wdk/native/WdkPluginCab.CAB[/URL]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [URL]http://go.microsoft.com/fwlink/?linkid=39204[/URL]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dip.banca.bnl.it
O17 - HKLM\Software\..\Telephony: DomainName = dip.banca.bnl.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dip.banca.bnl.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dip.banca.bnl.it,banca.bnl.it,ita.net.intra,it.net.intra,net.intra
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dip.banca.bnl.it,banca.bnl.it,ita.net.intra,it.net.intra,net.intra
O20 - Winlogon Notify: IAWinStart - C:\WINDOWS\SYSTEM32\IAWinStart.dll
O23 - Service: BNLService (bnlsrv) - - C:\Programmi\BNLService\BNLService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InterAct ES Consumer (IA Consumer) - SERDEN - C:\Programmi\Serden\InterAct ES\Bin\IAConsumer.exe
O23 - Service: InterAct ES Manager (IA Manager) - SERDEN Inc - C:\Programmi\Serden\InterAct ES\Bin\IAManager.exe
O23 - Service: InterAct ES Provider (IA Provider) - SERDEN Inc - C:\Programmi\Serden\InterAct ES\Bin\IAProvider.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\OfficeScanNT\ntrtscan.exe
O23 - Service: Tivoli Remote Control Service (TME10RC) - TIVOLI - C:\WINDOWS\RCSERV.EXE
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\OfficeScanNT\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Programmi\OfficeScanNT\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programmi\OfficeScanNT\TmProxy.exe
--
End of file - 9080 bytes
Ultima modifica da un moderatore:
