Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controllo log...please help me Opzioni
ritchie80
Inviato: Monday, September 26, 2005 2:24:14 PM
Rank: Member

Iscritto dal : 2/15/2005
Posts: 0
salve ragazzi,ho il pc terribilmente bloccato.va in continua difficolta con le applicazioni,è molto lento,si blocca spesso e da ieri si riavvia anke da solo (credo si tratti di un worms.vi invio il log...mi date una mano please?
grazie marco



Logfile of HijackThis v1.99.1
Scan saved at 14.21.50, on 26/09/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\G DATA\AVKMail\AVKPOP.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\etb\pokapoka70.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\AntiVirusKit InternetSecurity\Webfilter\Webfilter.exe
C:\Programmi\AntiVirusKit InternetSecurity\Firewall\kavpf.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\ANTIVI~1\WEBFIL~1\ADSCLE~1.EXE
C:\Programmi\AntiVirusKit InternetSecurity\AVK\AVKService.exe
C:\Programmi\AntiVirusKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\MARCO\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sitesearchcentral.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sitesearchcentral.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sitesearchcentral.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: andRadio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [KernelFaultCheck] :systemroot:\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programmi\File comuni\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\\etb\pokapoka69.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Filtro web.lnk = C:\Programmi\AntiVirusKit InternetSecurity\Webfilter\Webfilter.exe
O4 - Global Startup: Firewall.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add selected links to Link Container - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_collector_sel.htm
O8 - Extra context menu item: Eandsporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show domain links - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_domain_links.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126825589749
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126825574897
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5653ECD-EA4C-437C-A8A6-C6295E194248}: Domain = fastwebnet.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fastwebnet.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fastwebnet.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fastwebnet.it
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programmi\AntiVirusKit InternetSecurity\AVK\AVKService.exe
O23 - Service: Monitor di AVK (AVKWCtl) - Unknown owner - C:\Programmi\AntiVirusKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Thread Master (ThreadMaster) - http://threadmaster.tripod.com - threadmaster@europe.com - C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe
Sponsor
Inviato: Monday, September 26, 2005 2:24:14 PM

 
a.roselli
Inviato: Monday, September 26, 2005 3:20:10 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,052
Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
-
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
-
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe
-
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\\etb\pokapoka69.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
firewall.exe
wuamk032.exe
pokapoka65.exe
pokapoka67.exe
spooIsv.exe
winIogon.exe
pokapoka69.exe
pokapoka70.exe
==================================

CENCELLA LA CARTELLA IN ROSSO
C:\WINDOWS\<font color=red><b>etb</font id=red></b>


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.


Devi aggiornare il sistema da WINDOWS UPDATE.

alfonso_aiutamici@hotmail.it

Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.