Condividi:        

Mi si blocca il pc...

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Mi si blocca il pc...

Postdi Snoopy85 » 16/08/06 08:17

Ciao, ho un problema: da due giorni, quando sono su internet, il pc dopo qualche minuto si blocca (oppure cade la connessione - ho notato che le due cose non accadono "insieme"). Si blocca tutto (tranne qualche programma sul desktop)... non posso riavviarlo e, quindi, sono costretto a spegnere il computer in maniera brusca.

Posto il mio log hijackthis:

_ _ _ _

Logfile of HijackThis v1.99.1
Scan saved at 9.10.57, on 16/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINXP\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINXP\System32\CTsvcCDA.EXE
C:\WINXP\system32\pctspk.exe
C:\WINXP\System32\svchost.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\WINXP\System32\MsPMSPSv.exe
C:\WINXP\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINXP\logon.exe
C:\WINXP\TEMP\vrbj1.exe
C:\WINXP\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINXP\System32\devldr32.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINXP\System32\wuauclt.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metallica.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O1 - Hosts: 205.214.67.212 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AHQInit] C:\Programmi\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINXP\logon.exe
O4 - HKLM\..\Run: [Winsystem] C:\WINXP\System32\Winsystem\Freevideo1.EXE -d
O4 - HKLM\..\Run: [vrbj1.exe] C:\WINXP\TEMP\vrbj1.exe
O4 - HKLM\..\RunServices: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BPMInit] BpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~1
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Winsystem - {491A5872-C30F-4E54-8FF1-BF31CC73DC4B} - C:\WINXP\System32\WINSYS~1\FREEVI~1.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.217/aboxinst_int16.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10714-23.exe
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/i ... 31d43d35df
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINXP\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINXP\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SrvCje - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\com5.exe (file missing)

_ _ _ _

Spero possiate aiutarmi. Un saluto.
Snoopy85
Utente Junior
 
Post: 10
Iscritto il: 07/07/06 23:20

Sponsor
 

Postdi andorra24 » 16/08/06 08:36

Ciao, apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\WINXP\logon.exe
C:\WINXP\TEMP\vrbj1.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O1 - Hosts: 205.214.67.212 auto.search.msn.com
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINXP\logon.exe
O4 - HKLM\..\Run: [Winsystem] C:\WINXP\System32\Winsystem\Freevideo1.EXE -d
O4 - HKLM\..\Run: [vrbj1.exe] C:\WINXP\TEMP\vrbj1.exe
O4 - HKLM\..\RunServices: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O9 - Extra button: Winsystem - {491A5872-C30F-4E54-8FF1-BF31CC73DC4B} - C:\WINXP\System32\WINSYS~1\FREEVI~1.EXE (file missing)
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.217/aboxinst_int16.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10714-23.exe
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/i ... 31d43d35df
O23 - Service: SrvCje - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\com5.exe (file missing)

Scarica ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare file temporanei di windows e IE)
Avvia ATF cleaner, clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!"

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox assicurati che spariscano dal tuo pc i seguenti files (se presenti) :
C:\WINXP\logon.exe
C:\WINXP\TEMP\vrbj1.exe
C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
C:\WINXP\System32\Winsystem\Freevideo1.EXE (dopo aver eliminato il file exe elimina anche la cartella Winsystem)
C:\Programmi\File comuni\Microsoft Shared\com5.exe

Fai una scansione con ewido:
http://www.grisoft.cz/softw/70/filedir/ ... 0.172b.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Snoopy85 » 16/08/06 19:52

Innanzitutto grazie... ho eseguito le tue istruzioni alla lettera, in un primo momento sembrava tutto ok (il pc non si è bloccato per più di un'ora - ieri si bloccava dopo alcuni minuti) ma poi si è impallato di nuovo.
Snoopy85
Utente Junior
 
Post: 10
Iscritto il: 07/07/06 23:20

Postdi andorra24 » 16/08/06 20:02

Non e' certo facile individuare il motivo preciso per cui ti si blocca il pc.
Hai fatto la scansione con ewido linkata nel post precedente? Aggiungi anche una scansione con questo tool antivirus standalone:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Luke57 » 16/08/06 20:06

Ciao, Scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows clicca su modifica e seleziona incolla
Adesso seleziona tutto il contenuto del block notes e fai un copia e incolla nel forum

Allega anche il log fatto dalla posizione Autostart, con le stesse procedure del precedente.

Inoltre, controlla in pannello di controllo, installazioni\applicazioni se è presente l'applicazione Linkoptimizer, se c'è mi raccomando non tentare la disinstallazione, avvisa solamente.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Snoopy85 » 19/08/06 17:01

andorra24 ha scritto:Hai fatto la scansione con ewido linkata nel post precedente?

Sì, l'ho fatta... ha trovato qualcosa che ho, naturalmente, cancellato.

.....

Ho controllato, l'applicazione Linkoptimizer non c'è.
Il pc sembrava a posto, infatti due giorni fa non si è bloccato ma ieri sera (e oggi) il problema si è ripresentato (comunque la connessione non cade più - un problema sembra risolto). Posto i log fatti con Gmer, sperando che possiate aiutarmi:

(Rootkit)

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-19 17:57:15
Windows 5.1.2600


---- System - GMER 1.0.10 ----

SSDT \??\C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Files - GMER 1.0.10 ----

File C:\WINXP\system32\lpt5.cku

---- EOF - GMER 1.0.10 ----


_____________________________

(Autostart)


GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-19 16:02:17
Windows 5.1.2600


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINXP\system32\userinit.exe,
Windows@AppInit_DLLs = \\?\C:\WINXP\System32\lpt5.cku

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINXP\System32\CTsvcCDA.EXE
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\guard.exe
Pctspk /*PCTEL Speaker Phone*/@ = %SystemRoot%\system32\pctspk.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINXP\System32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NeroCheckC:\WINXP\System32\NeroCheck.exe = C:\WINXP\System32\NeroCheck.exe
@Disc DetectorC:\Programmi\Creative\ShareDLL\CtNotify.exe ??? X ? ? ? ? ? C ??? Disc Detector B ??A ? ??A p?? ??B ??@ $?@ ? C ??? U?@ ? ??? @?B ??A ? ??A ??? ??B ??@ P $?@ ??? ? ?E?w @ ? + ? ? ? ?? ??B ??? ?????? ??B = C:\Programmi\Creative\ShareDLL\CtNotify.exe ??? X ? ? ? ? ? C ??? Disc Detector B ??A ? ??A p?? ??B ??@ $?@ ? C ??? U?@ ? ??? @?B ??A ? ??A ??? ??B ??@ P $?@ ??? ? ?E?w @ ? + ? ? ? ?? ??B ??? ?????? ??B
@AHQInitC:\Programmi\Creative\SBLive\Program\AHQInit.exe = C:\Programmi\Creative\SBLive\Program\AHQInit.exe
@RealTrayC:\Programmi\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER /*file not found*/ = C:\Programmi\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER /*file not found*/
@AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar
@DC1300 MonitorC:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe = C:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@?_zskAJQ^QN]AVBIKOBO(null) =
@!ewido"C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\ewido.exe" /minimized = "C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\ewido.exe" /minimized
RunServices@?_zskAJQ^QN]AVBIKOBO =

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINXP\System32\ctfmon.exe = C:\WINXP\System32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@BPMInitBpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~1 = BpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~1
@MsnMsgr~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background /*file not found*/ = ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background /*file not found*/
@?_zskAJQ^QN]AVBIKOBO(null) =
@SweetIMC:\Programmi\Macrogaming\SweetIM\SweetIM.exe /*file not found*/ = C:\Programmi\Macrogaming\SweetIM\SweetIM.exe /*file not found*/

HKLM\Software\Classes\.hta@ = HemeraThumbnail.Archive

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{0DF49261-F891-4A12-9092-EC3566EADCCC} /*PixVuePropertySheet Class*/C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll = C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll
@{E376AE75-7C59-4487-B40C-082CCBB4ABDE} /*PixVueContextMenu Class*/C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll = C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll
@{F36B4023-B4F2-4C40-9CDC-0E1B0C66F1FC} /*PixVueInfoTip Class*/C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll = C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll
@{68f32140-2ca3-11d0-acc1-444553540000} /*PicaView*/C:\Programmi\ACD Systems\Picaview\PicaView.dll /*file not found*/ = C:\Programmi\ACD Systems\Picaview\PicaView.dll /*file not found*/
@{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.2 Context Menu Shell Extension*/(null) =
@{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.2 DragDrop Shell Extension*/(null) =
@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.2 Context Menu Shell Extension*/(null) =
@{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.2 Property Sheet Shell Extension*/(null) =
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\context.dll
PicaView@{68f32140-2ca3-11d0-acc1-444553540000} = C:\Programmi\ACD Systems\Picaview\PicaView.dll /*file not found*/
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll /*file not found*/ = C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll /*file not found*/
@{9394EDE7-C8B5-483E-8773-474BF36AF6E4}C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll = C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll = C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.spop@Location = C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\WINXP\SYSTEM32\blank.htm = C:\WINXP\SYSTEM32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.metallica.com/ = http://www.metallica.com/
@Local PageC:\WINXP\SYSTEM32\blank.htm = C:\WINXP\SYSTEM32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINXP\System32\msvidctl.dll
its@CLSID = C:\WINXP\System32\itss.dll
lid@CLSID = C:\WINXP\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINXP\System32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
tv@CLSID = C:\WINXP\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINXP\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINXP\System32\wiascr.dll

C:\Documents and Settings\Argentieri Donato\Menu Avvio\Programmi\Esecuzione automatica = Adobe Gamma.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Microsoft Office.lnk

---- EOF - GMER 1.0.10 ----
Snoopy85
Utente Junior
 
Post: 10
Iscritto il: 07/07/06 23:20

Postdi Luke57 » 19/08/06 18:01

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Files to delete:
C:\WINXP\system32\lpt5.cku




Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script

Posta anche un altro log di hijackthis
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Snoopy85 » 19/08/06 18:50

Grazie, eccoti i log:

Log Avenger

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qbrykqbk

*******************

Script file located at: \??\C:\WINXP\cycyxysc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINXP\system32\lpt5.cku deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////

_____________________

Log HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 19.47.32, on 19/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\CTsvcCDA.EXE
C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\guard.exe
C:\WINXP\system32\pctspk.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\MsPMSPSv.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\WINXP\System32\rundll32.exe
C:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINXP\System32\devldr32.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINXP\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINXP\system32\notepad.exe
C:\WINXP\system32\notepad.exe
C:\WINXP\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metallica.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AHQInit] C:\Programmi\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BPMInit] BpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~1
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0423BC71-3273-4396-8E54-3272D9A61A79}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{0423BC71-3273-4396-8E54-3272D9A61A79}: NameServer = 85.37.17.58 85.38.28.94
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINXP\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Argentieri Donato\Documenti\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINXP\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe
Snoopy85
Utente Junior
 
Post: 10
Iscritto il: 07/07/06 23:20

Postdi andorra24 » 19/08/06 19:33

Metti la spunta nella casellina accanto alle seguenti voci e dopo aver chiuso il browser e ogni altro programma aperto premi fix checked:

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O4 - HKLM\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\RunServices: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Cerca ed elimina il seguente file:
C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe (dopo aver eliminato il file exe elimina la cartella _zskwrkni05).
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Snoopy85 » 20/08/06 13:11

Allora, parlo da profano: mettendo la spunta (e dopo aver premuto 'fix checked') queste voci:

O4 - HKLM\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\RunServices: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe

dovrebbero "scomparire", vero?... Perchè facendo ancora la scansione ricompaiono, non vengono eliminate.


Il file C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe e la cartella _zskwrkni05 non riesco a trovarle.
Snoopy85
Utente Junior
 
Post: 10
Iscritto il: 07/07/06 23:20

Postdi Luke57 » 20/08/06 14:41

Ciao, hai impostato la visualizzazione dei file e cartelle nascosti?
riparti in modalità provvisoria:

Seleziona strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK

Se li trovi, eliminali dalla modalità provvisoria.
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Informa se qualcosa va storto.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Snoopy85 » 21/08/06 20:42

Sì, avevo impostato la visualizzazione dei file e delle cartelle nascoste... Anche in modalità provvisoria non ho trovato nulla.
Purtroppo il pc continua a bloccarsi (solo quando sono su internet) anche se con meno "frequenza". Dovrò chiedere aiuto a qualche tecnico - spero non sia nulla di "grave"... comunque se avete altri consigli li accetto volentieri. Immagine

Ringrazio te e andorra24, siete stati gentilissimi.

Un saluto
Snoopy85
Utente Junior
 
Post: 10
Iscritto il: 07/07/06 23:20


Torna a Sicurezza e Privacy


Topic correlati a "Mi si blocca il pc...":

Pc si blocca spesso.
Autore: pippocarso!
Forum: Discussioni
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 68 ospiti