Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto pc impazzito

aiuto pc impazzito Opzioni
Topic Precedente · Topic Sucessivo
Acthunbaby
Inviato: Monday, March 20, 2006 2:58:56 PM
Rank: Member

Iscritto dal : 3/20/2006
Posts: 0
buongiorno a tutti mi sono appena iscritta e sono disperata<img src=icon_smile_sad.gif border=0 align=middle><img src=icon_smile_sad.gif border=0 align=middle>
da una settimana circa il mio pc e' impazzito...finestre che si aprono da sole, homepage modificata ad ogni avvio navigazione rallentata....
ho lanciato ad.aware, spy boot,spyswepper...problemi ne ha trovati ma all'avvio si ricomincia ...non ne posso di piu' veramente.....
vi copio il file di hijacthis con la speranza che qualcuno mi aiuti

grazie mony
Logfile of HijackThis v1.99.1
Scan saved at 14.35.47, on 20/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\msiconfig.exe
C:\WINDOWS\axdcfasb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\instp.exe
C:\WINDOWS\System32\noproujz.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\scrnasc.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\scrnasc.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\WinZip\WZQKPICK.EXE
c:\windows\mousepad4.exe
c:\windows\mousepad4.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Network Monitor\netmon.exe
C:\WINDOWS\bW9uaWNh\command.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O4 - HKLM\..\Run: [mlp] C:\instp.exe
O4 - HKLM\..\Run: [Windows update adbpro] update32.exe
O4 - HKLM\..\Run: [spd] C:\instp.exe
O4 - HKLM\..\Run: [Windows Firewall Monitor] C:\instp.exe
O4 - HKLM\..\Run: [Virtual CD v6] grplscd.exe
O4 - HKLM\..\Run: [Microsoft FixUp] noproujz.exe
O4 - HKLM\..\Run: [mlink32] c:\windows\system32\derd\tmlink32.exe
O4 - HKLM\..\Run: [Virtual CD v8] lfcujzj.exe
O4 - HKLM\..\Run: [Crnsasad] scrnsscd.exe
O4 - HKLM\..\Run: [WinDLL (bee.dll)] rundll32.exe C:\WINDOWS\System32\bee.dll,start
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard4.exe
O4 - HKLM\..\Run: [Araeer] scrnseer.exe
O4 - HKLM\..\Run: [Crnserad] scrnasc.exe
O4 - HKLM\..\Run: [Realtek Sound Manager] mmyfhhj.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [asdgs] C:\instp.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad4.exe
O4 - HKLM\..\RunServices: [mlp] C:\instp.exe
O4 - HKLM\..\RunServices: [Windows update adbpro] update32.exe
O4 - HKLM\..\RunServices: [spd] C:\instp.exe
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\instp.exe
O4 - HKLM\..\RunServices: [Virtual CD v6] grplscd.exe
O4 - HKLM\..\RunServices: [Microsoft FixUp] noproujz.exe
O4 - HKLM\..\RunServices: [Virtual CD v8] lfcujzj.exe
O4 - HKLM\..\RunServices: [Crnsasad] scrnsscd.exe
O4 - HKLM\..\RunServices: [Araeer] scrnseer.exe
O4 - HKLM\..\RunServices: [Crnserad] scrnasc.exe
O4 - HKLM\..\RunServices: [Realtek Sound Manager] mmyfhhj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [mlink32] c:\windows\system32\derd\tsmlink32.exe
O4 - HKCU\..\Run: [Crnsasad] scrnsscd.exe
O4 - HKCU\..\Run: [Araeer] scrnseer.exe
O4 - HKCU\..\Run: [Crnserad] scrnasc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138271792756
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4719/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\jNvart.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bW9uaWNh\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
Torna in alto
 
Sponsor
Inviato: Monday, March 20, 2006 2:58:56 PM

 
Torna in alto
 
a.roselli
Inviato: Monday, March 20, 2006 8:03:19 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,052
Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
-
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
-
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O4 - HKLM\..\Run: [mlp] C:\instp.exe
O4 - HKLM\..\Run: [Windows update adbpro] update32.exe
O4 - HKLM\..\Run: [spd] C:\instp.exe
O4 - HKLM\..\Run: [Windows Firewall Monitor] C:\instp.exe
O4 - HKLM\..\Run: [Virtual CD v6] grplscd.exe
O4 - HKLM\..\Run: [Microsoft FixUp] noproujz.exe
O4 - HKLM\..\Run: [mlink32] c:\windows\system32\derd\tmlink32.exe
O4 - HKLM\..\Run: [Virtual CD v8] lfcujzj.exe
O4 - HKLM\..\Run: [Crnsasad] scrnsscd.exe
O4 - HKLM\..\Run: [WinDLL (bee.dll)] rundll32.exe C:\WINDOWS\System32\bee.dll,start
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard4.exe
O4 - HKLM\..\Run: [Araeer] scrnseer.exe
O4 - HKLM\..\Run: [Crnserad] scrnasc.exe
O4 - HKLM\..\Run: [Realtek Sound Manager] mmyfhhj.exe
-
O4 - HKLM\..\Run: [asdgs] C:\instp.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad4.exe
O4 - HKLM\..\RunServices: [mlp] C:\instp.exe
O4 - HKLM\..\RunServices: [Windows update adbpro] update32.exe
O4 - HKLM\..\RunServices: [spd] C:\instp.exe
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\instp.exe
O4 - HKLM\..\RunServices: [Virtual CD v6] grplscd.exe
O4 - HKLM\..\RunServices: [Microsoft FixUp] noproujz.exe
O4 - HKLM\..\RunServices: [Virtual CD v8] lfcujzj.exe
O4 - HKLM\..\RunServices: [Crnsasad] scrnsscd.exe
O4 - HKLM\..\RunServices: [Araeer] scrnseer.exe
O4 - HKLM\..\RunServices: [Crnserad] scrnasc.exe
O4 - HKLM\..\RunServices: [Realtek Sound Manager] mmyfhhj.exe
-
O4 - HKCU\..\Run: [mlink32] c:\windows\system32\derd\tsmlink32.exe
O4 - HKCU\..\Run: [Crnsasad] scrnsscd.exe
O4 - HKCU\..\Run: [Araeer] scrnseer.exe
O4 - HKCU\..\Run: [Crnserad] scrnasc.exe
-
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\jNvart.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bW9uaWNh\command.exe
-
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe
==================================

Con la funzione CERCA di Windows, cerca ed elimina questi file,
==================================
DH.dll
instp.exe
update32.exe
grplscd.exe
noproujz.exe
tmlink32.exe
lfcujzj.exe
scrnsscd.exe
bee.dll
keyboard4.exe
scrnseer.exe
scrnasc.exe
mmyfhhj.exe
mousepad4.exe
tsmlink32.exe
jNvart.dll
msiconfig.exe
netmon.exe
axdcfasb.exe
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA
poi clicca il pulsante PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus con questi programmi
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1043
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1177

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N

Fai una scansione antivirus on line da questo indirizzo
http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym
se vengono rilevati virus, formatta il disco fisso e reinstalla tutto

se non ci sono virus

Nel sistema non é presente un Antivirus, installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=728

Nel sistema non é presente un Firewall, installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=56

Aggiorna il sistema dal Windows Update
alfonso_aiutamici@hotmail.it
Torna in alto
 
Acthunbaby
Inviato: Saturday, March 25, 2006 12:15:49 AM
Rank: Member

Iscritto dal : 3/20/2006
Posts: 0
finalmente sono riuscita a connettermi e ho letto questi preziosi consigli....
grazie di cuore


ho fatto tutto cio' che mi e' stato consigliato e magicamente e' tornato tutto alla normalita'...
fino a che mi sono resa conto che tra i preferiti ci sono 2 siti che si sono aggiunti da soli...ovvero
explorer
winmovieplugin
ho ripetuto il log

Logfile of HijackThis v1.99.1
Scan saved at 0.01.46, on 25/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\instp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\msiconfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alfemminile.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [asdgs] C:\instp.exe
O4 - HKLM\..\RunServices: [Crnsasad] scrnsscd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138271792756
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4719/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ho provato a fare scansione con spybot e ad.awere ma loro sono sempre presenti...
ho anche installato il firewall dopo la pulizia...ma non e' servito a nulla<img src=icon_smile_sad.gif border=0 align=middle>

che posso fare ora???

mony
Torna in alto
 
alfonso
Inviato: Monday, March 27, 2006 4:47:52 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
O4 - HKLM\..\Run: [asdgs] C:\instp.exe
O4 - HKLM\..\RunServices: [Crnsasad] scrnsscd.exe
-
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe
==================================

Con la funzione CERCA di Windows, cerca ed elimina questi file,
==================================
instp.exe
scrnsscd.exe
msiconfig.exe
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus con questi programmi
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1043
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1177

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N

FAI UNA SCANSIONE ANTIVIRUS on line da questo indirizzo
http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym
se vengono rilevati virus FORMATTA E REINSTALLA TUTTO se non vengono trovati virus installa questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=728
Collaboratore Aiutamici
Torna in alto
 
Acthunbaby
Inviato: Monday, March 27, 2006 7:26:55 PM
Rank: Member

Iscritto dal : 3/20/2006
Posts: 0
<img src=icon_smile.gif border=0 align=middle> grazie alfonso
ho fatto le cose che mi hai indicato ed e' tutto ok
tra i preferiti quelle 2 voci sono scomparse
per il momento va tutto bene
questo e' il log dopo la pulizia

ancora grazie di cuore
mony


Logfile of HijackThis v1.99.1
Scan saved at 19.21.58, on 27/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\msiconfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Windows NT\Accessori\wordpad.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alfemminile.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DANILO~2.MON\IMPOST~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138271792756
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4719/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
Torna in alto
 
alfonso
Inviato: Tuesday, March 28, 2006 11:27:04 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Il sistemna é ancora infetto, non hai installato un antivirus e se lo hai fatto non é attivo

Hai fatto la scansione antivirus on line?

FAI UNA SCANSIONE ANTIVIRUS on line da questo indirizzo
http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym
se vengono rilevati virus FORMATTA E REINSTALLA TUTTO se non vengono trovati virus installa questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=728

Collaboratore Aiutamici
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto pc impazzito


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.