strane finestre che si aprono da sole... ma perch!?!?!!?

di **Sefi** » 07/11/05 01:20

Mi odierete lo so :cry:

Non lo cancella... ho provato in modalità normale... modalità provvisoria...
Ho anche tentato la carta estrema di far partire il pc in MS-DOS e cancellarlo da lì manualmente... ma niente... dice che è impossibile eliminarlo... :aaah

... poi ho rifatto HiJackThis e adesso ha un altro nome
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\mvn0l95m1.dll :evil:

... posso dargli 'na martellata? Sigh :cry:

di **Sefi** » 07/11/05 01:22

Un mio amico mi ha detto di terminare il processo winlogon.exe dal taskmanager per poi "uccidere" la DLL... ma mi dice che il processo è critico e non me lo fa terminare...
... è tutto il giorno che ci sto dietro... e sto sclerando :undecided:

di **Dylan666** » 07/11/05 13:58

ma il metodo che ti ho scritto col programma nuovo lo hai provato?????

di **Sefi** » 07/11/05 14:05

Sì che l'ho provato... e poi, in preda alla disperazione... ho tentato pure da MSDOS... ma niente

Non me la fa cancellare... dice che è impossibile e bla bla bla

di **Dylan666** » 07/11/05 14:12

E col process Explorere hai capito che processo è a usare la DLL?

di **Sefi** » 07/11/05 14:15

Winlogon.exe (per quello avevo provato dal taskmanager a terminarlo per poi ammazzare la DLL in separata sede :aaah

di **Dylan666** » 07/11/05 14:21

Ma invece del taskmanager hai provato a ucciderlo col Process Explorer?

di **Sefi** » 07/11/05 14:23

Mi spiegheresti come si fa... me 'gnurante... :roll:

di **Dylan666** » 07/11/05 15:02

Te lo avevo già scritto: apri il programma, clicchi sul programma da terminare e premi del (o usi il tasto destro)

di **axelino** » 07/11/05 23:17

non lo fa uccidere

di **Dylan666** » 08/11/05 00:26

Allora non posso che rimandarti qui:
http://www.pc-facile.com/forum/viewtopi ... ht=look2me

Mi piacerebbe però trovare una soluzione più flessibile... se qualcuno sa come terminare la dll. di winlogon facia un fischio

di **Sefi** » 08/11/05 14:38

Dopo tanto cercare e dopo miliardi di tentativi credo d'avercela proprio fatta!!!

Ho trovato questo link http://www.spyany.com/program/article_ad_rm_Look2Me.html che dice come rimuovere manualmente questo cavolo si spyware LOOK2ME... manualmente non me lo faceva fare e allora sono andata sul sito di look2me.com (come dice la pagina)... mi sono segnata la keyword... ho scaricato il programmino... programma che EWIDO mi ha bloccato ma io sono andata avanti... ho inserito la keyword... per un attimo sono scomparse le icone dal desktop e la barra delle applicazioni... e mi ha chiesto di riavviare... ho riavviato... ed è spuntato il messaggio che diceva che l'operazione di WINLOGON.EXE è stata terminata... ho passato HijackThis... ed eccovi il log:

Logfile of HijackThis v1.99.1
Scan saved at 14.30.08, on 08/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\UPSMON\UPSMON.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\UPSMON\UPSMON_Service.Exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programmi\Yahoo!\Messenger\ypager.exe
C:\Programmi\Webroot\Washer\wwDisp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.majandra-italia.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [UPSMON] C:\Programmi\UPSMON\UPSMON.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Window Washer] C:\Programmi\Webroot\Washer\wwDisp.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: UPSMONService - Unknown owner - C:\Programmi\UPSMON\UPSMON_Service.Exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

É scomparsa la riga O20 del WINLOGON... niente più DLL... e per adesso ancora nessuna finestra aperta... credo proprio di aver risolto

... e ringrazio Dylan che si è così prodigato per aiutarmi... graSSie davvero, un baciotto, se posso

di **Dylan666** » 08/11/05 21:38

Grazie a te per la soluzione con l'uninstaller ufficiale:

http://www.look2me.com/cgi-bin/UnInstaller

di **toni84** » 08/11/05 21:50

Sei sicuro che sia quella la soluzione?non credo,quel programma che scarichi è uno spyware/adware,non sono diffamazioni ma è cosi o volendo o nolendo ciao ciao

di **Dylan666** » 08/11/05 23:26

Quello è l'uninstaller dello spyware e il log dimostra che ha funzionato

di **toni84** » 08/11/05 23:31

ma ti sei mai chiesto perchè nessuno lo usa?eppure quel sito compare nella prima pagina di google mettendo il nome di quell'adware,comunque quello è un malware,non ci credi scarica il programma e fai analizzare il file qui http://www.virustotal.com/flash/index_en.html
io già so il risultato,non è un falso positivo

ciao ciao

di **Dylan666** » 08/11/05 23:34

Ok, allora spiegami perché prima a funzionato...

di **axelino** » 08/11/05 23:40

ha funzionato anche con me

di **toni84** » 08/11/05 23:41

ha funzionato ma devi vedere anche gli effetti che può avere e quello che aggiunge,ti dico solo che quello è un sito con cui i malware comunicano per fornire dati,non sono pazzo

se vuoi ti do le prove delle comunicazioni,io sto dicendo una mia impressione,nessuna lo usa appunto perchè non è un programma sicuro :aaah

ciao ciao

di **toni84** » 08/11/05 23:49

7:19: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:19: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:19: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:20: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:20: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:20: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:20: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:20: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:20: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:20: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:20: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:21: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:21: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:21: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:21: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:22: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:22: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:22: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:22: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:22: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:22: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:22: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:22: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:23: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:23: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:23: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:23: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:24: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:24: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:24: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:24: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:24: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:24: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:24: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:24: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:25: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:25: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:25: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:25: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:25: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:25: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:25: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:25: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:26: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:26: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:26: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:26: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:26: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:26: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:26: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:26: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:27: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:27: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:27: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:27: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:28: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:28: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:28: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:28: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:28: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:28: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:28: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:28: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
17:29: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:29: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
17:29: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com

non dirmi che ho scritto tutto io

se vuoi ti do il topic originale

strane finestre che si aprono da sole... ma perch!?!?!!?

Topic correlati a "strane finestre che si aprono da sole... ma perch!?!?!!?":

Chi c’è in linea