si aprono migliaia di pagine I. Explorer

[ulan]

Praticamente navigando su internet avrò preso qualche virus.
Mi è comparso sul desktop una icona di collegamento a forma di blocco note di nome "Pleasure zone".
Quando apro il blocco notes di windows mi parte Inetrnet explorer con un indirizzo impostato da qualcosa "www.casinopalazzo etc..".
Se tendo di chiudere la pagina incominciano ad aprirsi migliaia di nuove pagine fino ad intasare tutta la memoria e quindi devo riavviare il computer.

Ho provato a buttare nel cestino quell'icona che mi compare sul desktop ma ad ogni riavvio ricompare.

Please

[amvinfe]

In Rilievo -links utili- scaricati CWShredder, HijackThis e AdAware SE aggiorna le definizioni (di AdAware) e lancia una scansione dalla modalità provvisoria, elimina tutto quello che di dannoso ti ha trovato. Poi apri CWShredder e cilcca su Fix.
Riavvia il pc in modalità normale apri HijackThis fai uno scan e posta qui il log.

[ulan]

Appena scaricato ADAWARE SE ha iniziato da solo a fare una scansione e ha trovato una lista interminabile di chissà che cosa.
Come faccio a capire cosa devo eliminare e per la precisione come si fa ad eliminare? Devo cliccare su quarantena? Devo mettere il segno di spunta su quello che devo eliminare?
Scusate ma sono una chiavica del settore

[amvinfe]

metti la spunta al fianco del valore o dei valori da rimuovere, clicchi next e poi su OK.
Riavvii e fai una nuova scansione.

[ulan]

ma mi ha trovato 876 righe.
Le cancello tutte?

[amvinfe]

sì, se si riferiscono a valori infetti

[ulan]

spero di aver fatto bene.
Ecco il log:

Logfile of HijackThis v1.98.2
Scan saved at 14.19.32, on 11/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAMMI\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAMMI\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAMMI\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMMI\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\APPLICATION DATA\UOCA.EXE
C:\WINDOWS\SYSTEM\DHJXDGSL.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\SYSTEM\NDRV.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Creative Launcher] C:\Programmi\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QTSvc] C:\WINDOWS\shman.exe /i
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Lewt] C:\WINDOWS\Application Data\uoca.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Programmi\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [Sjs] C:\WINDOWS\SYSTEM\dhjxdgsl.exe
O4 - Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installfromtheweb.com/install/iftwclix.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://antivirus.interfree.it/xscan52.cab
O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} - http://econnect.libereco.net/econnect.cab
O16 - DPF: {FFFF0049-0001-101A-A3C9-08002B2F49FB} - http://66.240.179.128/73a26235.exe
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD LT 2000i Ita\AcPreview.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD LT 2000i Ita\AcDcToday.ocx
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred Control) - file://C:\Programmi\AutoCAD LT 2000i Ita\InstFred.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Damage Cleanup Server Control) - http://213.158.72.33/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = clubnet.tin.it
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.216.112.222,212.216.172.162

[amvinfe]

riavvia in modalità provvisoria, apri HJT fai lo scan metti la spunta al fianco dei valori, clicca si Fix checked

O4 - HKLM\..\Run: [QTSvc] C:\WINDOWS\shman.exe /i
O4 - HKCU\..\Run: [ClockSync] "C:\Programmi\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [Sjs] C:\WINDOWS\SYSTEM\dhjxdgsl.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installfromtheweb.com/install/iftwclix.cab
O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} - http://econnect.libereco.net/econnect.cab
O16 - DPF: {FFFF0049-0001-101A-A3C9-08002B2F49FB} - http://66.240.179.128/73a26235.exe


sempre dalla provvisoria cerca ed elimina, se presenti

C:\WINDOWS\shman.exe <== il file
C:\Programmi\ClockSync \Sync.exe <== la cartella
C:\WINDOWS\SYSTEM\dhjxdgsl.exe<== il file


Riavvia e posta un log di HJT

[ulan]

Ecco la nuova scansione


Logfile of HijackThis v1.98.2
Scan saved at 22.39.02, on 23/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAMMI\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAMMI\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\SYSTEM\GOLUMM\SERVICES.EXE
C:\WINDOWS\SYSTEM\VEHXBI.EXE
C:\WINDOWS\APPLICATION DATA\UOCA.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\SYSTEM\NDRV.DLL (file missing)
O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\SYSTEM\MDTLIF~1.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Creative Launcher] C:\Programmi\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [golumm] C:\WINDOWS\SYSTEM\golumm\services.exe
O4 - HKLM\..\Run: [vsaaye] C:\WINDOWS\SYSTEM\vehxbi.exe
O4 - HKLM\..\Run: [sais] c:\programmi\180solutions\sais.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Lewt] C:\WINDOWS\Application Data\uoca.exe
O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\SYSTEM\golumm\services.exe
O4 - Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://antivirus.interfree.it/xscan52.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD LT 2000i Ita\AcPreview.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD LT 2000i Ita\AcDcToday.ocx
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred Control) - file://C:\Programmi\AutoCAD LT 2000i Ita\InstFred.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Damage Cleanup Server Control) - http://213.158.72.33/housecall/xscan53.cab
O16 - DPF: v2cab - http://10043.searchmiracle.com/cab/v2cab.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = clubnet.tin.it
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.216.112.222,212.216.172.162

[amvinfe]

dalla mod. provvisoria elimina

R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\SYSTEM\NDRV.DLL (file missing)
O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\SYSTEM\MDTLIF~1.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [golumm] C:\WINDOWS\SYSTEM\golumm\services.exe
O4 - HKLM\..\Run: [vsaaye] C:\WINDOWS\SYSTEM\vehxbi.exe
O4 - HKLM\..\Run: [sais] c:\programmi\180solutions\sais.exe
O4 - HKCU\..\Run: [Lewt] C:\WINDOWS\Application Data\uoca.exe
O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\SYSTEM\golumm\services.exe
O16 - DPF: v2cab - http://10043.searchmiracle.com/cab/v2cab.cab

sempre dalla provvisoria elimina se presenti

C:\WINDOWS\LOCALNRD.DLL <== il file
C:\WINDOWS\SYSTEM\golumm \services.exe <== la cartella
C:\WINDOWS\SYSTEM\vehxbi.exe <== il file
c:\programmi\180solutions \sais.exe <== la cartella
C:\WINDOWS\Application Data\uoca.exe <== il file

Riavvia, fai una scansione con l'antivirus aggiornato.
Aggiorna IE al SP1

Posta un nuovo log