alfacleaner

[steghi]

mi sono trovato questo programma che mi cambia lo sfondo del desktop e non so cosa altro ....

ho cercato ne forum e ho trovato questo:
http://forum.html.it/forum/showthrea...hreadid=948120

ho seguito le istruzioni (disintallato Alfacleaner e il resto),
ma quando riavvio me lo ritrovo bello istallato !!!

Vi posto il log di Hijackthis dopo aver fatto girare Spybot 1.4

Logfile of HijackThis v1.99.1
Scan saved at 23.16.27, on 16/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SERVICES.EXE
C:\WINDOWS\SERVICES.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.it
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\SERVICES.EXE
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WIND OWS\SERVICES.EXE
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Spy Protector] C:\Programmi\Security Task Manager\SpyProtector.exe/autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SERVICES.EXE] C:\WINDOWS\SERVICES.EXE
O4 - HKLM\..\Run: [CloneCDTray] "I:\Programmi_I\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Barra degli strumenti Microsoft Office.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: P&&PDIE - {0CF176E1-8685-459E-9DAD-CF56A10675A3} - I:\Programmi_I\Popup & Privacy Defender for IE\pdie.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135004977156
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents...1/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C7B6F96-2E12-48CC-99CA-6F0289C402FA}: NameServer = 62.211.69.150,212.48.4.15
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - (no file)
O23 - Service: Controllo esteso sistema (ctless) - Unknown owner - C:\WINDOWS\downlo~1\9fub9qt\s42xrr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[holifay]

Guarda che il link in rilievo ha diverse indicazioni da seguire prima di postare il log

- scaricati CWShredder
- scaricati Ewido. Aggiornalo online.
- disconnettiti da Internet (stampa queste info)
- disabilita il ripristino di configurazione e riavvia in modalità provvisoria
- fai una scansione completa con Ewido ed elimina tutto quello che trova
- usa ora CWShredder
- avvia Hijackthis, premi "Do a system Scan only", metti un flag su queste voci (se ancora esistenti) e premi "Fix"

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\SERVICES.EXE
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WIND OWS\SERVICES.EXE
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SERVICES.EXE] C:\WINDOWS\SERVICES.EXE
O4 - HKLM\..\Run: [lich] lich.exe
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - (no file)
O23 - Service: Controllo esteso sistema (ctless) - Unknown owner - C:\WINDOWS\downlo~1\9fub9qt\s42xrr.exe (file missing)

- abilita la visualizzazione dei file nascosti/sistema
- cancella questi file:

SERVICES.EXE (C:\WINDOWS\)
s42xrr.exe (C:\WINDOWS\downloaded program files\9fub9qt\)

- Zippa il file lich.exe e mandalo a Suspectfile (lo trovi nella mia firma). Tieni solo il file zippato, non l'eseguibile
- cancella il cestino, la cache di IE e le cartelle dei file temporanei
- riavvia e posta un nuovo log

Ciao

[steghi]

grazie,
ci proverò tra 1 settimana quando torno...poi ti dico

[steghi]

ho fatto come mi hai detto, ecco il log...
speriamo sia tutto a posto....gasp

Logfile of HijackThis v1.99.1
Scan saved at 23.55.55, on 01/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stefano\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.it
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Spy Protector] C:\Programmi\Security Task Manager\SpyProtector.exe/autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Barra degli strumenti Microsoft Office.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: P&&PDIE - {0CF176E1-8685-459E-9DAD-CF56A10675A3} - I:\Programmi_I\Popup & Privacy Defender for IE\pdie.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135004977156
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents...1/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C7B6F96-2E12-48CC-99CA-6F0289C402FA}: NameServer = 62.211.69.150,212.48.4.15
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - (no file)
O23 - Service: Controllo esteso sistema (ctless) - Unknown owner - C:\WINDOWS\downlo~1\9fub9qt\s42xrr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[holifay]

Ciao,

devi eliminare con Hijackthis queste voci:

O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - (no file)
O23 - Service: Controllo esteso sistema (ctless) - Unknown owner - C:\WINDOWS\downlo~1\9fub9qt\s42xrr.exe (file missing)

I file sembrano non più esistenti, ma il riferimento a loro è ancora attivo. Apri Hijackthis, seleziona le voci con un segno di spunta e premi fix.

[steghi]

Li ho fixxati con Hijackthis, ma nel lego restano presenti....

(grazie)


Logfile of HijackThis v1.99.1
Scan saved at 15.02.48, on 04/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Real\RealPlayer\RealPlay.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Stefano\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.it
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Spy Protector] C:\Programmi\Security Task Manager\SpyProtector.exe/autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Barra degli strumenti Microsoft Office.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: P&&PDIE - {0CF176E1-8685-459E-9DAD-CF56A10675A3} - I:\Programmi_I\Popup & Privacy Defender for IE\pdie.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135004977156
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents...1/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C7B6F96-2E12-48CC-99CA-6F0289C402FA}: NameServer = 62.211.69.150,212.48.4.15
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - (no file)
O23 - Service: Controllo esteso sistema (ctless) - Unknown owner - C:\WINDOWS\downlo~1\9fub9qt\s42xrr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Habanero]

Avvia il sistema in modalità provvisoria e "fixa" nuovamente quelle voci.

Per concludere una bel windows update non sarebbe male...

[steghi]

ok provo come dici tu....
poi riposto il log.

grazie

[steghi]

fatto..ma è rimasto come prima...le due voci fixxate sono ancora presenti:

Logfile of HijackThis v1.99.1
Scan saved at 18.58.48, on 05/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stefano\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.it
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Spy Protector] C:\Programmi\Security Task Manager\SpyProtector.exe/autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Barra degli strumenti Microsoft Office.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: P&&PDIE - {0CF176E1-8685-459E-9DAD-CF56A10675A3} - I:\Programmi_I\Popup & Privacy Defender for IE\pdie.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135004977156
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents...1/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C7B6F96-2E12-48CC-99CA-6F0289C402FA}: NameServer = 62.211.69.150,212.48.4.15
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - (no file)
O23 - Service: Controllo esteso sistema (ctless) - Unknown owner - C:\WINDOWS\downlo~1\9fub9qt\s42xrr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[holifay]

Scaricati Cwshredder ed utilizzalo, meglio se dalla modalità provvisoria.

Poi se per il servizio non hai ancora risolto prova così:
- apri una finestra del prompt dei comandi
- digita esattamente: sc stop ctless
- poi digita: sc delete ctless