
Sono infettoooooo

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Sono infettoooooo

Postdi uncasinomicidiale » 31/12/06 16:11

Premetto che mi sono letto quasi tutti i post per vedere se trovavo la soluzione senza rompere le p... di natale ma non ho sortito nulla se non una grande confusione, veniamo al dunque:

In installazione app. c'è un programma senza dettagli che si chiama "internetknight" se clicco su rimuovi mi si apre ie a questo indirizzo "" dove vi si trova un solo bottone su sfondo viola e dal codice html non si riesce a capire a cosa sia collegato (non ho provato a cliccarci sopra, forse ho fatto male?).

di seguito i log.

Logfile of HijackThis v1.99.1
Scan saved at 15.52.34, on 31/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {34E5E77E-85EC-AE3B-25A1-DD2AA29FE8AB} - C:\WINDOWS\pkece1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F2F2B45-2027-4BC4-84D0-BCF980A25F0A}: NameServer =,
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LoadDLLServ - Unknown owner - C:\Documents and Settings\giuliano\Dati applicazioni\SysServDLL32.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

StartupList report, 31/12/2006, 15.53.59
StartupList version: 1.52.2
Started from : G:\PStart\Programmi\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options

Running processes:

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,


Autorun entries from Registry:

ATIPTA = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
Ptipbmf = rundll32.exe ptipbmf.dll,SetWriteCacheMode
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
HP Software Update = "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
SunJavaUpdateSched = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
HP Component Manager = "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
Zone Labs Client = "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe


Autorun entries from Registry:

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
swg = C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*


Enumerating Browser Helper Objects:

(no name) - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\pkece1.dll (file missing) - {34E5E77E-85EC-AE3B-25A1-DD2AA29FE8AB}
(no name) - c:\programmi\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}


Enumerating Download Program Files:



Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

Autorun entries from Registry:

1 = C:\WINDOWS\service32.exe


End of report, 5.055 bytes
Report generated in 0,078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Roba da matti , il pc in questione non è il mio ma di uno dei tanti amici che mi chiamano quando hanno problemi, qualche giorno fa seguendo il vostro forum ho risolto il problema di mio cognato ma questa volta non ce la faccio da solo e spero che mi possiate aiutare.
Siete veramente troppo forti.

Ps entranbe i pc si sono infettati pur avendo avast aggiornato e zone allarm e entrambe usano alice adsl flat

Bye bye
Utente Junior
Post: 14
Iscritto il: 31/12/06 15:52


Postdi Luke57 » 31/12/06 16:50

Ciao, sembri infetto da linkoptimizer.
Scarica questi due tools:

Tool di rimozione della Symantec: ... 16-4153-99

Eseguili uno alla volta; disattiva il tuo antivirus durante la scansione.

Quello della prevx fa riavviare il computer e al riavvio viene completata la scansione, al termine della quale viene rilasciato un report che trovi in C:\Gromozon_Removal.log.

Poi esegui il tool della symantec (dalla modalità provvisoria; se
non sai come andarci, premi ripetutamente il tasto F8 all'accensione del computer prima che inizi a caricarsi windows; sulla schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e premendo invio).

Anche questo tool rilascia un rapporto della scansione nella cartella dove
hai messo il file (Fixlinkopt.log)

Posta i report delle scansioni dei due tools.
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi uncasinomicidiale » 01/01/07 02:18

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group

C:\System Volume Information\_restore{042889CE-0812-437C-B57B-611C8CB2DA46}\RP298\A0106236.dll: (deleted)

Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 51538
The number of deleted threat files: 1
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 0

The tool initiated a system reboot.

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ALXjR.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\AVm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\bBGiW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\bct.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\bHqSWE.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\BiqfB.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\BKqnW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\bsL.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\BtC.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\CgW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ChMg.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ckaxeL.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\cRoe.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\CSe.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\cTju.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\dmbxk.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\dmhR.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\DNQ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\DUz.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\DxXw.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\edc.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ehqw.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\EJe.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\EpLbZk.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\eRS.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\eWg.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Fgi.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\fgiUur.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\fTO.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\GDq.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\gKk.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\gMv.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\GQR.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\GZWm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\hcGD.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\HkUkVh.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\HTI.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\hul.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\hUzx.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ILZ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\iMge.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\iMQ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ISm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\iWAw.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\iZV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\JaUOL.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\jrK.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\JXi.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\jyW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\KFE.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\KiMO.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\klQ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\KmR.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\kNj.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\KRo.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ksvGF.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\kztgP.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\lDf.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\LIC.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\lKlDY.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\lMa.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Lva.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\lXr.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\lYEXbo.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\mje.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\MjV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\mnaxN.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\MQR.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\mXNKm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\nay.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\NJw.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\nlM.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\nrH.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\NUm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\nVQMnf.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\OAm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\oKW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\oLL.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\oTw.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\oxk.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\pGS.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Pjc.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\PvT.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\PvZ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\QAw.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\qAZdBd.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\QmVJDp.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\qoO.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Qyj.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\qZjY.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\rAbv.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\RdT.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\rOHdb.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\rYDvQ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\SBD.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\SmF.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\tRn.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\TsV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\TuEML.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\tvy.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ueeXp.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\UhpH.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ULFnl.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\VIO.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\vMX.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\vnqG.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\VQBF.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\WcfHRQ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\wFD.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\wjm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\xKqlTD.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\xKU.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\XwH.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\yBn.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ydHyy.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\yWT.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\YyR.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ZCreB.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\zIQ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\zKa.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\znUXZi.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\zOzAyL.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ZQxhBW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\zUi.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\zYa.exe

Trojan.Gromozon Removed!
Utente Junior
Post: 14
Iscritto il: 31/12/06 15:52

Postdi uncasinomicidiale » 01/01/07 11:29

Aggiungo che come prima di aver effetuato le scansioni con i due tools il pc spesso e voletieri tramite una finestra di errore mi dice che il file service.exe (non sono totalamente sicuro di averlo trascritto corretamente) è stato terminato in maniera intattesa da "nt authority system" salvare tutto entro i 60 secondi perche il sistema verra chiuso.
Utente Junior
Post: 14
Iscritto il: 31/12/06 15:52

Postdi uncasinomicidiale » 01/01/07 13:44

e la cartella dal nome inpronunciabile in doc e set non è rimuovibile nemmeno con killbox :diavolo:
Utente Junior
Post: 14
Iscritto il: 31/12/06 15:52


Postdi anitapod » 01/01/07 14:56

ciao conosco questa pagina "" anche io un paio di mesi fa avevo un infezione simile da me si è installato anche un Dialer. Spero che risolvi presto
Utente Junior
Post: 42
Iscritto il: 16/10/06 13:30

Postdi Luke57 » 01/01/07 15:54

Ciao, scarica system scan ... emscan.exe
(disattiva momentaneamente l'antivirus)
spunta tutte le caselle e premi su scan now
Finita la scansione (ci vorrà un pò), salva il file di testo (report) qui:
( è molto lungo, non enterebbe in un post per intero)
per farlo
premi sfoglia, seleziona il file e poi premi "host it"
comparirà un link da cui accedere al file.
Scrivilo sul forum.
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi uncasinomicidiale » 02/01/07 18:47

1145904 report.row
1145914 files.row

Sto valutando la possibilita di andare a vivere in un posto dove il primo computer si trovi ad almeno 10 giorni di cammello!!!!!!
Utente Junior
Post: 14
Iscritto il: 31/12/06 15:52

Postdi Luke57 » 02/01/07 19:28

uncasinomicidiale ha scritto:1145904 report.row
1145914 files.row

Sto valutando la possibilita di andare a vivere in un posto dove il primo computer si trovi ad almeno 10 giorni di cammello!!!!!!

Ciao, nei link di mytempdir metti i file in formato testo, per piacere ;)
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi uncasinomicidiale » 02/01/07 21:28

Volentieri se systemscan me lo salvasse alla fine ma non lo fa.
Al termine della scansione mi dice che il file non esiste e chiede se è necessario crearlo al che io confermo ma non lo crea.
Io ho aperto quello con l'editor di testo e ho visto talmente tanta roba che ho preso paura e lo ho richiuso subito!
Utente Junior
Post: 14
Iscritto il: 31/12/06 15:52

Postdi Luke57 » 03/01/07 08:34

uncasinomicidiale ha scritto:Volentieri se systemscan me lo salvasse alla fine ma non lo fa.
Al termine della scansione mi dice che il file non esiste e chiede se è necessario crearlo al che io confermo ma non lo crea.
Io ho aperto quello con l'editor di testo e ho visto talmente tanta roba che ho preso paura e lo ho richiuso subito!

Ciao, scusa è un semplice file di testo che devi caricare sul sito di mytempdir, è chiaro che c'è tanta roba ma fra l'altro non lo devi nemmeno leggere, lo faccio io per te quindi ....... niente paura ;)
A parte gli scherzi, fai come ti pare.
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi uncasinomicidiale » 03/01/07 20:15

Nessun problema ma ribadisco che quello che ho caricato ora è "report.row" che ho aperto con un editor di testo e salvato come .txt ed è lo stesso che ho caricato in precedenza con id 1145904, forse non avevi letto il post?
Ora il numero id per scaricare il txt è 1147567 non so se possa andare bene ugualmente perche nell'interfaccia del prg in basso sta scritto che il report è savato in c:\suspectfile\ ma in realta in quella cartella vi sono solo due file, "report" e "files" tutti e due .row e nessun zip.
Sbaglio i forse qualche cosa?

Bye e grazie della pazienza.
Utente Junior
Post: 14
Iscritto il: 31/12/06 15:52

Postdi Luke57 » 04/01/07 10:46

Ciao, nessun sbaglio da parte tua, ti metto questo link:
trovi un file con le procedure da fare per le operazioni di pulizia.
Ci risentiamo
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi uncasinomicidiale » 04/01/07 19:19

Logfile of The Avenger version 1, by Swandog46
Running from registry key:


Script file located at: \??\C:\Program Files\pggpkdlt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger


Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\LogQpx deleted successfully.

Registry key HKEY_LOCAL_MACHINE\system\controlset001\services\LogQpx not found!
Deletion of registry key HKEY_LOCAL_MACHINE\system\controlset001\services\LogQpx failed!

Could not process line:
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\system\controlset003\services\LogQpx deleted successfully.
Folder C:\documents and settings\YpSUkHpEycr deleted successfully.
File C:\Programmi\File comuni\Microsoft Shared\AYE.exe deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR10.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR11.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR12.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR13.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR14.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR15.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR16.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR17.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR18.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR19.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1A.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1B.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1C.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1D.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1E.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1F.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR20.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR21.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR22.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR23.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR24.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR25.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR26.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR27.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR28.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR29.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2A.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2B.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2C.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2D.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2E.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2F.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR30.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR31.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR32.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR33.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR34.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR35.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR36.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR37.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR38.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR39.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3A.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3B.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3C.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3D.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3E.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3F.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR40.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR41.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR42.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR43.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR44.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR45.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR46.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR47.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR48.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR49.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4A.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4B.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4C.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4D.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4E.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4F.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR50.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR51.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR52.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR53.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR54.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR55.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR56.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR57.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR58.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR59.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5A.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5B.tmp deleted successfully.

Could not open file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5C.tmp C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5D.tmp for deletion
Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5C.tmp C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5D.tmp failed!

Could not process line:
C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5C.tmp C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5D.tmp
Status: 0xc0000033

File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5E.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5F.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR60.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR61.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR62.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR63.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR64.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR65.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR66.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR67.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR68.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR69.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6A.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6B.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6C.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6D.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6E.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6F.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR70.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR71.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR72.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR73.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR74.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR75.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR76.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR77.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR78.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR79.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7A.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7B.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7C.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7D.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7E.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR8.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR9.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRA.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRB.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRC.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRD.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRE.tmp deleted successfully.
File C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRF.tmp deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList|YpSUkHpEycr deleted successfully.

Completed script processing.


Finished! Terminate.
Utente Junior
Post: 14
Iscritto il: 31/12/06 15:52

Postdi Luke57 » 04/01/07 19:33

Ciao, OK! Posta nuovo log di hijackthis per controllo.
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi uncasinomicidiale » 04/01/07 20:38

Logfile of HijackThis v1.99.1
Scan saved at 20.43.21, on 04/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {34E5E77E-85EC-AE3B-25A1-DD2AA29FE8AB} - C:\WINDOWS\pkece1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F2F2B45-2027-4BC4-84D0-BCF980A25F0A}: NameServer =,
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LoadDLLServ - Unknown owner - C:\Documents and Settings\giuliano\Dati applicazioni\SysServDLL32.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Utente Junior
Post: 14
Iscritto il: 31/12/06 15:52

Postdi Luke57 » 04/01/07 21:19

Ciao, con hiajckthis, premi " do a system scan only", cerca e spunta:
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {34E5E77E-85EC-AE3B-25A1-DD2AA29FE8AB} - C:\WINDOWS\pkece1.dll (file missing)
O23 - Service: LoadDLLServ - Unknown owner - C:\Documents and Settings\giuliano\Dati applicazioni\SysServDLL32.exe (file missing)

premi fix checked.

Per ulteriore sicurezza, riavvii Avenger, con le modalità note, inserendo questo script:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E5E77E-85EC-AE3B-25A1-DD2AA29FE8AB}

files to delete:
C:\Documents and Settings\giuliano\Dati applicazioni\SysServDLL32.exe
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi uncasinomicidiale » 04/01/07 22:28

Logfile of The Avenger version 1, by Swandog46
Running from registry key:


Script file located at: \??\C:\Program Files\qwrxnysi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger


Beginning to process script file:

File C:\Documents and Settings\giuliano\Dati applicazioni\SysServDLL32.exe not found!
Deletion of file C:\Documents and Settings\giuliano\Dati applicazioni\SysServDLL32.exe failed!

Could not process line:
C:\Documents and Settings\giuliano\Dati applicazioni\SysServDLL32.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E5E77E-85EC-AE3B-25A1-DD2AA29FE8AB} deleted successfully.

Completed script processing.


Finished! Terminate.

Ps Ti ho inviato un messagio privato
Utente Junior
Post: 14
Iscritto il: 31/12/06 15:52

Postdi uncasinomicidiale » 04/01/07 23:12

Dimenticavo, riguardo al programma internetknigt che continua a figurare in inst. app. e che non riporta nessuna specifica il cui tasto di disinstallazione apre explorer alla pagina "" dove vi si trova un solo bottone su sfondo viola e dal codice html non si riesce a capire a cosa sia collegato, come mi conporto????
Utente Junior
Post: 14
Iscritto il: 31/12/06 15:52

Postdi Luke57 » 05/01/07 08:09

uncasinomicidiale ha scritto:Dimenticavo, riguardo al programma internetknigt che continua a figurare in inst. app. e che non riporta nessuna specifica il cui tasto di disinstallazione apre explorer alla pagina "" dove vi si trova un solo bottone su sfondo viola e dal codice html non si riesce a capire a cosa sia collegato, come mi conporto????

Ciao, va eliminata. Apri hijackthis, premi "open the misc tools section", "open process install manager", cerchi le seguenti applicazioni:
-Power Verify

la evidenzi e premi il tasto "delete this entry".
Post: 6413
Iscritto il: 11/08/05 19:10

Torna a Sicurezza e Privacy

Topic correlati a "Sono infettoooooo":

Chi c’è in linea

Visitano il forum: Nessuno e 55 ospiti