MegaLab.it

Ciao a tutti voi di MegaLab,

anche io ho lo stesso problema di trickiness(ma penso che ne abbiano di ben peggiori quelli che si divertono a incasinare la gente per il puro gusto di farlo ): il diabolico bagle blocca anche avenger, oltre a Zone alarm, al nod32 e ad hijack, che però funziona nella versione antibagle scaricata dal vostro sito. Ho fatto subito la scansione kaspersky on line ma non ho la più pallida idea dei file da cancellare...

Alcuni (come not-virus:Hoax.Win32.CardGen.g: oppure not-a-virus:PSWTool.Win32.OEPass.b), penso siano piccoli virus che non dovrebbero far grandi danni e che riuscirei bene ad eliminare con il mio Nod32. Mi incuriosisce però la segnalazione dell'infezione all'exe di emule...

Nella speranza che qualcuno sappia aiutarmi vi ringrazio in anticipo!

ecco il log di kaspersky:

C:\Documents and Settings\All Users\Dati applicazioni\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\Davide\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Davide\Dati applicazioni\Microsoft\Modelli\Normal.dot Object is locked skipped
C:\Documents and Settings\Davide\Dati applicazioni\Microsoft\Word\Salvataggio automatico di Scaletta OnStage.asd Object is locked skipped
C:\Documents and Settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\rd0lyz2b.default\cert8.db Object is locked skipped
C:\Documents and Settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\rd0lyz2b.default\history.dat Object is locked skipped
C:\Documents and Settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\rd0lyz2b.default\key3.db Object is locked skipped
C:\Documents and Settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\rd0lyz2b.default\parent.lock Object is locked skipped
C:\Documents and Settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\rd0lyz2b.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\rd0lyz2b.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Davide\Desktop\AdvPassw\Advanced Rar Password Recovery v1.11\DISTINCT.RAR/setup.exe/WISE0039.BIN Infected: not-a-virus:PSWTool.Win32.OEPass.b skipped
C:\Documents and Settings\Davide\Desktop\AdvPassw\Advanced Rar Password Recovery v1.11\DISTINCT.RAR/setup.exe Infected: not-a-virus:PSWTool.Win32.OEPass.b skipped
C:\Documents and Settings\Davide\Desktop\AdvPassw\Advanced Rar Password Recovery v1.11\DISTINCT.RAR RAR: infected - 2 skipped
C:\Documents and Settings\Davide\Desktop\eMulev0.48a.-MorphXTv10.0-bin\emule\eMule.exe -AutoStart Infected: Trojan-Downloader.Win32.Bagle.hi skipped
C:\Documents and Settings\Davide\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Davide\Impostazioni locali\Cronologia\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped
C:\Documents and Settings\Davide\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Davide\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Davide\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Davide\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Davide\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\File personali\Davide\Programmi - Archivi\Cracking.rar/Cracking/newb.zip/newb5.zip/Card-Tut.zip/cmaster4.zip/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
C:\File personali\Davide\Programmi - Archivi\Cracking.rar/Cracking/newb.zip/newb5.zip/Card-Tut.zip/cmaster4.zip Infected: not-virus:Hoax.Win32.CardGen.g skipped
C:\File personali\Davide\Programmi - Archivi\Cracking.rar/Cracking/newb.zip/newb5.zip/Card-Tut.zip Infected: not-virus:Hoax.Win32.CardGen.g skipped
C:\File personali\Davide\Programmi - Archivi\Cracking.rar/Cracking/newb.zip/newb5.zip/NewBies5.zip/Card-Tut.zip/cmaster4.zip/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
C:\File personali\Davide\Programmi - Archivi\Cracking.rar/Cracking/newb.zip/newb5.zip/NewBies5.zip/Card-Tut.zip/cmaster4.zip Infected: not-virus:Hoax.Win32.CardGen.g skipped
C:\File personali\Davide\Programmi - Archivi\Cracking.rar/Cracking/newb.zip/newb5.zip/NewBies5.zip/Card-Tut.zip Infected: not-virus:Hoax.Win32.CardGen.g skipped
C:\File personali\Davide\Programmi - Archivi\Cracking.rar/Cracking/newb.zip/newb5.zip/NewBies5.zip Infected: not-virus:Hoax.Win32.CardGen.g skipped
C:\File personali\Davide\Programmi - Archivi\Cracking.rar/Cracking/newb.zip/newb5.zip Infected: not-virus:Hoax.Win32.CardGen.g skipped
C:\File personali\Davide\Programmi - Archivi\Cracking.rar/Cracking/newb.zip Infected: not-virus:Hoax.Win32.CardGen.g skipped
C:\File personali\Davide\Programmi - Archivi\Cracking.rar RAR: infected - 9 skipped
C:\File personali\Davide\Programmi - Archivi\Nero 8 Ultra Edition\nero8-fdb.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\File personali\Davide\Programmi - Archivi\Nero 8 Ultra Edition\nero8-fdb.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\File personali\Davide\Programmi - Archivi\Nero 8 Ultra Edition\nero8-fdb.iso/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\File personali\Davide\Programmi - Archivi\Nero 8 Ultra Edition\nero8-fdb.iso ISOimage: infected - 3 skipped
C:\Programmi\ARPR\arpr.exe Infected: not-a-virus:PSWTool.Win32.OEPass.b skipped
C:\Programmi\ESET\infected\FORZADBA.NQF Infected: Trojan.Win32.Agent.aae skipped
C:\Programmi\ESET\infected\N30T4XDA.NQF Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Programmi\ESET\infected\RTLF1LDA.NQF Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Programmi\ESET\infected\VSQD2RBA.NQF Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Programmi\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\a514f3026154c5be0e6900e5f0b39396\sp2gdr\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\a514f3026154c5be0e6900e5f0b39396\sp2qfe\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.


Nella speranza che qualcuno sappia aiutarmi vi ringrazio in anticipo!

P.S. posso cancellare i file anche direttamente da dos, senza entrare per niente in winXP?

poco fa, da quache parte sul forum, ho letto un post di crazy.cat che diceva di versioni di avenger non inibite, fra un attimo lo linko.
edit: eccolo http://www.MegaLab.it/forum/viewtopic.p ... 172#325172

Disabilita il ripristino configurazione di sistema.

Questo è lo script per Avenger:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\WINDOWS\system32\mdelk.exe
3C:\Documents and Settings\Davide\Desktop\eMulev0.48a.-MorphXTv10.0-bin
C:\File personali\Davide\Programmi - Archivi\Cracking.rar

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down
C:\Programmi\ESET\infected

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32

Ora, se tutto è andato a buon fine, dovresti riuscire a reinstallare un valido antivirus.

Grazie della velocità di risposta ! Fatto! ho reinstallato l'antivirus ma non funzia la protezione permanente, dice che "Si è verificato un errore durante la comunicazione al servizio kernel di nod32", mentre posso tranquillamente fare scansioni.
Per di più il Firewall è ancora bloccato...
ti allego il log di avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yyopyidh

*******************

Script file located at: \??\C:\Program Files\ogubvway.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.


File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034



File C:\WINDOWS\system32\mdelk.exe not found!
Deletion of file C:\WINDOWS\system32\mdelk.exe failed!

Could not process line:
C:\WINDOWS\system32\mdelk.exe
Status: 0xc0000034



Error: C:\Documents and Settings\Davide\Desktop\eMulev0.48a.-MorphXTv10.0-bin is a folder, not a file!
Deletion of file C:\Documents and Settings\Davide\Desktop\eMulev0.48a.-MorphXTv10.0-bin failed!

Could not process line:
C:\Documents and Settings\Davide\Desktop\eMulev0.48a.-MorphXTv10.0-bin
Status: 0xc00000ba



File C:\File personali\Davide\Programmi - Archivi\Cracking.rar not found!
Deletion of file C:\File personali\Davide\Programmi - Archivi\Cracking.rar failed!

Could not process line:
C:\File personali\Davide\Programmi - Archivi\Cracking.rar
Status: 0xc0000034



Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Programmi\ESET\infected deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Ah, dopo tanto smanetto...

Ora sono riuscito a far partire l'antivirus(ho semplicemente avviato il servizio kernel che era stranamente disattivato), e dalla scansione con kaspersky non ho più nessun virus. però il mio zone alarm(e anche l'hijack "classico") non parte...: mi dà sempre lo stesso errore, ossia che tanto l'eseguibile quanto il file di uninstall sono applicazioni non valide. Aggiungo, a mo' di cronaca, anche che mentre quando avevo il virus le icone dell'antivirus, del firewall, di hijack e virit lampeggiavano a intermittenza, mentre ora non lo fanno più.

Ho poi disattivato e arrestato il servizio true vector per poter reinstallare zone alarm, ma all'atto della disintallazione mi dice che è ancora in esecuzione. Sono un profano ma vedo dal log di hijack che ci sono sia zlclient sia vsmon..., mentre nel task manager non si vedono.
Vorrei mantenere zone alarm, che mi ha sempre funzionato benissimo, ma non riesco neanche a far partire il servizio true vector .
Ho notato comunque che i file dell'antivirus e di hijack, nonostante non partano perché "sono sempre non validi per win32" sono perfettamente cancellabili...


che posso fare?

allego il log di hijack

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22.20.46, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Davide\Desktop\Nuova cartella\MegaLab_copia_hijack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOff ... ?clid=1040
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programmi\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programmi\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Action Manager 32.lnk = C:\Programmi\ScannerU\AM32.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Salva oggetto con NetXfer - C:\Programmi\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - C:\Programmi\Xi\NetXfer\NXAddList.html
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0385907250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40C35939-D95B-4EE6-8FF8-58437FC5549D}: NameServer = 193.12.150.2 212.247.152.2
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

io eliminerei i "(no file)" ed i "(file missing)". In ogni caso il log è pulito

Problemi nel log non ce ne sono. Prova a rinominare i file incriminati.

Smp ha scritto: mi dà sempre lo stesso errore, ossia che tanto l'eseguibile quanto il file di uninstall sono applicazioni non valide. Aggiungo, a mo' di cronaca, anche che mentre quando avevo il virus le icone dell'antivirus, del firewall, di hijack e virit lampeggiavano a intermittenza, mentre ora non lo fanno più.

Il virus danneggiava gli exe e li rendeva appunto applicazioni non valide, provocando anche quell'effetto di lampeggio, anche se rimuovi il file quei file exe sono da buttare.

Prova stoppare i servizi di zonealarm e poi disinstallalo/reinstallaci sopra zonealarm nella stessa cartella.
http://www.MegaLab.it/2754

Ho arrestato e disabilitato truevector da services.msc e anche zlclient, come indicato nell'articolo, poi ho provato anche a disintallare con la stringa su "esegui" come detto nell'articolo, o anche con altri programmi come myuninstall, ma danno sempre degli errori...Penso sia dovuto al fatto che l'exe di disintallazione di zone alarm è compromesso.
poi ho provato a reinstallare nella stessa cartella un nuovo zone alarm, anche nell'ultima versione, ma mi dice che true vector è in esecuzione, e quindi non mi fa reinstallare. ma non è vero che è in esecuzione!

Ci capite qualcosa? non so, magari c'è un pezzo di zone alarm residuo da qualche parte...

ti servirebbe che qualcuno con zonealarm installato ti passasse i file danneggiati o mancanti.

Tante grazie, ho risolto il problema, siete fantastici!

E' bastato appunto sostituire il file di disintallazione che era stato bloccato con uno nuovo.

Ciao ciao!