Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

procedura per eliminare di LinkOptimizer

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

procedura per eliminare di LinkOptimizer

Postdi thethunder » 18/08/06 22:54

Buonasera a tutti.

Potete aiutarmi nell'eliminare Linkoptimizer?

Allego log...

Grazie!

Logfile of HijackThis v1.99.1
Scan saved at 23.52.47, on 18/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WgaTray.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\atiptaxx.exe
C:\Windows\System32\ltmsg.exe
C:\Programmi\Compaq\EAB\EabServr.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Compaq\Hotkey Software\hkss.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/0410/bF8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {00B08267-2202-57FB-A9BB-9C96A53B2EEA} - C:\Windows\ijfaa1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [hkss] C:\Programmi\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5832892701
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Sponsor
 

Postdi thethunder » 19/08/06 04:27

allego anche un log di gmer,Autostart

La scansione su Rootkit mi dice che nessun file è stato modificato..

Vi prego di aiutarmi...sono le 05.25!!!

Grazie! A domani.

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-19 05:07:19
Windows 5.1.2600


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
LogCcz /*LogCcz*/@ = "C:\Programmi\File comuni\System\fek.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATIModeChangeAti2mdxx.exe = Ati2mdxx.exe
@AtiPTAatiptaxx.exe = atiptaxx.exe
@LTWinModem1ltmsg.exe 9 = ltmsg.exe 9
@eabconfg.cplC:\Programmi\Compaq\EAB\EabServr.exe /Start = C:\Programmi\Compaq\EAB\EabServr.exe /Start
@hkssC:\Programmi\Compaq\Hotkey Software\hkss.exe = C:\Programmi\Compaq\Hotkey Software\hkss.exe
@Cpqsetc:\compaq\cpqsetup\cpqset.exe = c:\compaq\cpqsetup\cpqset.exe
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
@ataa1.exeC:\Windows\Temp\ataa1.exe = C:\Windows\Temp\ataa1.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{59850401-6664-101B-B21C-00AA004BA90B} /*Utilità di separazione di Raccoglitore Office.*/C:\Programmi\Microsoft Office\Office\UNBIND.DLL = C:\Programmi\Microsoft Office\Office\UNBIND.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
PowerArchiver@{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = C:\Programmi\PowerArchiver\PASHLEXT.DLL
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
PowerArchiver@{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = C:\Programmi\PowerArchiver\PASHLEXT.DLL
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{00B08267-2202-57FB-A9BB-9C96A53B2EEA}C:\Windows\ijfaa1.dll /*file not found*/ = C:\Windows\ijfaa1.dll /*file not found*/
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.tgsoft.it/ = http://www.tgsoft.it/
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

---- EOF - GMER 1.0.10 ----
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi Luke57 » 19/08/06 10:44

Ciao, prova a fare questa procedura:


Scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

con questo programmino potrai disistallare LinkOptimizer se è sempre presente nel tuo computer (impossibile farlo da pannello di controllo, installazioni/applicazioni)
Apri il programmino (click su myuninst.exe, attendi che vengono elencate le applicazioni presenti, evidenzi Linkoptimizer, click con il dx e scegli Delected;

1)Start>esegui>control userpasswords2 (lo scrivi nello spazio bianco)>OK

Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le consuete Administrators e Utente, Aspnet), tipo XYZFG. Segnati il nome dell'utenza ed eliminala (click con il destro e scegli elimina);

2) Rendi visibili file e cartelle nascosti:

da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK
Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, elimina anch'essa




4) scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\LogCcz HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ataa1.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{00B08267-2202-57FB-A9BB-9C96A53B2EEA}

Files to delete:
C:\Programmi\File comuni\System\fek.exe
C:\Windows\Temp\ataa1.exe
C:\Windows\ijfaa1.dll



Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi thethunder » 19/08/06 19:45

Ciao! Ho un problema: il computer è aziendale per cui al riavvio dopo aver utilizzato Avenger non mi fa scegliere fra amministratore e standard ma va direttamante a standard.

Fortunatamente avevo creato un punto di ripristino per cui adesso sono in modalità amministratore ma il pc ha sempre lo stesso problema.

Come si può risolvere?

Ti posto cmq il log.di Avenger..

Grazie di tutto!


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: {00B08267-2202-57FB-A9BB-9C96A53B2EEA}


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yuasydch

*******************

Script file located at: \??\C:\Windows\System32\waaqobam.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\LogCcz HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ataa1.exe not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\LogCcz HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ataa1.exe failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\LogCcz HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ataa1.exe
Status: 0xc0000034

File C:\Programmi\File comuni\System\fek.exe deleted successfully.
File C:\Windows\Temp\ataa1.exe deleted successfully.


File C:\Windows\ijfaa1.dll not found!
Deletion of file C:\Windows\ijfaa1.dll failed!

Could not process line:
C:\Windows\ijfaa1.dll
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi thethunder » 19/08/06 21:07

cmq il file ataa1.exe non esiste più..

Posso eliminare LinkOptimizer in modalità provvisoria?

Allego log Virit e hijackthis...

Saluti.

Logfile of HijackThis v1.99.1
Scan saved at 21.42.12, on 19/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\WgaTray.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\System32\Ati2evxx.exe
C:\VEXPLITE\viritsvc.exe
C:\Windows\System32\atiptaxx.exe
C:\Windows\System32\ltmsg.exe
C:\Programmi\Compaq\EAB\EabServr.exe
C:\Programmi\Compaq\Hotkey Software\hkss.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\VEXPLITE\MONLITE.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgsoft.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {00B08267-2202-57FB-A9BB-9C96A53B2EEA} - C:\Windows\ijfaa1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [hkss] C:\Programmi\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [ataa1.exe] C:\Windows\Temp\ataa1.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5832892701
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: LogCcz - Unknown owner - C:\Programmi\File comuni\System\aDYdQ.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe



VirIT eXplorer Lite Log

SCANSIONE DELLA MEMORIA
OK
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 00:03:30

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 22877.
Files Totali: 22877.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 00:19:07

[SCANSIONE DEL REGISTRO]
{2a6af021-17a2-4014-8624-cf6015f82fad} Infetto da BHO.Agent.BA
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 1.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 14633.
Files Totali: 14633.
Chiavi Registro rimosse: 1.
Virus Rimossi: 0.

--------------------------------------------------------
19/08/2006 - 00:28:36

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 162.
Files Totali: 162.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

--------------------------------------------------------
19/08/2006 - 00:28:48

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\system32\vmaa.dll Infetto da BHO.Agent.BA
* * * RIMOSSO * * *

[D:]
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 22983.
Files Totali: 22983.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 00:53:31

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 12.
Files Totali: 12.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 00:59:06

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 11:23:19

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 11:55:02

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\Temp\ataa1.exe Possibile variante da TrojanDownld.Win32.TinyBar

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 23710.
Files Totali: 23710.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 18:52:52

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\Temp\ataa1.exe Possibile variante da TrojanDownld.Win32.TinyBar

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 23809.
Files Totali: 23809.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 20:29:08

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 20:35:50

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 13868.
Files Totali: 13868.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

--------------------------------------------------------
19/08/2006 - 20:50:30

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 24160.
Files Totali: 24160.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 21:36:39

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 21:40:54

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 1235.
Files Totali: 1235.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 21:44:51

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 24171.
Files Totali: 24171.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi Luke57 » 19/08/06 21:10

Ciao, prova a guardare nei programmi in avvio da:
start>esegui>msconfig lo scrivi nello spazio)>OK, nella finestra ch si apre scegli Avvio e guardi se c'è qualcosa di riconducibile ad Avenger (file .bat, ecc), se sì togli la spunta>applica>OK e riavvii.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi thethunder » 19/08/06 21:24

fatto...ma non ho potuto eliminare la cartella con l'utenza sospetta...per cui tutto è rimasto come prima...c'è anche linkoptimizer :oops:

Ripeto: posso fare la procedura in modalità provvisoria senza incorrere al riavvio di non poter selezionare l'opzione amminstratore?

Grazie per l'aiuto.
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi thethunder » 19/08/06 21:25

fatto...ma non ho potuto eliminare la cartella con l'utenza sospetta...per cui tutto è rimasto come prima...c'è anche linkoptimizer :oops:

Ripeto: posso fare la procedura in modalità provvisoria senza incorrere al riavvio di non poter selezionare l'opzione amminstratore?

Grazie per l'aiuto.
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi Luke57 » 19/08/06 21:40

[quote="Luke57"]Ciao, prova a fare questa procedura:


Scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

con questo programmino potrai disistallare LinkOptimizer se è sempre presente nel tuo computer (impossibile farlo da pannello di controllo, installazioni/applicazioni)
Apri il programmino (click su myuninst.exe, attendi che vengono elencate le applicazioni presenti, evidenzi Linkoptimizer, click con il dx e scegli Delected;

1)Start>esegui>control userpasswords2 (lo scrivi nello spazio bianco)>OK

Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le consuete Administrators e Utente, Aspnet), tipo XYZFG. Segnati il nome dell'utenza ed eliminala (click con il destro e scegli elimina);

2) Rendi visibili file e cartelle nascosti:

da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK
Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, elimina anch'essa

/quote]
Ciao, le suddette procedure l'hai eseguite?

Lo script di Avenger dà per eliminate voci che si ripetono nel log di hiajckthis. Ah, ora ho capito, probabilmente utilizzando il ripristino hai rimesso le varie infezioni al loro posto.
Così si rischia di andare avanti all'infinito. Elimina l'utenza aggiunta dal malware con la procedura n.1
Posta poi nuovi log di Gmer.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi thethunder » 19/08/06 22:33

Ciao Luke..

Gmer rootkit:"Gmer hasn't found any sistem modification" ma questo risultato me l'ha dato anche stamattina quando ho postato il log.

Ecco gmer Autostart.

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-19 23:25:37
Windows 5.1.2600


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
LogCcz /*LogCcz*/@ = "C:\Programmi\File comuni\System\EpE.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATIModeChangeAti2mdxx.exe = Ati2mdxx.exe
@AtiPTAatiptaxx.exe = atiptaxx.exe
@LTWinModem1ltmsg.exe 9 = ltmsg.exe 9
@eabconfg.cplC:\Programmi\Compaq\EAB\EabServr.exe /Start = C:\Programmi\Compaq\EAB\EabServr.exe /Start
@hkssC:\Programmi\Compaq\Hotkey Software\hkss.exe = C:\Programmi\Compaq\Hotkey Software\hkss.exe
@Cpqsetc:\compaq\cpqsetup\cpqset.exe = c:\compaq\cpqsetup\cpqset.exe
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@ataa1.exeC:\Windows\Temp\ataa1.exe /*file not found*/ = C:\Windows\Temp\ataa1.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{59850401-6664-101B-B21C-00AA004BA90B} /*Utilità di separazione di Raccoglitore Office.*/C:\Programmi\Microsoft Office\Office\UNBIND.DLL = C:\Programmi\Microsoft Office\Office\UNBIND.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
PowerArchiver@{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = C:\Programmi\PowerArchiver\PASHLEXT.DLL
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
PowerArchiver@{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = C:\Programmi\PowerArchiver\PASHLEXT.DLL
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{00B08267-2202-57FB-A9BB-9C96A53B2EEA}C:\Windows\ijfaa1.dll /*file not found*/ = C:\Windows\ijfaa1.dll /*file not found*/
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.tiscali.it/ = http://www.tiscali.it/
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

---- EOF - GMER 1.0.10 ----

Pensi che ce la facciamo? Io credo di si...

Ora provo a riavviare e vedo se l'utenza maligna è sparita..

Saluti
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi thethunder » 19/08/06 23:01

Ciao Luke!

Mi sa che non si può eliminare l'utenza maligna perchè al riavvio si configura come standard e non come amministratore..

AIUTO!!!!!

posso loggarmi come amministratore?

E se si,in che modo?

Saluti
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi thethunder » 19/08/06 23:41

Ciao!
Buone notizie:utenza maligna eliminata!!!

account utente/avanzate/utenti e gruppi locali/ e li ho trovato il maligno che ho eliminato.

Ho riavviato e ho controllato: l'utenza è sparita da account utente e anche la sua cartella...

Ora provo con avenger,al riavvio ti faccio sapere.

CREDERCI SEMPRE...ARRENDERSI MAI!

Saluti! e grazieeeeeeeeeeeeeeeeeee!
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi thethunder » 20/08/06 00:14

Ciao Luke!

Forse ci siamo:linkoptimizer è scomparso da inst/appl.( non è che si ricrea,vero) :lol:

L'utenza sospetta è scomparsa e anche la cartella relativa!

Ti allego i log di hjiackthis(ci sono ancora delle voci..) e quello di avenger.

Aspetto una tua risposta.Definitiva spero!

Grazie di tutto.

Logfile of HijackThis v1.99.1
Scan saved at 1.05.23, on 20/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WgaTray.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\atiptaxx.exe
C:\Windows\System32\ltmsg.exe
C:\Programmi\Compaq\EAB\EabServr.exe
C:\Programmi\Compaq\Hotkey Software\hkss.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [hkss] C:\Programmi\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ataa1.exe] C:\Windows\Temp\ataa1.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5832892701
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ycnbxfso

*******************

Script file located at: \??\C:\Documents and Settings\bswkttdk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Programmi\File comuni\System\fek.exe not found!
Deletion of file C:\Programmi\File comuni\System\fek.exe failed!

Could not process line:
C:\Programmi\File comuni\System\fek.exe
Status: 0xc0000034



File C:\Windows\Temp\ataa1.exe not found!
Deletion of file C:\Windows\Temp\ataa1.exe failed!

Could not process line:
C:\Windows\Temp\ataa1.exe
Status: 0xc0000034



File C:\Windows\ijfaa1.dll not found!
Deletion of file C:\Windows\ijfaa1.dll failed!

Could not process line:
C:\Windows\ijfaa1.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi Luke57 » 20/08/06 11:46

Ciao, con Avenger copia e incolla le seguenti scritte:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\LogCcz
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00B08267-2202-57FB-A9BB-9C96A53B2EEA}

Files to delete:
C:\Programmi\File comuni\System\EpE.exe



Li elimini con la solita procedura.

Con hijackthis, premi “do a system scan only”, cerchi e spunti:
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ataa1.exe] C:\Windows\Temp\ataa1.exe
Premi fix checked.

Fammi sapere se in C:\Programmi\File comuni\System ci sono file .exe con nome casuale di colore verde
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi thethunder » 20/08/06 12:31

Ciao Luke e buon appetito.

Nella cartella File comuni e zeppo di file di colore verde ma c'erano sia prima che dopo il processo con avenger...

Ti allego il log...

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 1813


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bmnpijlt

*******************

Script file located at: \??\C:\Windows\kihlfvve.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\LogCcz deleted successfully.


File C:\Programmi\File comuni\System\EpE.exe not found!
Deletion of file C:\Programmi\File comuni\System\EpE.exe failed!

Could not process line:
C:\Programmi\File comuni\System\EpE.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00B08267-2202-57FB-A9BB-9C96A53B2EEA} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00B08267-2202-57FB-A9BB-9C96A53B2EEA} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ywcouqec

*******************

Script file located at: \??\C:\Documents and Settings\svkvuyee.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\LogCcz not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\LogCcz failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\LogCcz
Status: 0xc0000034



File C:\Programmi\File comuni\System\EpE.exe not found!
Deletion of file C:\Programmi\File comuni\System\EpE.exe failed!

Could not process line:
C:\Programmi\File comuni\System\EpE.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00B08267-2202-57FB-A9BB-9C96A53B2EEA} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00B08267-2202-57FB-A9BB-9C96A53B2EEA} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wxwrrxmx

*******************

Script file located at: \??\C:\Documents and Settings\nqbxcfug.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\LogCcz not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\LogCcz failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\LogCcz
Status: 0xc0000034



File C:\Programmi\File comuni\System\EpE.exe not found!
Deletion of file C:\Programmi\File comuni\System\EpE.exe failed!

Could not process line:
C:\Programmi\File comuni\System\EpE.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00B08267-2202-57FB-A9BB-9C96A53B2EEA} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00B08267-2202-57FB-A9BB-9C96A53B2EEA} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 13.30.46, on 20/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\WgaTray.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\atiptaxx.exe
C:\Windows\System32\ltmsg.exe
C:\Programmi\Compaq\EAB\EabServr.exe
C:\Programmi\Compaq\Hotkey Software\hkss.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [hkss] C:\Programmi\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5832892701
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi Luke57 » 20/08/06 13:38

thethunder ha scritto:Ciao Luke e buon appetito.

Nella cartella File comuni e zeppo di file di colore verde ma c'erano sia prima che dopo il processo con avenger...

Ciao, grazie. fai questo:
start>esegui>cmd (lo digiti nello spazio)>OK
All'apertura del prompt, rispettando gli spazi digiti:
cd C:\programmi\file comuni\system ---- >dai l'invio
dir > c:\files.txt ----> dai l'invio

Apri C:\ dovresti avere il file files.txt, posta il contenuto del file.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi thethunder » 20/08/06 14:14

Ciao! Ecco il file....

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 0000-5EFA

Directory di C:\Programmi\File comuni\System

20/08/2006 00.44 <DIR> .
20/08/2006 00.44 <DIR> ..
19/12/2002 16.53 <DIR> ado
30/08/2001 20.00 176.640 bIMh.exe
30/08/2001 20.00 181.760 bIsLQ.exe
30/08/2001 20.00 76.288 directdb.dll
30/08/2001 20.00 135.680 ebacK.exe
30/08/2001 20.00 150.528 eWd.exe
30/08/2001 20.00 193.024 GFo.exe
30/08/2001 20.00 177.152 GWqp.exe
30/08/2001 20.00 144.384 Hxlew.exe
19/12/2002 16.53 <DIR> msadc
30/08/2001 20.00 88.064 msT.exe
30/08/2001 20.00 191.488 Nta.exe
19/12/2002 16.53 <DIR> Ole DB
30/08/2001 20.00 94.208 psV.exe
30/08/2001 20.00 92.160 QPWRs.exe
30/08/2001 20.00 96.768 ryYk.exe
30/08/2001 20.00 93.696 SCMso.exe
30/08/2001 20.00 112.640 Tqc.exe
30/08/2001 20.00 195.584 TTx.exe
30/08/2001 20.00 120.832 vxh.exe
30/08/2001 20.00 459.776 wab32.dll
30/08/2001 20.00 254.464 wab32res.dll
30/08/2001 20.00 182.272 wDK.exe
30/08/2001 20.00 156.160 wqI.exe
30/08/2001 20.00 171.520 wVPaX.exe
30/08/2001 20.00 114.688 XbsKgy.exe
30/08/2001 20.00 182.784 yMCUP.exe
30/08/2001 20.00 188.928 zDM.exe
25 File 4.031.488 byte
5 Directory 17.301.135.360 byte disponibili

Saluti!
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi Luke57 » 20/08/06 14:31

Ciao, allora per eliminare la miriade di files verdi, ecco la procedura veloce:

Con il solito Avenger copi e incolli:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Files to delete:
C:\Programmi\File comuni\System\bIMh.exe
C:\Programmi\File comuni\System\bIsLQ.exe
C:\Programmi\File comuni\System\ebacK.exe
C:\Programmi\File comuni\System\eWd.exe
C:\Programmi\File comuni\System\GFo.exe
C:\Programmi\File comuni\System\GWqp.exe
C:\Programmi\File comuni\System\Hxlew.exe
C:\Programmi\File comuni\System\msT.exe
C:\Programmi\File comuni\System\Nta.exe
C:\Programmi\File comuni\System\psV.exe
C:\Programmi\File comuni\System\QPWRs.exe
C:\Programmi\File comuni\System\ryYk.exe
C:\Programmi\File comuni\System\SCMso.exe
C:\Programmi\File comuni\System\Tqc.exe
C:\Programmi\File comuni\System\TTx.exe
C:\Programmi\File comuni\System\vxh.exe
C:\Programmi\File comuni\System\wDK.exe
C:\Programmi\File comuni\System\wqI.exe
C:\Programmi\File comuni\System\wVPaX.exe
C:\Programmi\File comuni\System\XbsKgy.exe
C:\Programmi\File comuni\System\yMCUP.exe
C:\Programmi\File comuni\System\zDM.exe


Prosegui con l’eliminazione (ormai sei esperto ;) )
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi thethunder » 20/08/06 15:01

Ciao Luke! siamo alla fine della storia.

I file exe di colore verde sono spariti e se sono diventato esperto è merito tuo. :)

Grazie di tutto e ancora grazie per la tua grande disponibilità.

Allego log.avenger...

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qpmuspqk

*******************

Script file located at: \??\C:\nxxgyjny.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\File comuni\System\bIMh.exe deleted successfully.
File C:\Programmi\File comuni\System\bIsLQ.exe deleted successfully.
File C:\Programmi\File comuni\System\ebacK.exe deleted successfully.
File C:\Programmi\File comuni\System\eWd.exe deleted successfully.
File C:\Programmi\File comuni\System\GFo.exe deleted successfully.
File C:\Programmi\File comuni\System\GWqp.exe deleted successfully.
File C:\Programmi\File comuni\System\Hxlew.exe deleted successfully.
File C:\Programmi\File comuni\System\msT.exe deleted successfully.
File C:\Programmi\File comuni\System\Nta.exe deleted successfully.
File C:\Programmi\File comuni\System\psV.exe deleted successfully.
File C:\Programmi\File comuni\System\QPWRs.exe deleted successfully.
File C:\Programmi\File comuni\System\ryYk.exe deleted successfully.
File C:\Programmi\File comuni\System\SCMso.exe deleted successfully.
File C:\Programmi\File comuni\System\Tqc.exe deleted successfully.
File C:\Programmi\File comuni\System\TTx.exe deleted successfully.
File C:\Programmi\File comuni\System\vxh.exe deleted successfully.
File C:\Programmi\File comuni\System\wDK.exe deleted successfully.
File C:\Programmi\File comuni\System\wqI.exe deleted successfully.
File C:\Programmi\File comuni\System\wVPaX.exe deleted successfully.
File C:\Programmi\File comuni\System\XbsKgy.exe deleted successfully.
File C:\Programmi\File comuni\System\yMCUP.exe deleted successfully.
File C:\Programmi\File comuni\System\zDM.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

Approfitto ancora per un secondo.

Ti posto il log hijackthis di un secondo mio pc..
Puoi darci un'occhiata?

Grazie! E buona domenica...

Logfile of HijackThis v1.99.1
Scan saved at 15.50.54, on 20/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\slmdmsr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft Office\Office\OSA.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\winlogon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Firefox Installer] "C:\Programmi\DivX\Google\Firefox\ffinstaller.exe"
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://truelove-tn.spaces.msn.com//Phot ... nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi Luke57 » 20/08/06 15:15

prego :)
Il log sembra a posto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "procedura per eliminare di LinkOptimizer":


Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti