Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

eliminazione forzata linkoptimizer ma sintomi rimasti..help

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

eliminazione forzata linkoptimizer ma sintomi rimasti..help

Postdi amera » 01/09/06 17:42

Salve ragazzi! Sono nuovo e spero mi diate una mano!! ;)

Sono stato colpito da link optimizer e company :evil: ..dopo svariate ricerche su internet ho eliminato forzatamente svariati file infetti col tool manuale di nod32! eliminato varie voci sospette con hijackthis, eliminato con MyUninstaller la voce in installazioni applicazioni e usato tutti i possibili antivirus..sembra ke il virus non si rigeneri più..

tuttavia ho ancora alcuni sintomi :evil: :evil: :evil: (connessione adsl e p2p più lenti, pc instabile e errori sull'esaurimento della memoria virtuale!!!)

Quindi chiedo il vostro aiuto! Confido in voi!! ;)
ecco i risultati di hijackthis , gmer rootkit e gmer autostart!!

Aspetto un vostro parere GRAZIE in anticipo!!


Logfile of HijackThis v1.99.0
Scan saved at 18.34.16, on 01/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\Programmi\Pocket USB ADSL Modem\CnxDslTb.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\Programmi\eMule\eMule.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\user\Documenti\Programmi\Antivirus per link optimizer\gmer.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Pocket USB ADSL Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{463AA58E-056C-4B5D-AE06-F5E04636B0C7}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programmi\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: NOD32 Kernel Service - Eset - C:\Programmi\Eset\nod32krn.exe




GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-01 18:36:50
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81B9B808
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 81A23648
Device \Driver\NetBT \Device\NetBT_Tcpip_{21F02614-06F2-4AEB-ADF0-B86E7D4795F6} IRP_MJ_CREATE FF627C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 81B9BEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 81B9BEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 81B9BEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 81B9BEB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 81B9B0E8
Device \Driver\USBSTOR \Device\00000071 IRP_MJ_CREATE FE491EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81AD10E8
Device \Driver\USBSTOR \Device\00000072 IRP_MJ_CREATE FE491EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA FF616EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP FF616EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81AD10E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE FF627C78
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE FF627C78
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 81B9BA40
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_CREATE 81B9BA40
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+5 IRP_MJ_CREATE 81B9BA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP FF6140E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER FF6140E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE FF647940
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE FF647940
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ FF647940
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE FF647940
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION FF647940
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION FF647940
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA FF647940
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 81B9B0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE FF6470E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 81A23648
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE FF5D1B28

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log

---- EOF - GMER 1.0.10 ---




GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-01 18:37:52
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = C:\:dssel.dat

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\system32\CTsvcCDA.EXE
EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NOD32krn /*NOD32 Kernel Service*/@ = "C:\Programmi\Eset\nod32krn.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\system32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Disc DetectorC:\Programmi\Creative\ShareDLL\CtNotify.exe ??? X ? ? ? ? ? C ??? Disc Detector B ??A ? ??A ??? ??B ??@ $?@ ? C ??? U?@ ? ??? @?B ??A ? ??A ? ??B ??@ P $?@ ??? ? k??w @ Q ? ? ? ? ?? ??B ? ? p????? ??B = C:\Programmi\Creative\ShareDLL\CtNotify.exe ??? X ? ? ? ? ? C ??? Disc Detector B ??A ? ??A ??? ??B ??@ $?@ ? C ??? U?@ ? ??? @?B ??A ? ??A ? ??B ??@ P $?@ ??? ? k??w @ Q ? ? ? ? ?? ??B ? ? p????? ??B
@CTStartupC:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE /run :3 ????? x?? ???s$?? ?\?w? ?w???????w???w4 ??? .??w4 4 TA?s4 ??? ?:3 ???wd??w??? ? \?? \?? ? ? $?? ???w-??w\?? \?? ? ? Ho` ??? ???w\?? \?? ???s??? \?? ???s\?? ?:3 A??s?:3 ???w?? = C:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE /run :3 ????? x?? ???s$?? ?\?w? ?w???????w???w4 ??? .??w4 4 TA?s4 ??? ?:3 ???wd??w??? ? \?? \?? ? ? $?? ???w-??w\?? \?? ? ? Ho` ??? ???w\?? \?? ???s??? \?? ???s\?? ?:3 A??s?:3 ???w??
@CnxDslTaskBar"C:\Programmi\Pocket USB ADSL Modem\CnxDslTb.exe" = "C:\Programmi\Pocket USB ADSL Modem\CnxDslTb.exe"
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@BitTorrent = "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/C:\PROGRA~1\TROJAN~1\Trshlex.dll /*file not found*/ = C:\PROGRA~1\TROJAN~1\Trshlex.dll /*file not found*/
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
Trojan Remover@{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll /*file not found*/
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
Trojan Remover@{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll /*file not found*/
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll = C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005@LibraryPath = %SystemRoot%\system32\wshbth.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000035@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

---- EOF - GMER 1.0.10 ----
amera
Newbie
 
Post: 2
Iscritto il: 01/09/06 17:21

Sponsor
 

Postdi Luke57 » 01/09/06 18:11

Ciao, nei log nessun riferimento a linkoptimizer.
Prova questo tool recentissimo, se trova qualcosa, linkato dalla nostra Andorra 24(è un patrimonio comune :) :
http://www.pc-facile.com/forum/viewtopic.php?t=49816
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi amera » 01/09/06 19:11

wow velocissimo!!! :eeh: GRAZIE infinitamente!!!! :) :)

l'ho lanciato e mi ha tolto 4 file affetti da mallcode 1 e 2

ora sembra ke vada tt bene..speriamo!!!
Ancora grazie!!!


P.s. tutta la cartella coi relativi 2mila e passa file di:
C:\WINDOWS\system32\dllcache
è ancora fosforescente dopo una scansione antivirus..ke faccio?
amera
Newbie
 
Post: 2
Iscritto il: 01/09/06 17:21


Torna a Sicurezza e Privacy


Topic correlati a "eliminazione forzata linkoptimizer ma sintomi rimasti..help":


Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti