Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

richiesta aiuto per connection optimizer

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

richiesta aiuto per connection optimizer

Postdi jos235 » 11/11/07 20:09

Salve a tutti,
da qualche tempo il mio computer non si connette più ad alcuni siti internet.Dopo aver fatto scansioni con tutti i programmi possibili immaginabili ho scoperto di avere il link optimizator....
-su installazione applicazioni compare una voce Connection Optimizer;
-nella cartella Documents and Settings si era creato un nome utente ZjmhCGK, che ho cancellato;
-tra i servizi ce n'era uno che appariva associato a questo nome utente: bene ho cancellato anche il file .exe a cui questo servizio faceva riferimento;

Dopo aver fatto questo però il problema rimane e su installazione applicazioni permane la voce Connection Optimizer. Ho provato con la tool Gromozon removal ma mi dice che il rootkit gromozon non è presente nel computer. Vir-it ha rimosso tre chiavi di registro infette, ma non rileva link optimizer.
A questo punto sono ad un passo dal resettaggio del computer, spero che qualche anima pia mi possa esser d'aiuto. Posto i logs di Gmer e Hijackthis:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-11 19:00:05
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.13 ----

.text c:\programmi\mcafee.com\agent\mcagent.exe[452] WS2_32.dll!connect 71A3406A 5 Bytes JMP 01063E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Programmi\McAfee.com\VSO\mcvsshld.exe[460] WS2_32.dll!connect 71A3406A 5 Bytes JMP 01183E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Programmi\McAfee.com\VSO\oasclnt.exe[520] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00D53E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\Explorer.EXE[728] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[996] WS2_32.dll!connect 71A3406A 5 Bytes JMP 01C73E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text ...
.text C:\Programmi\Internet Explorer\iexplore.exe[2588] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF2C1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2588] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4379030F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2588] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 43790290 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2588] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 437902D4 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2588] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4379021C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2588] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 43790256 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2588] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 4379034A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2588] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 43621676 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2588] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Documents and Settings\Manuel\Desktop\LinkOptimizer\gmer.exe[4064] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F6516930] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F6516930] naiavf5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F84DB4EA] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F84DB4EA] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F84DB4EA] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F84DB4EA] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F84D729C] MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [804FB8DE] ntoskrnl.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [804FB8DE] ntoskrnl.exe

---- EOF - GMER 1.0.13 ----

GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-11-11 19:01:20
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\SYSTEM32\Userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
McDetect.exe /*McAfee WSC Integration*/@ = c:\programmi\mcafee.com\agent\mcdetect.exe
McShield /*McAfee.com McShield*/@ = c:\PROGRA~1\mcafee.com\vso\mcshield.exe
McTskshd.exe /*McAfee Task Scheduler*/@ = c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
MpfService /*McAfee Personal Firewall Service*/@ = C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
WinDefend /*Windows Defender*/@ = "C:\Programmi\Windows Defender\MsMpEng.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NeroCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SunJavaUpdateSchedC:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe = C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
@AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar
@Windows Defender"C:\Programmi\Windows Defender\MSASCui.exe" -hide = "C:\Programmi\Windows Defender\MSASCui.exe" -hide
@MMTrayMMTray.exe /*file not found*/ = MMTray.exe /*file not found*/
@MGA_CD_InstallE:\mgasetup.exe /No_Welcome /Lang:Italiano /*file not found*/ = E:\mgasetup.exe /No_Welcome /Lang:Italiano /*file not found*/
@VSOCheckTask"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask = "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
@VirusScan OnlineC:\Programmi\McAfee.com\VSO\mcvsshld.exe = C:\Programmi\McAfee.com\VSO\mcvsshld.exe
@OASClntC:\Programmi\McAfee.com\VSO\oasclnt.exe = C:\Programmi\McAfee.com\VSO\oasclnt.exe
@MCAgentExec:\PROGRA~1\mcafee.com\agent\mcagent.exe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
@MCUpdateExec:\PROGRA~1\mcafee.com\agent\mcupdate.exe = c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
@MPFExeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ >>>
SharedTaskScheduler@{C569B8DA-D929-4c57-9ADD-C071C13C1FAD} =
ShellExecuteHooks@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = C:\PROGRA~1\WINDOW~4\MpShHook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*AutoCAD Digital Signatures Icon Overlay Handler*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CFC7205E-2792-4378-9591-3879CC6C9022} = c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{CFC7205E-2792-4378-9591-3879CC6C9022} = c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\ssmypics.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
AutoCAD Startup Accelerator.lnk = AutoCAD Startup Accelerator.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.13 ----

Logfile of HijackThis v1.99.1
Scan saved at 19.06.54, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\McAfee.com\VSO\mcvsshld.exe
c:\programmi\mcafee.com\agent\mcagent.exe
C:\Programmi\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Manuel\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MGA_CD_Install] E:\mgasetup.exe /No_Welcome /Lang:Italiano
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2741821960
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camsasso.dyndns.org/activex/AMC.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

Grazie anticipate a chi vorrà aiutarmi
jos235
Utente Junior
 
Post: 52
Iscritto il: 11/11/07 19:12

Sponsor
 

Postdi Luke57 » 12/11/07 08:46

Ciao,non è la prima volta che i tools non rleano niente e, invece, l'infezione è presente nel computer.
Ciao, scarica systemscan (strumento di diagnosi, creato per la rilevazione del linkoptimizer, ma utile per ognoi tipo d'infezione):
http://www.suspectfile.com/systemscan
estrailo sul desktop, applcazioni e programmi chiusi, avvialo, metti la spunta a tutte le voci e premi "Scan". Al termine della scansione sarà rilasciato un log che troverai in C:\suspectfile -un file con estensione .zip (data+ora+.zip)
E' troppo lungo per inserirlo in un post, quindi vai su http://www.easy-share.com e carica lì il file.
Poi inserisci in un nuovo post il link per scaricarlo (solo quello per scaricarlo, non quello per eliminarlo dal sito di hosting)

Nel caso che systemscan non si avviasse per la mancanza di alcuni privilegi (il SeDebugPrivilege) scarica anche questo tool

http://download.bleepingcomputer.com/sU ... estore.exe

e usalo. Poi riavvia il pc, dopo di che systemscan dovrebbe funzionare.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi jos235 » 12/11/07 21:12

Ciao Luke57,
innanzitutto grazie per aver risposto al mio messaggio. Ho dovuto scaricare systemscan da un altro computer perché il mio non accede al sito suspectfile.com (sicuramente a causa del virus), comunque ecco qui il report della scansione: http://w14.easy-share.com/10021031.html
Come devo prcedere ora?
resto in attesa ciao
jos235
Utente Junior
 
Post: 52
Iscritto il: 11/11/07 19:12

Postdi Luke57 » 12/11/07 21:59

Ciao, ho trovato solo residui del malware.
iao, scarica The Avenger
http://swandog46.geekstogo.com/avenger.zip
lo salvi in una cartella, scompatti il file .zip. individua avenger.exe, lo avvii.

Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:


Files to delete:
C:\WINDOWS\system32\d3d9caps.dat


folders to delete:
C:\documents and settings\ZjmhCGK
C:\WINDOWS\temp
C:\DOCUME~1\Manuel\IMPOST~1\Temp

registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList | ZjmhCGK

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6835C7C6-9D3D-0D95-1033-B6ADA8948DE0}



Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e allega il file C:\Avenger.txt

L'ho inserite nello script di avenger per il registro, comunque:
Apri hijackthis, premi "open the misc tools section", "open uninstall manager", se individui
connection optimizer
lo evidenzi e premi "delete this entry".

da star>esegui> control userpasswords2 (lo digiti nello spazio)>OK
nella finestra se tra gli utenti trovi:
ZjmhCGK
la evidenzi e la rimuovi.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi jos235 » 12/11/07 23:19

ecco qua il log di avenger:
Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\d3d9caps.dat deleted successfully.


Error: C:\documents and settings\ZjmhCGK is not a folder! It may instead be a file.
Deletion of folder C:\documents and settings\ZjmhCGK failed!

Could not process line:
C:\documents and settings\ZjmhCGK
Status: 0xc0000103

Folder C:\WINDOWS\temp deleted successfully.
Folder C:\DOCUME~1\Manuel\IMPOST~1\Temp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList|ZjmhCGK deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6835C7C6-9D3D-0D95-1033-B6ADA8948DE0} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

La voce: Deletion of folder C:\documents and settings\ZjmhCGK failed! dipende dal fatto che avevo già individuato e rimosso questa cartella manualmente (vedi mio primo topic).
Controllo con Hijackthis: la voce connection optimizer non è più presente;
controllo con control userpassword2: l'utente ZjmhCGK non è tra quelli elencati.
Ho provato a controllare i siti ai quali non riesco a collegarmi e purtroppo il problema ancora persiste.
jos235
Utente Junior
 
Post: 52
Iscritto il: 11/11/07 19:12

Postdi Luke57 » 13/11/07 08:54

Ciao, quali sono i siti che non riesci a raggiungere?
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi jos235 » 13/11/07 09:16

Ciao,
ad esempio http:\\www.suspectfile.com...
ma anche molti altri: meteogiornale.it, mulatero.it... a te si dovrebbero aprire tranquillamente. MI appare la schermata impossibile visualizzare la pagina, ma alcuni si reindirizzano anche a siti porno. :eeh:
Il problema si manifesta anche con altri browsers: ho provato explorer, mozilla, netscape e k-9. Anche cambiare connessione non serve a nulla
(adsl o 56k non fa differenza). Dai sintomi ho pensato fosse il Link Optimizer ma a questo punto non vorrei ci fosse un altro malware; Dai log postati in precedenza non hai notato se ci può essere qualcos'altro? Il Link Optimizer dovremmo averlo rimosso no? :neutral:
jos235
Utente Junior
 
Post: 52
Iscritto il: 11/11/07 19:12

Postdi Luke57 » 13/11/07 09:42

Ciao, o non ho scorto nientaltro, ma mi potrei tranquillamente sbagliare, prova una scansione on line:
http://www.kaspersky.com/service?chapter=161739400
1.Clicca su Kaspersky Online Scanner
2.Scarica un componente ActiveX da Kaspersky, Clicca su "Yes."
3.Attendi la fine del download
4.Clicca su "Next"
5.Clicca su "Scan Settings"
6.Assicurati che siano spuntate le seguenti voci
Scan using the following Anti-Virus database:
Extended
spunta le voci di "Scan options"
Scan Archives
Scan Mail Bases
7.Clicca su "OK"
8.Scegli "My computer"
Attendi la fine della scansione, se viene rilevato qualcosa salva il rapporto cliccando su "Save as Text"

Salva il report e postalo
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi jos235 » 13/11/07 19:30

Ecco il report:

KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 13, 2007 7:23:27 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/11/2007
Kaspersky Anti-Virus database records: 457521
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
O:\

Scan Statistics:
Total number of scanned objects: 94326
Number of viruses found: 1
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 03:30:01

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Dati applicazioni\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\04d4028244dd2f1e33606854ade1e4b7_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\1dae81356c52c9985255e9137f195f44_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\2549592f1eba7d69073d8665f12b0332_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\3220ae7f4b3b556e162981e1ddf04aea_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\41b6ddd8b60bf5df5c2649e25f8596d7_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\5007b23a4777aed77a5d9ef82bf6ffd6_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\528a749ae04b7bad4844f66cd2fc97fb_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\87319658cc16abd2626df0ed4f94b23f_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\a295fd78189970d6401f93b4d35d1b8e_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\a7e75992ef8bcd5be646c999e8f9b0a7_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\ae19afa743e8e0c17d8bf04f374c7cea_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\dfcd4ac9b7f2b4ff1635bd52abbe7f97_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\f2bba00b4103a4aede3571e20db151db_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\f5c855ea668379c2395469b46ef25226_c2241854-6b10-4958-8e2f-9b71aebaa967 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Support\MPLog-11052006-202950.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Manuel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Manuel\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Manuel\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Manuel\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Manuel\Impostazioni locali\Dati applicazioni\Microsoft\Windows Defender\FileTracker\{1C569F83-7E29-4373-895C-A413A4A8F5E1} Object is locked skipped
C:\Documents and Settings\Manuel\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Manuel\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Manuel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Manuel\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Manuel2\Desktop\Nuova cartella\415.bmp Object is locked skipped
C:\Documents and Settings\Manuel2\Desktop\Nuova cartella\429.bmp Object is locked skipped
C:\Documents and Settings\Manuel2\Desktop\Nuova cartella\444.bmp Object is locked skipped
C:\Documents and Settings\Manuel2\Desktop\Nuova cartella\Thumbs.db Object is locked skipped
C:\Documents and Settings\Manuel2\Documenti\Doc\Programmi downl\AGSetup0609.exe/trickler3202_bic_audiogalaxydt.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Documents and Settings\Manuel2\Documenti\Doc\Programmi downl\AGSetup0609.exe/fsg-ag.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Documents and Settings\Manuel2\Documenti\Doc\Programmi downl\AGSetup0609.exe Vise: infected - 2 skipped
C:\Documents and Settings\Manuel2\Documenti\Doc\Programmi downl\DivXPro503GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Documents and Settings\Manuel2\Documenti\Doc\Programmi downl\DivXPro503GAINBundle.exe Vise: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-1715567821-113007714-1060284298-500\Dc1.exe Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
jos235
Utente Junior
 
Post: 52
Iscritto il: 11/11/07 19:12

Postdi Luke57 » 13/11/07 20:00

Ciao, elimina manualmente i 5 files indicati infetti dallo scan, poi Ciao, scarica superantispyware ed.free da qui:
http://downloads2.superantispyware.com/ ... pyware.exe
lo installi, lo aggiorni alle ultime definizioni (check for updates).

Fai una scansione completa del sistema.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi jos235 » 13/11/07 22:45

Ciao , luke57 ho fatto la scansione con superantispyware, ha eliminato un pò di robetta, ma i problemi non sono scomparsi. Comunque ecco il report della scansione (naturalmente ho eliminato poi i files infetti): http://w14.easy-share.com/10119341.html
Sembra proprio un rompicapo irrisolvibile!!! :(
Mi sa che sarò costretto a reinstallare il sistema :cry:
jos235
Utente Junior
 
Post: 52
Iscritto il: 11/11/07 19:12


Torna a Sicurezza e Privacy


Topic correlati a "richiesta aiuto per connection optimizer":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti