Scusate se mi permetto di chiedervi un aiuto... mi sono appena iscritto al forum che consulto spesso da visitatore.
Il mio problema è che sono stato infettato, probabilmente da linkoptimizer (o una sua variate).
Dopo varie navigazioni nei siti sono riuscito ad eliminare parecchie cose ma il problema persiste.
Norton, Panda, AVG, Antivir Guard, Bitdefender... Spybot, Ad-Aware, a-squared, Superantispyware, Antispy di Yahoo... nulla riesce a togliere le schifezze che ancora ho sul computer... sono abbastanza profano sulle eliminazioni manuali e credo di aver fatto solo pasticci fino ad ora.
Lo stesso messaggio di aiuto lo avevo inserito nel forum di linkoptimizer (forse non andava inserito li...)
Allego i log di HijackThis e di GMER sperando in un vostro aiuto.
Grazie!
Logfile of HijackThis v1.99.1
Scan saved at 11.53.57, on 21/09/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Programmi\Siemens I-GATE\Client Manager\CMSIE.EXE
C:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Libero Toolbar - {D3403F23-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Libero Toolbar\LiberoBand.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programmi\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: I-GATE 11M Client Manager.lnk = C:\Programmi\Siemens I-GATE\Client Manager\CMSIE.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://www.uesse.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pest ... stscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3077563194
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://camserv1.beazley.com/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: qtask (qtask.exe) - Unknown owner - C:\WINNT\qtask.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
GMER 1.0.11.11349 - http://www.gmer.net
Rootkit 2006-09-21 11:41:45
Windows 5.0.2195 Service Pack 4
---- System - GMER 1.0.11 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
---- Devices - GMER 1.0.11 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EE1C285A] avgtdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE1C285A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE1C285A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE1C285A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [BD9D82A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [EE1C285A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [BD9D82A0] vsdatant.sys
---- Processes - GMER 1.0.11 ----
Process SERVICES.EXE (*** hidden *** ) [260] 8124B720
Process WINLOGON.EXE (*** hidden *** ) [232] 81260740
Process CSRSS.EXE (*** hidden *** ) [212] 81368020
Process System (*** hidden *** ) [8] 817A97E0
Process stisvc.exe (*** hidden *** ) [732] 8117CAE0
Process avgamsvr.exe (*** hidden *** ) [556] 811B4D60
Process LSASS.EXE (*** hidden *** ) [272] 81249D60
Process vsmon.exe (*** hidden *** ) [856] 81134980
Process zlclient.exe (*** hidden *** ) [1444] 81E89600
Process avguard.exe (*** hidden *** ) [1332] 8113A960
Process spoolsv.exe (*** hidden *** ) [480] 811D3740
Process avgemc.exe (*** hidden *** ) [608] 811A05C0
Process SMSS.EXE (*** hidden *** ) [188] 813A6AE0
Process svchost.exe (*** hidden *** ) [452] 81203BA0
Process avgupsvc.exe (*** hidden *** ) [584] 811A56A0
Process mstask.exe (*** hidden *** ) [696] 81185940
Process svchost.exe (*** hidden *** ) [652] 8118C1A0
Process WinMgmt.exe (*** hidden *** ) [1012] 810FB760
Process svchost.exe (*** hidden *** ) [1024] 810F6B00
Process sched.exe (*** hidden *** ) [348] 810FC3A0
---- Files - GMER 1.0.11 ----
ADS C:\Corel\Draw70\color\cmyk.bmp:Q30lsldxJoudresxAaaqpcawXc
ADS C:\Corel\Draw70\color\cmyk.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Corel\Draw70\color\colrtron.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Corel\Draw70\color\gretag.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Corel\Draw70\color\moncalib.bmp:Q30lsldxJoudresxAaaqpcawXc
ADS C:\Corel\Draw70\color\moncalib.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Corel\Draw70\color\monitor.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Corel\Draw70\color\montemp.bmp:Q30lsldxJoudresxAaaqpcawXc
ADS C:\Corel\Draw70\color\montemp.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Corel\Draw70\color\printer.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Corel\Draw70\color\rgb.bmp:Q30lsldxJoudresxAaaqpcawXc
ADS ...
ADS D:\ANIA\ANIA.ICO:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\Musica e DivX\Folder Settings\Background.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\Musica e DivX\Folder Settings\Background.jpg:Q30lsldxJoudresxAaaqpcawXc
ADS D:\Musica e DivX\Folder Settings\Background.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\Musica e DivX\Folder Settings\mincold.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\Musica e DivX\Folder Settings\minhot.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\Musica e DivX\Folder Settings\pluscold.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\Musica e DivX\Folder Settings\plushot.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\Musica e DivX\Folder Settings\wvleft.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\Musica e DivX\Folder Settings\wvline.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\Musica e DivX\Musica Vecchia\$Ligabue Discografia Completa fino al 2003\Ligabue - 1993 - Sopravvissuti e Sopravviventi\AlbumArtSmall.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS ...
---- EOF - GMER 1.0.11 ----