Linkoptimizer quasi eliminato

**robert965** · 23-08-2006, 10:12

Salve a tutti, il 27 luglio mi sono infettato con linkoptimizer, adesso dopo le ferie ho ripulito quasi tutto, spero, ma non tutto infatti varie scansioni mi dicono che il pc è pulito, però se scansiono con RootkitRevealer o gmer, si vede ancora.
Ecco le scansioni appena effettuate

RootkitRevealer:

HKLM\S-1-5-21-507921405-1606980848-682003330-1003\RemoteAccess\InternetProfile 05/07/2004 15.24 19 bytes Data mismatch between Windows API and raw hive data.
S-1-5-21-507921405-1606980848-682003330-1003 01/01/1601 2.00 0 bytes Error dumping hive: Internal error.
HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version 11/05/2005 16.28 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs 27/07/2006 18.35 32 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version 11/05/2005 16.28 0 bytes Key name contains embedded nulls (*)
C:\Avenger\mhmik1.del 05/08/2006 13.07 63.16 KB Hidden from Windows API.
C:\Avenger\mhmik1.dll 05/08/2006 13.07 63.16 KB Hidden from Windows API.
C:\Avenger\mhmik1.upd 05/08/2006 13.07 61.26 KB Hidden from Windows API.

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-23 09:58:41
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.10 ----

SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys AA80216D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys AA801FC2

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x03 0x92 0x4A 0xE5 ...
Reg \Registry\MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version@Version 0x03 0x92 0x4A 0xE5 ...

---- Files - GMER 1.0.10 ----

File C:\Avenger\mhmik1.del
File C:\Avenger\mhmik1.dll
File C:\Avenger\mhmik1.upd
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File F:\System Volume Information\MountPointManagerRemoteDatabase
File F:\System Volume Information\tracking.log

---- EOF - GMER 1.0.10 ----

Discussione: Linkoptimizer quasi eliminato

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Linkoptimizer quasi eliminato

Permessi di invio