Probabilmente è ancora linkoptimizer

[grugra82]

Non riesco ad eliminare il problema...

Logfile of HijackThis v1.99.1
Scan saved at 22.06.09, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\kpsf.exe
C:\WINDOWS\system32\icqchk.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\Temp\llot1.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT 2.EXE
C:\Programmi\eMule\emule.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
c:\programmi\softwin\bitdefender8\bdmcon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {1E49D091-DC32-F9F1-948D-00A28302BE2E} - C:\WINDOWS\wlejt1.dll (file missing)
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [runapp] C:\WINDOWS\system32\icqchk.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.ex e"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [llot1.exe] C:\WINDOWS\Temp\llot1.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://niemandsperren.spaces.msn.com...d/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9D80810C-F6C8-45FA-ABAE-3B614F840EB2} - http://uv97vqm3.com/64ebcd73/50310/1/xp/FullMoney.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F31E05CC-7EFA-4CF8-BFF0-021465BCD264}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: ICQ Update Service (ICQUPD) - Unknown owner - C:\WINDOWS\system32\kpsf.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[holifay]

scarica e prova a far giraer questo: http://pcalsicuro.phpsoft.it/FixGrom.exe

[grugra82]

Non va il link ... non riesco a scaricarlo ?!?

[amvinfe]

Originariamente inviato da grugra82
Non va il link ... non riesco a scaricarlo ?!?

hai un pvt

[grugra82]

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Temp\llot1.exe
>>>Error: File C:\WINDOWS\Temp\llot1.exe could not be removed - it will be removed on the next reboot.
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\wlejt1.dll
Removed!


Trojan.Gromozon Removed!

Che significa ?

[amvinfe]

significa che, stando al report, è stato eliminato. Io per sicurezza ti farei usare anche questo della Symantec dalla modalità provvisoria
http://securityresponse.symantec.com...FixLinkopt.exe

[grugra82]

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group
service: SecTyu (logon as: .\yxlKuOQaEnyLnkXH, passed filters)
service: SecTyu (file path: C:\Programmi\Windows NT\FHK.exe - infected)
file: C:\Programmi\Windows NT\FHK.exe (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecTyu\Secur ity (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecTyu\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecTyu (key deleted)
reg: ...\SpecialAccounts\UserList\yxlKuOQaEnyLnkXH (value deleted)
folder: \\?\C:\Documents and Settings\yxlKuOQaEnyLnkXH (deleted)
user: yxlKuOQaEnyLnkXH (deleted)



Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 41314
The number of deleted threat files: 1
The number of directories deleted: 1
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 4
The number of threat services removed: 1
The number of accounts disabled: 1

The tool initiated a system reboot.

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)

Mhmmm... sento comunque il PC molto lento ?!?