log da controllare

[montesipc]

Niente da fare...

Gromozon non rileva rootkit component... in C:\Windows e in C:\Programmi\File comuni
Tojan.Gromozon does not exist...

FixLinkopt non rileva rootkit, perchè si chiude senza risultati...



Posto il LOG di Ad-Aware 2007
Log File Created on: 2007-08-23 09:31:56
Using Definitions File: C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware 2007\core.aawdef

System information
===========================
Number of processors: 1
Processor type: Intel(R) Celeron(R) M processor 1300MHz
Memory Available: 19%
Total Physical Memory: 251117568 Bytes
Available Physical Memory: 46534656 Bytes
Total Page File Size: 615845888 Bytes
Available On Page File: 281874432 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 2006786048 Bytes
OS: Microsoft Windows XP Service Pack 1 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Unloading Explorer if necessary during removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: On

Item Scanned: 106003
Infections Detected: 3
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 1 1
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 0 0
File Hash Scan..: 0 0

Infections Found
===========================
Family Id: 109 Name: Adware.LinkOptimizer Category: Malware TAI:4
Item Id: 300002614 Value: Root: HKLM Path: software\microsoft\windows\currentversion\explorer \browser helper objects\{da39029c-d291-a968-3ff4-d0990d5cb5fc}
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\Paolo\Recent Count: 1
Item Id: 2 Value: MRU Registry Key: S-1-5-21-1907411925-71594873-1131426265-1005\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1


e il LOG di HijackThis 2.02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.21.41, on 23/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\WINDOWS\regedit.exe
C:\Programmi\HijackThis\HiJackThis2.02.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fgr-fc.it/Home.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file) O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ADE1E9F-F596-4CD7-A2AE-76BFF021B4A7}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCB8157E-8EE1-4E92-8BF9-3A15B3C9B118}: NameServer = 85.255.114.109,85.255.112.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD4DAA1C-31C3-4E0A-965B-32D1459B4461}: NameServer = 85.255.114.109,85.255.112.153
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 3424 bytes

Io ho fixato O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file) tutte le volte, ma lui si ripresenta continuamente...

Cosa dovrei fare ora???