mi controllate questo log perfavore??
il mio ad-aware 2008 mi segnala ke ho un adware linkOptimizer però non me lo riesce a rimuovere.
perfavore controllatemi questo log di hijackThis:
Grazie


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.56.29, on 12/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - (no file)
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
O3 - Toolbar: (no name) - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - (no file)
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: SecXne - Unknown owner - C:\Programmi\File comuni\System\jRC.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5757 bytes

Il LinkOptimizer è un rootkit, non un adware... Ed è anche, volendo essere pignoli, una gran brutta gatta da pelare... oltretutto, con un bel mucchio di varianti!
Pidue e r16 sapran spiegarti assai meglio di me la procedura esatta necessaria per la sua rimozione...

Ciao.
Sinceramente,non mi sembra il LinkOptimizer, però vediamo.......
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Scarica questo Tooll ,e fai una scansione completa.
http://www.prevx.com/gromozon.asp
A fine scansione posta il log che si trova in c:\gromozon_removal.log

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante). Con Virit,fai 2 scansioni

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione. Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
ComboFix non funziona in modalità provvisoria

---

Esegui una scansione da Bitdefender Online Scanner: http://www.bitdefender.com/scan8/ie.html
per poter eseguire l'operazione, è necessario utilizzare il Browser Internet Explorer.
una volta aperta la pagina, clicca I agree.
verrà proposta l'installazione di un ActiveX.
installato ActiveX, segui la procedura guidata ed esegui la scansione del Disco sul quale è residente il Sistema Operativo (di norma, C:)
Salva il Report che verrà rilasciato.
Terminata la scansione di Bitdefender - e' necessario riavviare il sistema.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riposta un nuovo log di hijackThis.

Ciao P2.
Che le righe in rosso siano da fixare, non lo metto in dubbio,però non ho visto nel log di HijackThis,nessuna dll sospetta,che è tipica del LinkOptimizer.
Comunque aiutamico93 ,per saperlo,segui le indicazioni di P2.
P.S: Ulteriori ricerche , mi sà che.......

ciao.
ecco i log.

1)log di Gromozon Removal Tool


Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni


Trojan.Gromozon does not exist - your system is clean.



2)questo è il log di hijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.46.16, on 13/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - (no file)
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
O3 - Toolbar: (no name) - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - (no file)
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: SecXne - Unknown owner - C:\Programmi\File comuni\System\jRC.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 5962 bytes



VirIt mi ha trovato un BHO.LinkOptimezer B e BHO.LinkOptimizer D
combofix non l'ho potuto scaricare perkè kaspersky lo vede come un virus e mi annulla il download.

vi prego rispondetemi,

ciao.scusate per il ritrdo ma ho avuto un contrattempo.

ecco qui i log:

1)log di combofix:

ComboFix 08-07-14.2 - nic 2008-07-16 8.18.57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.691 [GMT 2:00]
Eseguito da: C:\Documents and Settings\nic\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\3
C:\Programmi\3\FastMobileModem\configMMM.ini
C:\Programmi\3\FastMobileModem\DefaultMMM.ini
C:\Programmi\3\FastMobileModem\Driver.ini
C:\Programmi\3\FastMobileModem\eventMMM.log
C:\Programmi\3\FastMobileModem\MMMODEM.CNT
C:\Programmi\3\FastMobileModem\MMModem.exe
C:\Programmi\3\FastMobileModem\MMMODEM.HLP
C:\Programmi\3\FastMobileModem\MMModemcnt.0
C:\Programmi\3\FastMobileModem\MMModemcnt.1
C:\Programmi\3\FastMobileModem\MMModemhlp.0
C:\Programmi\3\FastMobileModem\MMModemhlp.1
C:\Programmi\3\FastMobileModem\traceMMM.log
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-06-16 al 2008-07-16 )))))))))))))))))))))))))))))))))))
.

2008-07-13 07:32 . 2008-07-14 08:42 <DIR> d-------- C:\VEXPLITE
2008-07-13 07:32 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-07-12 15:16 . 2008-07-12 15:21 <DIR> d-------- C:\Documents and Settings\nic\dwhelper
2008-07-12 14:54 . 2008-07-12 14:54 <DIR> d-------- C:\Programmi\Trend Micro
2008-07-10 21:17 . 2008-07-10 21:18 <DIR> d-------- C:\Programmi\mp3DirectCut
2008-06-27 16:15 . 2008-07-15 13:29 <DIR> d-------- C:\Programmi\eMule
2008-06-26 14:53 . 2008-06-26 21:00 <DIR> d-------- C:\Programmi\GIMP-2.0
2008-06-26 13:37 . 2008-06-26 13:37 <DIR> d-------- C:\Documents and Settings\nic\Dati applicazioni\GlarySoft
2008-06-26 13:27 . 2008-06-30 10:43 <DIR> d-------- C:\Programmi\Glary Utilities
2008-06-19 22:35 . 2008-06-19 22:35 <DIR> d-------- C:\Programmi\Auslogics
2008-06-19 22:08 . 2008-06-20 07:38 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-19 22:08 . 2008-06-20 07:38 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-19 22:07 . 2008-06-19 22:07 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-06-19 22:07 . 2008-07-16 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-06-19 22:07 . 2008-07-16 08:25 5,582,112 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-19 22:07 . 2008-07-16 08:24 244,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-19 22:07 . 2008-07-16 08:24 75,812 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-19 22:07 . 2008-07-16 08:24 23,972 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-19 14:04 . 2008-06-19 14:10 <DIR> d-------- C:\Programmi\VirtualDJ
2008-06-18 20:47 . 2008-06-19 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-16 12:06 . 2008-06-16 12:07 <DIR> d-------- C:\Programmi\Shareaza
2008-06-16 12:06 . 2008-06-16 12:06 <DIR> d-------- C:\Documents and Settings\nic\Dati applicazioni\Shareaza

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 06:05 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\SiteAdvisor
2008-07-15 09:08 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-15 09:08 --------- d-----w C:\Programmi\CCleaner
2008-07-09 16:25 --------- d-----w C:\Programmi\Lavasoft
2008-07-09 16:25 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\Lavasoft
2008-07-09 16:16 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-07-09 16:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-07 21:02 --------- d-----w C:\Programmi\IZArc
2008-06-29 07:19 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\gtk-2.0
2008-06-20 05:39 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-18 18:43 --------- d-----w C:\Programmi\Google
2008-06-18 18:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-15 14:48 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\LimeWire
2008-06-14 06:01 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-06-14 05:46 --------- d-----w C:\Programmi\Doctor Alex Antispyware
2008-06-11 13:15 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-11 13:15 --------- d-----w C:\Programmi\CyberLink
2008-06-07 12:50 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\Auslogics
2008-06-07 11:46 --------- d-----w C:\Programmi\Ashampoo
2008-06-05 09:24 --------- d-----w C:\Programmi\File comuni\Adobe
2008-06-05 08:30 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\uTorrent
2008-06-05 08:28 --------- d-----w C:\Programmi\Traduttore
2008-06-04 13:55 769,024 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
2008-06-03 14:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-06-03 09:58 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\vlc
2008-06-03 09:35 --------- d-----w C:\Programmi\VideoLAN
2008-06-03 08:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ashampoo
2008-06-02 07:48 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\SUPERAntiSpyware.com
2008-05-31 12:51 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\Orbit
2008-05-30 05:52 --------- d-----w C:\Programmi\SiteAdvisor
2008-05-30 05:27 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\Talkback
2008-05-30 05:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-05-30 05:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-05-29 18:32 --------- d-----w C:\Programmi\eRightSoft
2008-05-28 13:54 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\FileSubmit
2008-05-27 14:31 --------- d-----w C:\Documents and Settings\nic\Dati applicazioni\Styler
2008-05-25 06:52 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-05-25 06:20 --------- d-----w C:\Programmi\Recuva
2008-05-21 07:08 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Lavasoft
2008-05-19 15:23 135 ----a-w C:\DelUS.bat
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-25 17:41 218,624 ----a-w C:\WINDOWS\system32\uxthemel.tmp
2007-03-26 16:25 108,330 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\firstlsp.reg.dat
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]
"UIWatcher"="C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [2007-11-06 15:16 1741184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Watch.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-01-15 16:14 147456 C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
--a------ 2007-11-06 15:16 1741184 C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]
--a------ 2008-06-19 19:41 245760 C:\VEXPLITE\monlite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WheelMouse"=C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
"iKeyWorks"=C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\Shareaza\\Shareaza.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2007-10-10 12:12]
R3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (9);C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2001-12-17 23:01]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
S2 SecXne;SecXne;C:\Programmi\File comuni\System\jRC.exe []

.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-16 06:25:00 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Programmi\Glary Utilities\initialize.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 08:25:24
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-16 8:33:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 06:32:59

11 Directory 55,600,377,856 byte disponibili
16 Directory 55,510,835,200 byte disponibili

179 --- E O F --- 2008-05-21 15:48:00

2)log di fix linkoptimizer (il tool della symantec)

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Trojan.Linkoptimizer has not been found on your computer.

3)log di virit

16/07/2008 - 09:44:56

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]


[E:]
BOOT SECTOR: OK


[F:]
BOOT SECTOR: OK


[G:]
BOOT SECTOR: OK


[H:]
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 49357.
Files Totali: 49357.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK

4) log di hijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.05.27, on 16/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - (no file)
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 5202 bytes



ho fatto una scansione con adware 2008 e NON mi trova più il virus link optimizer. GRAZIE a P2 e a r16. GRAZIE GRAZIE

però ho notato cose molto strane:

1)quando r16 mi ha kiesto di fixare queste voci:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
O3 - Toolbar: (no name) - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - (no file)
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O23 - Service: SecXne - Unknown owner - C:\Programmi\File comuni\System\jRC.exe (file missing)
io ho trovato solo queste e le ho fixate:
O3 - Toolbar: (no name) - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - (no file)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

le altre quando ho fatto la scansione non le riuscivo più a trovare. cosa molto strana

2)quando mi hai detto di andare all'editor del registro ovvero digitare regedit da esegui, non ho trovato questa chiave:
DA39029C-D291-A968-3FF4-D0990D5CB5FC
io ho chiuso e ho lasciato perdere.

3) combofix mi ha eliminato il programma Fast Mobile Modem che io uso per collegarmi a internet dato ke ho una conessione con il cellulare. il programma è attendibilissimo perkè l'ho scaricato dal sito della 3. il programma l'ho reinstallato xkè non ci credo ke è un virus e poi così non riuscirei più a collegarmi a internet
vi prego rispondete

GRAZIE, GRAZIE, GRAZIE ANCORA. non saprei come ringraziarvi.
GRAZIE P2 e GRAZIE R16

grazie r16.
ho notato un'altra cosa strana
se vado ad esegui e digito msconfig, quando mi sposto nella scheda "avvio" ci sono voci ke prima non c'erano.
ecco le voci:
.recently-used
deb
default
intlname
log
ntuser
ntuser.dat
ntuser.dat
ntuser
ntuser.dat_TU_75770
ntuser
S-1-5-21-1214033-14255212-6820033-1033.rrr
Thumbs

queste voci non c'erano prima di aver fatto il procedimento per rimuover link optimizer!!
cosa facco???



ed ecco un nuovo log di hikackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.16.56, on 17/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Programmi\3\FastMobileModem\MMModem.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{599850A9-44D6-47BB-AC0A-E8333C817E9B}: NameServer = 62.13.171.2 62.13.171.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5038 bytes



p.s. quando vado ad esegui e digito combofix /u mi esce: impossibile trovare combofix/u. verificare il percorso e il nome del file siano corretti e riprovare. per carcare un file fare clic sul pulsante start, quindi scegliere trova.





p.s. io ho kaspersky il miglior antivirus e non mi trova questi virus...bho

si
avevo digitato control userpasswords2 e mi era uscito un nome strano e io l'ho cancellato.
ho fatto tutto come mi avevi detto
solo ke mentre andavo a fixare delle voci con hijackThis alcune non le trovavo, come ti avevo già detto
e poi nell'editor del registro (regedit) non riuscivo a trovare la chiave che mi avevi detto.
per il resto ho fatto come mi avevi detto tu
grazie r16 sei proprio bravo!

ciao pidue.
ho fatto quello ke mi hai detto, ma non c'è nessun servizio con lo stesso nome di quello che ho cancellato digitando control userpasswords2
una domanda: ma che tipo di virus è il link optimizer??

ciao e grazie per avermi aiutato.
ke altro posso fare??

Grazie per avermi aiutato

ho fatto una scansione con ad-aware e mi trova di nuovo il linkOptimizer però questa volta appena clicco su rimuovi, me lo riesce a rimuovere.

GRAZIE ancora