Non so se si possono allegare files, quindi sono costretto a copiarli
Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Trojan.Linkoptimizer has not been found on your computer.
Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Trojan.Gromozon does not exist - your system is clean.
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
22/06/2007 - 09:14:50
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\WINDOWS\system32\lsapeuch.exe Infetto da Trojan.Win32.Agent.AUF
* * * RIMOSSO * * *
C:\WINDOWS\system32\monoonue.exe Possibile variante da Trojan.Win32.Small.LW
C:\WINDOWS\system32\netioasp.exe Infetto da Trojan.Win32.Agent.AUF
* * * RIMOSSO * * *
C:\WINDOWS\system32\srvdyykv.exe Infetto da Trojan.Win32.Agent.AUF
* * * RIMOSSO * * *
C:\WINDOWS\system32\svcmayda.exe Possibile variante da Trojan.Win32.Small.LW
C:\WINDOWS\system32\tmp11.tmp.dll Infetto da BHO.Agent.ES
* * * RIMOSSO * * *
C:\WINDOWS\system32\tmp9.tmp.dll Infetto da BHO.Agent.EJ
* * * RIMOSSO * * *
C:\WINDOWS\system32\tmpB.tmp.dll Infetto da BHO.Agent.ES
* * * RIMOSSO * * *
C:\WINDOWS\system32\tskybpea.exe Infetto da Trojan.Win32.Agent.AUF
* * * RIMOSSO * * *
Chiavi Registro infette: 0.
Files Infetti: 9.
Files Sospetti: 0.
Files Analizzati: 70766.
Files Totali: 70766.
Chiavi Registro rimosse: 0.
Virus Rimossi: 7.
22/06/2007 - 09:35:40
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\WINDOWS\system32\monoonue.exe Possibile variante da Trojan.Win32.Small.LW
C:\WINDOWS\system32\svcmayda.exe Possibile variante da Trojan.Win32.Small.LW
Chiavi Registro infette: 0.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 70760.
Files Totali: 70760.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
22/06/2007 - 09:55:48
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\WINDOWS\system32\monoonue.exe Possibile variante da Trojan.Win32.Small.LW
C:\WINDOWS\system32\svcmayda.exe Possibile variante da Trojan.Win32.Small.LW
Chiavi Registro infette: 0.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 70770.
Files Totali: 70770.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
Logfile of HijackThis v1.99.1
Scan saved at 11.29.52, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\AlessandroALTEA\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11bde480-4424-41f6-aae5-d1c33141aed8} - C:\WINDOWS\system32\dxdres.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\ljgday.dll",realset
O4 - HKLM\..\Run: [netgkcvm] "c:\windows\system32\netgkcvm.exe"
O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\FABIANA\IMPOST~1\Temp\tmp14.tmp.exe /run
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Realtime Monitor.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1F5A3073-7E4A-449C-B1E0-443F28337DF1} (Webarplugin Control) -
http://195.103.88.7/webarplugin.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{CF9EC26D-E85E-406F-B455-D40BC27AFE20}: NameServer = 151.99.125.2,151.99.0.100
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dxdres - dxdres.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Server RPC di eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: Server Realtime di eTrust Antivirus (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: Server Processi di eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas
www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
P.S. lo spybot rileva sempre smitfraud