Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Linkoptimizer im System

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Linkoptimizer im System

Unread postby Tominger » September 22nd, 2006, 9:31 am

Hallo,

ich bin seit gestern euf eurer Seite zu Gast gewesen und habe schon vieles interessante gefunden, leider konnte ich mit den Hinweisen mein Problem bisher nicht beseitigen.
Mein IE6 ist seit ca. 2-3 Tagen sehr langsam beim öffnen und hat auch beim aktualisieren von Seiten eine gewisse Verzögerung, die vorher einfach nicht da war.
Ich hab inzwischen auch zwei Linkoptimizer-Einträge gefunden, weiß aber nicht, was ich damit tun soll.
Seit der gleichen Zeit stürzt mein ACDSee ab, sobald ich es öffne und Bildvorschauen angezeigt werden. Keine Ahnung, ob das zusammenhängt. Insgesamt macht das System den Eindruck überlastet zu sein.

Hier mein Hijack-Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 15:22:26, on 22.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\LVComsX.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\ewido anti-spyware 4.0\ewido.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\SetPoint\KEM.exe
C:\Programme\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Mousometer\mousometer.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\tominger\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box; 192.168.178.254
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {203C1240-1E1B-B61C-B6AB-3F256C6B90FF} - C:\WINDOWS\cnkfd1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Programme\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Startup: Microsoft Office Outlook starten.lnk = C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: Mousometer.lnk = C:\Programme\Mousometer\mousometer.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Programme\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O15 - Trusted Zone: *.freenet.de
O15 - Trusted Zone: http://www.ndr2.de
O15 - Trusted Zone: http://www.ndr2.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-24.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2350155015
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all08.kundenserver.de/app/sta ... msxml4.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/ins ... utions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC970EF7-2825-4AF6-A613-C35C1A538C64}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Tominger
Active Member
 
Posts: 4
Joined: September 22nd, 2006, 4:23 am
Location: Stralsund
Advertisement
Register to Remove

once again in english

Unread postby Tominger » September 22nd, 2006, 9:38 am

I'm sorry, I did not realize this is an english-spoken Forum when I wrote my Questions.
Ok, once again in english:
My IE6 is slow when opening it. It takes a few seconds to be opened. Also there is a delay when refreshing a site. These delays haven't been there before.
Since 2-3 days may ACDSee is beeing closed automatically, if I open a thumbviewing-table.
Overall the whole System seems to be very busy.
Tominger
Active Member
 
Posts: 4
Joined: September 22nd, 2006, 4:23 am
Location: Stralsund

Unread postby Trogan » September 22nd, 2006, 9:51 am

Hi Tominger, welcome to Malware Removal. :)

Yes, your infected by the LinkOptimizer Rootkit. :(

Since this is fairly new Rootkit, I need to consult with an expert to see what course of action to take.

I'll be back soon. :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Tominger » September 22nd, 2006, 10:14 am

Hi Trogan,

ok, good to know that I was right...

and ok, I'm looking forward for your reply and (hopefully) your help. :)
Tominger
Active Member
 
Posts: 4
Joined: September 22nd, 2006, 4:23 am
Location: Stralsund

Unread postby Kimberly » September 22nd, 2006, 11:08 am

Tominger

Hi and welcome to the forum.

I am afraid you have a very bad infection.

So bad that unless you yourself are an expert we are recommending that you reformat and re-install the operating system.

I have sent you a Private Message - which you can get from the link to message at the top of this forum with details of how to reformat.

Could you please reply here so we know what you wish to do.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Tominger » September 22nd, 2006, 11:39 am

Hi Kim,

thanks for your reply.
Yes unforunately I'm not an expert at this and I think if you say its a very bad infection it is better to reformat and reinstall than try and waste time without a good chance. :(

Thank you for your help,

Tom
Tominger
Active Member
 
Posts: 4
Joined: September 22nd, 2006, 4:23 am
Location: Stralsund

Unread postby Nick-YF19 » September 28th, 2006, 3:06 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware