Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

ConnectionServices_AiutoProcedura

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

ConnectionServices_AiutoProcedura

Postdi sad81 » 28/10/06 01:56

sono riuscito grazie a fixgrom.exe et vireIt a virare il linkOptimiser e altri suoi simili (ne avevo un paio)
ma non riesco a eliminare ConnectionServices

sto seguendo la procedura (ben fatta pare) della pagina http://www.megalab.it/articoli.php?id=892 e a quanto pare malgrado i vari potenti tools devo procedere alla eliminazione manuale poichè i log (attualmente scansione in corso con GMER.exe) sono diversi da utente a utente.

vi domando dunque cortesemente di inviarmi lo script per l'insersione in avenger e chiedo consiglio se continuare a usare la procedura del precitato sito (do you know?). Grazie e i miei log:
_____________________

AUTOSTART:


GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-10-28 02:15:33
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
McDetect.exe /*McAfee WSC Integration*/@ = c:\programmi\mcafee.com\agent\mcdetect.exe
McTskshd.exe /*McAfee Task Scheduler*/@ = c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
MpfService /*McAfee Personal Firewall Service*/@ = C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
PREVXAgent /*Prevx Agent*/@ = "C:\Programmi\Prevx1\PXAgent.exe" -f
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
@Tweak UIRUNDLL32.EXE TWEAKUI.CPL,TweakMeUp = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
@OpwareSE2"C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" = "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@MPFExeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
@MCAgentExec:\PROGRA~1\mcafee.com\agent\mcagent.exe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
@MCUpdateExeC:\PROGRA~1\mcafee.com\agent\mcupdate.exe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
@PrevxOne"C:\Programmi\Prevx1\PXConsole.exe" = "C:\Programmi\Prevx1\PXConsole.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Gadwin PrintScreen 3.1C:\Programmi\sad\PrintScreen\PrintScreen.exe /nosplash = C:\Programmi\sad\PrintScreen\PrintScreen.exe /nosplash
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@SpybotSD TeaTimerC:\Programmi\sad\Spybot - Search & Destroy\TeaTimer.exe = C:\Programmi\sad\Spybot - Search & Destroy\TeaTimer.exe
@updateMgrC:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 /*file not found*/ = C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 /*file not found*/
@SkinClockC:\Programmi\Sad\Free Desktop Clock\DesktopClock.exe = C:\Programmi\Sad\Free Desktop Clock\DesktopClock.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{90A756E0-AFCF-11CE-927B-0800095AE340} /*Target Context Menu*/C:\WINDOWS\system32\ShellExt\target.dll = C:\WINDOWS\system32\ShellExt\target.dll
@{B7BE318A-2A8B-6B37-5A0F-C444B8F28B2C} /*ISOpenMenuHandler*/C:\Programmi\sad\ISOpen\ISOpenMenu.dll = C:\Programmi\sad\ISOpen\ISOpenMenu.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{4EFE464B-3D0B-4800-A5DE-2321283A3256} /*QCD IconHandler*/C:\Programmi\sad\Quintessential Player\QCDIcons.dll = C:\Programmi\sad\Quintessential Player\QCDIcons.dll
@{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} /*IZArc DragDrop Menu*/C:\Programmi\Sad\IZArc\IZArcCM.dll = C:\Programmi\Sad\IZArc\IZArcCM.dll
@{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} /*IZArc Shell Context Menu*/C:\Programmi\Sad\IZArc\IZArcCM.dll = C:\Programmi\Sad\IZArc\IZArcCM.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
IZArcCM@{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} = C:\Programmi\Sad\IZArc\IZArcCM.dll
PowerArchiver@{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = C:\Programmi\sad\PowerArchiver\PASHLEXT.DLL
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{B7BE318A-2A8B-6B37-5A0F-C444B8F28B2C} = C:\Programmi\sad\ISOpen\ISOpenMenu.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
IZArcCM@{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} = C:\Programmi\Sad\IZArc\IZArcCM.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
PowerArchiver@{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = C:\Programmi\sad\PowerArchiver\PASHLEXT.DLL
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} = C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\Horloge.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.tgsoft.it/ = http://www.tgsoft.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\sad\Menu Avvio\Programmi\Esecuzione automatica >>>
ActiveTache.exe.lnk = ActiveTache.exe.lnk
GlobSoftware WallPaper.lnk = GlobSoftware WallPaper.lnk
PowerMenu.exe.lnk = PowerMenu.exe.lnk
Start WheelsOfVolume.lnk = Start WheelsOfVolume.lnk

---- EOF - GMER 1.0.11 ----

_______________________



ROOTKIT:


GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-28 02:45:39
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT pxfsf.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT pxfsf.sys ZwCreatePort
SSDT pxfsf.sys ZwCreateProcess
SSDT pxfsf.sys ZwCreateProcessEx
SSDT pxfsf.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT pxfsf.sys ZwDeleteFile
SSDT pxfsf.sys ZwDeleteKey
SSDT pxfsf.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT pxfsf.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT pxfsf.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT pxfsf.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT pxfsf.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT pxfsf.sys ZwReplaceKey
SSDT pxfsf.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT pxfsf.sys ZwSetContextThread
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT pxfsf.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT pxfsf.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory

---- Files - GMER 1.0.11 ----



---- EOF - GMER 1.0.11 ----


GRAZIE ANCORA__sad81
sad81
Newbie
 
Post: 2
Iscritto il: 28/10/06 00:53

Sponsor
 

Postdi andorra24 » 28/10/06 08:42

Ciao, il log di gmer e' pulito e non vedo tracce di linkoptimizer. Evidentemente i tools di rimozione e virit hanno fatto un buon lavoro.

Fai questi controlli:

1)Start>esegui>control userpasswords2 (lo scrivi nello spazio bianco)>OK

Nella finestra Account utente, controlla se c'e' un'utenza sospetta con nome strano (oltre le consuete Administrator, Utente, Aspnet). Se c'e' questa utenza dal nome molto strano eliminala (click con il destro e scegli elimina).

2) Rendi visibili file e cartelle nascosti:
Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su ''visualizza cartelle e file nascosti'' e togli la spunta da "nascondi file protetti di sistema (consigliato)''.

Vai in C:\Documents and Settings, e se trovi una cartella con lo stesso nome dell'utenza del punto 1 eliminala.

3) Controlla nel pannello di controllo/installazione applicazioni se hai le seguenti voci:
linkoptimizer
connection services
power verify
StrongestGuard
ConnectionKnight

Se le trovi non toccare nulla ma scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

con questo programmino potrai disinstallare LinkOptimizer, ConnectionServices o le altre voci citate sopra.
Apri il programma, click su myuninst.exe, attendi che vengano elencate le applicazioni presenti, evidenzia Linkoptimizer e/o Connection Services , click con il dx e scegli ''Delete selected entries''.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Risolto_ConnectionServices

Postdi sad81 » 28/10/06 13:57

Grazie andorra24 per la fulminea risposta
In effetti avevo già utilizzato myuninst e eliminato ConnectionServices ma credevo ch'esso eliminasse solo la voce nel pannello 'installazione applicazioni' poichè in effetti la procedura della pagina http://www.megalab.it/articoli.php?id=892 dopo questa fase mi indicava di sottomettervi il log.
Avevo anche già eliminato gli utenti sospetti ma credo di aver fatto un errore eliminando anche Aspnet, è grave ?

Comunque se tu dici che il log è pulito, e che non c'è pericolo neanche per optimiser che utilizzano il rootkit e non visualizzati nel pannello applicazioni, per me va bene cosi' e ti riringrazio infinitamente. sad81
____________
c'è chi passa una vita a cercar di comprendere le donne,altri si occupano di cose meno difficili come l'eliminazione di LinkOptimiser(transf.A.Einstein)
sad81
Newbie
 
Post: 2
Iscritto il: 28/10/06 00:53

Postdi andorra24 » 28/10/06 14:30

Bene, direi che e' stato fatto tutto e sei pulito. ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo


Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti