ConnectionServices....?!?!

[wwwmagnottait]

scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio

Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in rosso

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Una volta riavviato il pc,collegati e posta il contenuto del file C:\Avenger.txt

Ciao

fatto....
ma mi dice che non trova il file specificato, e non mi crea nessun file log
ergo?!?

[wwwmagnottait]

Alur Luke (o chi per lui possa aiutarmi)....credo sarò esauriente, e vi do tutte le info necessarie....per punti:

1) Fatta l'operazione con Avenger, con le modalità da te suggerite....inserita la stringa di testo, e computer che si è riavviato....al ritorno in windows mi dice che non ha trovato il file specificato, ergo non ha fatto nulla e non ha creato file di log

2) Eseguita l'operazione con Adspy, con le modalità da te suggerite....nel log finale non compare il valore C:\:xpsp1hff.log, ergo non ho potuto spuntare nè rimuovere nulla

3) con control userpasswords2 mi vede tutti gli utenti regolari (aspnet, administrator, guests e manuel, il mio utente)....quello relativo a linkoptimizer l'avevo già rimosso tempo fa

4) Ecco il log di Combofixbox:

Manuel - 06-08-29 12.39.21,79
ComboFix 06.08.27BT - Running from: I:\Utility\Compressi2\Antivirus\Spyware

((((((((((((((((((((((((((((((( Files Created from 2006-07-29 to 2006-08-29 ))))))))))))))))))))))))))))))))))


2006-08-05 20:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-08-05 20:02 451,072 C:\WINDOWSRadeon Omega Drivers v3.8.252 Uninstall.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-29 12:34 -------- d-------- C:\Programmi\PeerGuardian2
2006-08-29 12:02 -------- d-------- C:\Programmi\Mozilla Firefox
2006-08-29 11:27 -------- d-------- C:\Programmi\ewido anti-spyware 4.0
2006-08-29 03:19 60416 --a------ C:\WINDOWS\system32\drivers\kwdf^ij^.sys
2006-08-28 15:51 -------- d-------- C:\Programmi\RootkitRevealer
2006-08-28 02:48 -------- d-------- C:\Programmi\CCleaner
2006-08-28 00:09 -------- d-------- C:\Documents and Settings\Manuel\Dati applicazioni\Lavasoft
2006-08-28 00:07 -------- d-------- C:\Programmi\Lavasoft
2006-08-26 19:53 -------- d-------- C:\Programmi\JK-DC++v0.668(Beta)-D3-
2006-08-26 19:48 -------- d-------- C:\Programmi\DC++
2006-08-25 15:54 -------- d-------- C:\Programmi\File comuni\System
2006-08-25 13:36 -------- d-------- C:\Programmi\Outlook Express
2006-08-25 13:08 -------- d-------- C:\Programmi\Internet Explorer
2006-08-25 12:50 -------- d-------- C:\Programmi\myuninst
2006-08-25 12:46 -------- d-------- C:\Programmi\Sunbelt Software
2006-08-25 12:08 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-25 12:08 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-25 12:08 -------- d-------- C:\Programmi\AVPersonal
2006-08-22 00:26 -------- d-------- C:\Programmi\iDC++
2006-08-05 20:10 -------- d-------- C:\Documents and Settings\Manuel\Dati applicazioni\atitray
2006-08-05 20:02 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
2006-08-05 20:02 -------- d-------- C:\Programmi\Radeon Omega Drivers
2006-08-05 20:02 -------- d-------- C:\Programmi\MultiRes
2006-08-05 19:57 -------- d-------- C:\Documents and Settings\Manuel\Dati applicazioni\ATI
2006-08-04 17:27 -------- d-------- C:\Programmi\File comuni\Microsoft Shared
2006-08-01 17:10 -------- d--h----- C:\Programmi\InstallShield Installation Information
2006-07-31 12:28 -------- d-------- C:\Programmi\File comuni
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-23 18:11 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-07-22 17:13 -------- d-------- C:\Programmi\DkZ Studio
2006-07-22 17:04 737280 --a------ C:\WINDOWS\iun6002.exe
2006-07-21 10:27 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-15 04:19 -------- d-------- C:\Programmi\Windows Media Player
2006-07-15 04:17 -------- d-------- C:\Programmi\On2 Technologies
2006-07-15 04:13 -------- d-------- C:\Programmi\DivX
2006-07-14 12:01 -------- d-------- C:\Documents and Settings\Manuel\Dati applicazioni\AdobeUM
2006-07-12 16:10 46904 --a------ C:\Documents and Settings\Manuel\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-07-03 23:40 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-07-03 23:40 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-07-03 23:40 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-07-03 23:40 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-06-21 12:49 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-06-21 12:43 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-06-21 12:43 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-06-21 12:42 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-06-21 12:42 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-06-21 12:34 90112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-06-21 12:34 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-06-21 12:34 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-06-21 12:34 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-06-21 12:34 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-06-21 12:34 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-06-21 12:34 200704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-06-21 12:33 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-06-21 12:33 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"="C:\\WINDOWS\\system32\\kxmixer.exe --startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PeerGuardian"="C:\\Programmi\\PeerGuardian2\\pg2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000001
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Pagina iniziale corrente"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Avvio\\Programmi\\Esecuzione automatica\\ATI CATALYST System Tray.lnk"
"backup"="C:\\WINDOWS\\pss\\ATI CATALYST System Tray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ATITEC~1\\ATI.ACE\\CLI.exe SystemTray"
"item"="ATI CATALYST System Tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Avvio\\Programmi\\Esecuzione automatica\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Manuel^Menu Avvio^Programmi^Esecuzione automatica^ADSL Diagnostic Tools.LNK]
"path"="C:\\Documents and Settings\\Manuel\\Menu Avvio\\Programmi\\Esecuzione automatica\\ADSL Diagnostic Tools.LNK"
"backup"="C:\\WINDOWS\\pss\\ADSL Diagnostic Tools.LNKStartup"
"location"="Startup"
"command"="C:\\WINDOWS\\system32\\mapiicon.exe "
"item"="ADSL Diagnostic Tools"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ADSL_A2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="A2Installed"
"hkey"="HKLM"
"command"="A2Installed"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKLM"
"command"="\"C:\\Programmi\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATIModeChange]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ati2mdxx"
"hkey"="HKLM"
"command"="Ati2mdxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVG7_EMC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgemc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVPCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avpcc"
"hkey"="HKLM"
"command"="\"C:\\Programmi\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\avpcc.exe\" /wait"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Babylon Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Babylon"
"hkey"="HKLM"
"command"="C:\\Programmi\\Babylon\\Babylon.exe -AutoStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CoolSwitch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="taskswitch"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\taskswitch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ElbyCheckElbyCDFL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElbyCheck"
"hkey"="HKLM"
"command"="\"C:\\Programmi\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\FastUser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fast"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\fast.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\FOR MAGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bold active kind"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ObjBarbEggs\\bold active kind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\H2O]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cledx"
"hkey"="HKLM"
"command"="C:\\Programmi\\SyncroSoft\\Pos\\H2O\\cledx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="\"C:\\Programmi\\Microsoft IntelliPoint\\point32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Programmi\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kX Mixer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kxmixer"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\kxmixer.exe --startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Programmi\\Messenger Plus! 3\\MsgPlus.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Norton Ghost 9.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="E:\\Utility\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\OfficeGuard RegChecker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ogrc"
"hkey"="HKLM"
"command"="\"C:\\Programmi\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\ogrc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Playbaitinsidemove]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="basepart"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users\\Dati applicazioni\\peak bleh play bait\\basepart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\POINTER]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="point32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programmi\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"d:\\giochi\\valve\\steam\\steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programmi\\Java\\j2re1.4.2_04\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="evntsvc"
"hkey"="HKLM"
"command"="C:\\Programmi\\File comuni\\Real\\Update_OB\\evntsvc.exe -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\vsc32cnf.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vsc32cnf"
"hkey"="HKLM"
"command"="C:\\Programmi\\Roland\\VSC32\\vsc32cnf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\vscvol.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vscvol"
"hkey"="HKLM"
"command"="C:\\Programmi\\Roland\\VSC32\\vscvol.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="\"C:\\Programmi\\Winamp3\\winampa.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\xcj]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xcj"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\xcj.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"iPodService"=dword:00000003
"BITS"=dword:00000003
"AvgServ"=dword:00000003
"mnmsrvc"=dword:00000003
"aspnet_state"=dword:00000003
"AVPCC"=dword:00000002
"KAVMonitorService"=dword:00000002
"AntiVirService"=dword:00000003
"ATI Smart"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"WinLib"=dword:00000002




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060829-121311-470
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
backup-20060829-121253-530
R3 - Default URLSearchHook is missing
backup-20060828-173602-198
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
backup-20060828-173542-113
R3 - Default URLSearchHook is missing
backup-20060828-124523-555
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
backup-20060828-035900-185
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
backup-20060828-035715-907
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
backup-20060828-035657-128
R3 - Default URLSearchHook is missing
backup-20060828-011924-826
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
backup-20060828-011910-239
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
backup-20060828-011843-132
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
backup-20060828-011831-469
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
backup-20060825-184235-856
O2 - BHO: Class - {832AED3B-C509-1533-97BB-840EAB6BEDC8} - C:\WINDOWS\wjhme1.dll (file missing)
backup-20060825-184235-939
R3 - Default URLSearchHook is missing
backup-20060825-184235-635
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
backup-20060825-151550-593
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
backup-20060825-151550-510
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AA3B9C8091AC10B0.job

Completion time: 29/08/2006 12:42:11.92
ComboFix.txt


5) La voce ConnectionServices su Installazione Applicazioni di Win, la devo rimuovere si o no con MyUnistaller?!?

6) Se serve, questo è l'ultimo log di Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12.49.57, on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\kxmixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
I:\Utility\Compressi2\Antivirus\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.194.98.174:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = jweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {832AED3B-C509-1533-97BB-840EAB6BEDC8} - C:\WINDOWS\wjhme1.dll (file missing)
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\UTILITY\ICQ2003\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\UTILITY\ICQ2003\ICQ.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6534158937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.virgilio.it/pctester/files/ ... reQual.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: FKSOB - Unknown owner - C:\DOCUME~1\Manuel\IMPOST~1\Temp\FKSOB.exe (file missing)
O23 - Service: G - Unknown owner - C:\DOCUME~1\Manuel\IMPOST~1\Temp\G.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MPGYJ - Unknown owner - C:\DOCUME~1\Manuel\IMPOST~1\Temp\MPGYJ.exe (file missing)
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: QLIDBDBK - Unknown owner - C:\DOCUME~1\Manuel\IMPOST~1\Temp\QLIDBDBK.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Grazie

[lucas/s]

Elimina il file in rosso
C:\WINDOWS\iun6002.exe

Elimina le cartelle in rosso(se presenti)
C:\Documents and Settings\All Users\Dati applicazioni\peak bleh play bait
C:\Programmi\newdot.net

Apri il prompt dos(start>esegui>cmd)
Digita:
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\New.net Startup

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Playbaitinsidemove

Riavvia il pc

Ciao

[sar2784]

da 3 giorni il file di paging e salito di circa 60mb senza sapere perche!
stavo girando un po su internet per cercare di risolvere il problema finche controllando su installazione applicazioni mi sono accorto di vare anch io Connectionservices. che posso fare!
che dite faccio un log file con quel programma che leggevo su questa discuusione?? (Hijackthis) ??
se si dove lo scarico??
grazie

[wwwmagnottait]

ok fatto....e ConnectionServices lo rimuovo con myunistaller, no?

[wwwmagnottait]

ok fatto....e ConnectionServices lo rimuovo con myunistaller, no?

yu uuh? che devo fare allora....lo rimuovo con myunistaller si o no? o devo compiere altre operazioni?
thx

[Luke57]

Sì, eliminala con myuninstaller.

[wwwmagnottait]

niente riga....sono sconfortato
ho fatto tutto quello che avete suggerito qui: più ho fatto l'immunize con Spybot, ho Ewido 4.0 aggiornato e resident che monitora il sistema....e nonostante tutto, ConnectionServices è riapparso sulla lista Installazione Applicazioni....e continuano i popup se faccio una ricerca su Google, e i link sospetti su parole a caso.....

Ma che devo fare per togliere definitivamente questa schifezza?!? Possibile a nessuno sia già capitato il problema, e l'abbia risolto? Non c'è un fix specifico?!? Ma solo a me st'affare ineliminabile, cavolo?!?
Ho cercato su Google, ma compaiono solo pochi link, tutti in francese o in norvegese e non si capisce nulla!

Cmq questo è l'ultimo log di Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14.12.01, on 30/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\kxmixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
I:\Utility\Compressi2\Antivirus\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.194.98.174:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = jweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {832AED3B-C509-1533-97BB-840EAB6BEDC8} - C:\WINDOWS\wjhme1.dll (file missing)
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\UTILITY\ICQ2003\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\UTILITY\ICQ2003\ICQ.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6534158937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.virgilio.it/pctester/files/ ... reQual.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Nello specifico, ueste righe, nonostante mi abbiate detto di lasciarle, mi paiono strane:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = jweb
O2 - BHO: Class - {832AED3B-C509-1533-97BB-840EAB6BEDC8} - C:\WINDOWS\wjhme1.dll (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) (CHE PERO NON SI RIESCE A TOGLIERE IN NESSUN MODO )

Che dite? Quali di queste tolgo?

E....perfavore....mi aiutate a risolvere sta situazione!?? Mi appello ai luminari del sito
Grazie

[wwwmagnottait]

UP!
.....help! sigh

[Luke57]

Ciao, fissa le voci 02 e 023.
Poi lancia questi due comandi:
start>esegui>sc stop Powermanager>OK
start>esegui>sc delete Powermanager>OK

[maxking]

ciao raga,ringrazio inanzitutto la board che mi ospita, purtroppo come mio primo topic non e' solo per un saluto,tornando dal lavoro ieri, presuppongo mio figlio, a preso questa evoluzione del linkoptimzzer...

peccato che dopo i vari aggiornamenti di questo ultimo per renderlo inattaccabile ero tranquillo, ma a quanto sembra i Bast..di non hanno propio nulla da fare...
aime' gia' e' la quarta volta nel giro di 2 mesi che lo prendo...
questa e' la scanzione di HJ


Logfile of HijackThis v1.99.0
Scan saved at 4.10.25, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.swgcraft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {BBD67203-2AFE-831F-2CD9-5B031B2DE66C} - C:\WINDOWS\mgmga1.dll (file missing)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [psyd1.exe] C:\WINDOWS\TEMP\psyd1.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{76741231-31D2-4A6F-9391-8456F7B523F6}: NameServer = 62.94.0.1,62.94.0.2
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe



le ultime volte ho formattato, perche' ho provato ma la procedura era lunga e troppo laboriosa, ora mi voglio impuntare a toglierlo e possibilmente a fixare questo figlio de trojan

grazie a tutti

[Luke57]

Ciao, scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.

[a.medos]

Salve ragazzi,
Ho seguito con molto interesse le vicende di Link Optimizer e Connection Services, mi è capitato di averne sui pc dove lavoro, e ho trovato 3 capisaldi per la rimozione:
1) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
Qui dentro c'è la chiave AppInit_DLLs, che con pc infetto risulta vuota, ma in realtà è proprio lei a fare partire il Rootkit.
L' unico modo che ho trovato per rimuoverla in sicurezza è stato agire con ERD Commander, programma che è in grado di creare un CD con un S.O. avviabile, e dal quale poi posso selezionare una installazione sulla quale agire. Così il S.O. del pc infetto non parte, e si riesce a vedere che la chiave nasconde in realtà il file da cancellare.
2) Una volta cancellata la chiave, possiamo riavviare il pc (in modalità provvisoria con rete) e procedere con tutti gli anti rootkit del caso. GMER, Sophos e HiJackThis sono fantastici per poter trovare e cancellare i file responsabili delle infezioni. In più, scaricate VirIT, che nella nuova versione dice di essere in grado di rimuovere il rootkit.
Aggiornate (abbiamo il supporto di rete), cancellate a mano tutte le Temp (in Documents and Settings e in Windows\Winnt), e usate Avenger.
Se non funzionano GMER e Avenger la colpa è del rootkit, ancora attivo nella chiave di registro del punto 1.
3) Riavvio in modalità normale, nella cartella di Avenger si dovrebbe trovare il programma responsabile. Vi rimando al sito di VirIT (http://www.tgsoft.it) dove ci sono istruzioni più dettagliate delle mie.
Spero possa essere utile, a presto.