Condividi:        

Worm/medbot.A e trojan.zlob

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Worm/medbot.A e trojan.zlob

Postdi DarkLoyd » 24/10/06 17:58

salve a tutti sono un nuovo iscritto :)
volevo chiedervi aiuto su questi due problemi che ho trovato ieri,
praticamente ieri mattina appena ho acceso il pc ed essermi collegato a internet mi si apre la finestra di antivir dicendomi di aver trovato un Worm subito dopo quella di norton dicendomi di aver trovato un trojan....con antivir provo a fare access deny però 2 secondi dopo mi ritorna la finestra con lo stesso problema..sia norton che antivir indicano lo stesso file, solo che uno dice che è un worm e l'altro dice che è un trojan(WORM/Medbot.A e Trojan.Zlod)non so proprio come toglierli!ho provato a toglierli con vari programmi...ccleaner, spybot search & destroy, avg anti-spyware ma niente, non so più dove andare a sbattere la testa...sapete aiutarmi? :cry:
ecco qui il file hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 18.57.19, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Symantec Shared\ccProxy.exe
c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Programmi\Norton Internet Security\ISSVC.exe
c:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
c:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Documents and Settings\HP_Proprietario\Documenti\Documenti\Programmi\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D959563E-753E-476F-86FB-5D838FEA36A2}: NameServer = 85.37.17.10 85.38.28.86
O18 - Protocol: bw+0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {228DDE30-BF04-4E4D-9544-917B8ED50DA7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
DarkLoyd
Newbie
 
Post: 3
Iscritto il: 24/10/06 13:36

Sponsor
 

Postdi cs84113 » 24/10/06 18:13

...inanzittutto quanti antivirus hai???ti consiglio di lasciarne uno solo perché due o più non possono convivere e vanno in conflitto e si annullano a vicenda...poi fai una scansione col antivirus rimasto perché hai tante voci che sinceramante non conosco e mi sanno di sospetto...
volete un forum di ragazzi in cui parlare di problematiche relative al sesso in modo educato?venite a trovarci nel nostro bel forum...
http://xsonnyx.forumup.it
cs84113
Utente Senior
 
Post: 340
Iscritto il: 28/06/06 10:23

Postdi andorra24 » 24/10/06 18:13

Ciao, il log che hai postato e' pulito e non emerge nessuna infezione. Dovresti indicare con esattezza il nome del file infetto e il percorso in cui si trova cosi cerchiamo di toglierlo in qualche modo.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi DarkLoyd » 24/10/06 18:27

ok allora per la storia degli antivirus bè...ne ho 3...infatti in questi giorni ne volevo togliere uno (o 2), ho avg, norton( non lo aggiorno da un pò visto che non ho intenzione di pagare l'abbonamento) e antivir...visto che ci sono, quale mi consigli di togliere?
mentre il percorso del file è questo C:\WINDOWS\temp\tmp33.tmp

cmq ogni volta che provo a toglierlo con antivir (access deny o provo metterlo in quarantena o provo a cancellarlo) mi torna a uscira la finestra dicendo che ha lo stesso percorso e cambia il nome del file tipo prima era C:\WINDOWS\temp\tmp33.tmp poi diventa C:\WINDOWS\temp\tmp34.tmp
circa cosi...
DarkLoyd
Newbie
 
Post: 3
Iscritto il: 24/10/06 13:36

Postdi andorra24 » 24/10/06 19:01

Scarica ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare file temporanei di windows e IE)
Avvia ATF cleaner, clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!".

Per quanto riguarda l'antivirus Antivir va benissimo. Toglierei Norton e AVG.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi DarkLoyd » 24/10/06 19:32

fatto non c'è più nessun worm!! :D
questo problema mi stava preoccupando e nel giro di un'ora e mezza me l'hai risolto grazie mille!! :)
DarkLoyd
Newbie
 
Post: 3
Iscritto il: 24/10/06 13:36

Postdi andorra24 » 24/10/06 19:35

DarkLoyd ha scritto:fatto non c'è più nessun worm!! :D
questo problema mi stava preoccupando e nel giro di un'ora e mezza me l'hai risolto grazie mille!! :)

Bene, mi fa piacere. ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo


Torna a Sicurezza e Privacy


Topic correlati a "Worm/medbot.A e trojan.zlob":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27
Worm Dorkbot
Autore: gallico
Forum: Sicurezza e Privacy
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 31 ospiti