Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Insoliti sospetti

3 pages: 1 [2] 3
Insoliti sospetti Opzioni
Topic Precedente · Topic Sucessivo
shapiro
Inviato: Monday, March 02, 2009 10:08:29 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
riattiva l'U.A.C.
Torna in alto
 
kaj88
Inviato: Monday, March 02, 2009 10:15:19 PM
Rank: Newbie

Iscritto dal : 3/2/2009
Posts: 2
ok provvedo subito
Torna in alto
 
kaj88
Inviato: Monday, March 02, 2009 10:25:29 PM
Rank: Newbie

Iscritto dal : 3/2/2009
Posts: 2
Ok ancora uguale, mi chiede l'autorizzazione, premo su continua, si apre la barra che mi dice che sta cancellando il file , ma poi mi dice, che è annullata l'operazione perchè serve l'autorizzazione :S
Re premo su riprova i riapre la stessa finestra...
Torna in alto
 
amicoingrato
Inviato: Tuesday, March 03, 2009 12:12:50 AM

Rank: AiutAmico

Iscritto dal : 10/13/2007
Posts: 822
O diventi proprietario del file o provi con Unlocker

Torna in alto
 
kaj88
Inviato: Tuesday, March 03, 2009 12:41:34 AM
Rank: Newbie

Iscritto dal : 3/2/2009
Posts: 2
E come faccio a diventarne proprietario?
Come uso unlocker?
Torna in alto
 
amicoingrato
Inviato: Tuesday, March 03, 2009 1:04:00 AM

Rank: AiutAmico

Iscritto dal : 10/13/2007
Posts: 822
Clicca sul link che ti ho messo e leggi la guida di Alfonso,c'è tutto spiegato,è semplicissimo.
Se non riesci con unlocker ti spiego come diventare proprietario del file.
Torna in alto
 
kaj88
Inviato: Tuesday, March 03, 2009 9:47:29 AM
Rank: Newbie

Iscritto dal : 3/2/2009
Posts: 2
Ho installato unlocker ma clicando col tasto destro sul file non compare la scritta anlucker nella finestrella come dice la guida...
Torna in alto
 
amicoingrato
Inviato: Tuesday, March 03, 2009 11:02:09 AM

Rank: AiutAmico

Iscritto dal : 10/13/2007
Posts: 822
Cliccando su altri file o cartelle ti compare o è solo con quello?
Torna in alto
 
kaj88
Inviato: Tuesday, March 03, 2009 11:21:05 AM
Rank: Newbie

Iscritto dal : 3/2/2009
Posts: 2
No non mi compare da nessuna parte, però è installato, perchè ho l'iconcina in barra.
Torna in alto
 
amicoingrato
Inviato: Tuesday, March 03, 2009 11:33:45 AM

Rank: AiutAmico

Iscritto dal : 10/13/2007
Posts: 822
Prova a riavviare il computer.
Torna in alto
 
kaj88
Inviato: Tuesday, March 03, 2009 12:53:12 PM
Rank: Newbie

Iscritto dal : 3/2/2009
Posts: 2
Già fatto, è come se non abbia installato nulla...
é incredibile, il programma me lo dà come installato, ma non c'è nessun modo per farlo funzionare...
Torna in alto
 
kaj88
Inviato: Tuesday, March 03, 2009 12:57:10 PM
Rank: Newbie

Iscritto dal : 3/2/2009
Posts: 2
Ok sono riuscito ad eliminarlo, in pratica il il file issyg.exe si apriva ogni volta automaticamente all'apertura di windows, quindi non si poteva eliminare pewrchè in funzione, ho aperto la gestione risorse e ho terminato il processo manualmente.
Poi sono riuscito ad eliminarlo....
Però non so se questo risolverà i miei problemi credo ci sia ancora altro da fare.
Inoltre nel percorso nel quale c'era il file suddetto esistono altri file dallo stesso nome anche se sono di tipoo diverso, devo eliminare anche quelli?
I file sono:
issyg.dat
issyg_nav.dat
issyg_navps.dat
Torna in alto
 
shapiro
Inviato: Tuesday, March 03, 2009 1:04:55 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
elimina questi file

ssyg.dat
issyg_nav.dat
issyg_navps.dat


apri hjt e fixa questa voce

O4 - HKCU\..\Run: [issyg] "c:\users\alessandro\appdata\local\issyg.exe" issyg
Torna in alto
 
kaj88
Inviato: Tuesday, March 03, 2009 1:11:39 PM
Rank: Newbie

Iscritto dal : 3/2/2009
Posts: 2
Benissimo, fatto!
Ah a scanso di equivoci, nella cartella di issyg c'erano anche questi file "sospetti":
d3d9caps64.dat
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
GDIPFONTCACHEV1.DAT
icqdxkfa.bat
d3d9caps.dat

e il file nascosto:

IconCache.db

Ora che ho fixato:O4 - HKCU\..\Run: [issyg] "c:\users\alessandro\appdata\local\issyg.exe" issyg non compare più nelle scansioni quindi ce ne siamo finalmente liberati.
Che devo fare ora?
Torna in alto
 
shapiro
Inviato: Tuesday, March 03, 2009 1:28:55 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scarica http://www.malwarebytes.org/mbam/program/mbam-setup.exe


1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
kaj88
Inviato: Tuesday, March 03, 2009 2:08:17 PM
Rank: Newbie

Iscritto dal : 3/2/2009
Posts: 2
SCANSIONE EFFETTUATA:


Malwarebytes' Anti-Malware 1.34
Versione del database: 1814
Windows 6.0.6000

03/03/2009 14.07.39
mbam-log-2009-03-03 (14-07-31).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 234318
Tempo trascorso: 32 minute(s), 14 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 2
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\Windows\System32\SYSTEM32 (Trojan.Agent) -> No action taken.
C:\Windows\System32\SYSTEM32\DRIVERS (Trojan.Agent) -> No action taken.

File infetti:
C:\Users\ALESSANDRO\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\SYSTEM32\DRIVERS\rtl8187.sys (Trojan.Agent) -> No action taken.
C:\Windows\System32\SYSTEM32\DRIVERS\RtlProt.sys (Trojan.Agent) -> No action taken.
Torna in alto
 
shapiro
Inviato: Tuesday, March 03, 2009 4:22:32 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
riavvia malwarebytes ed elimina quello che ha trovato
Torna in alto
 
kaj88
Inviato: Wednesday, March 04, 2009 12:03:26 AM
Rank: Newbie

Iscritto dal : 3/2/2009
Posts: 2
Bene visto che la "tempesta" sembra passata, posto il nuovo log di Hijackthis, sperando che ora vada tutto bene!
Ringrazio tutti quelli che mi hanno aiutato e il forum per il servizio che offre!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.02.09, on 04/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {915BD669-C2D5-4DFB-B8FF-7CFC4A5A8C5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Accesso rete (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 22505 bytes
Torna in alto
 
shapiro
Inviato: Wednesday, March 04, 2009 10:29:45 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
elimina questa voce con hijackthis

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

fammi una scansione con questo programmino

Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)
Torna in alto
 
kaj88
Inviato: Thursday, March 05, 2009 2:05:12 PM
Rank: Newbie

Iscritto dal : 3/2/2009
Posts: 2
Ho fatto partire Lop S&D ma dopo aver selezionato linga e opzione premo invio e invece di partire mi si apre una piccola finsestra simile ma con sfondo rosso che scompare nel giro di pochi secondi e non accade nulla è come se si chiudesse il programmino...
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: 1 [2] 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Insoliti sospetti


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.