www.MegaLab.it

da **m@tteino** » dom mar 16, 2008 6:52 pm

Ciao a tutti!
Allora... una mia amica ha questo problema, qualcuno è entrato nel suo msn messenger e ne controlla addirittura le conversazioni.
Oltretutto ora le ha cambiato anche la password!!
Potrebbe forse essere che lei abbia accettato qualche programmino bas***do via messenger???
Per questo vi posto il suo log di gmer... se potete date un occhiata!
Se poi avete qualche altro consiglio ditemi pure...
Vi ringrazio anticipatamente

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-03-16 17:47:51
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xBAEB78AC]
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xBAEB7812]

---- User code sections - GMER 1.0.14 ----

.text C:\Programmi\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 437917EF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 43791770 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 437917B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 437916FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 43791736 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 4379182A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

da **ste_95** » dom mar 16, 2008 8:06 pm

Scarica HijackThis
Salvalo in una cartella (non aprirlo direttamente, sennò non farà i backup!)
Apri l'eseguibile
Clicca quindi su "Do a System Scan and Save a Logfile"
Attendi che finisca la scansione
Quindi copia il contenuto del blocco note qui sul forum.

da **m@tteino** » dom mar 16, 2008 8:40 pm

eccolo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.42.09, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avg

da **ste_95** » dom mar 16, 2008 8:41 pm

Il log è tagliato a metà.

da **m@tteino** » dom mar 16, 2008 8:50 pm

m'ha inviato di nuovo questo e m'ha detto che non ha tagliato nulla...
puo essere???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.51.19, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avg

da **ste_95** » dom mar 16, 2008 8:52 pm

No, il log continua poi con delle altre voci.

da **m@tteino** » dom mar 16, 2008 9:12 pm

eccolo finalmente!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21.01.36, on 16/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass..exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programmi\HP\HP Software Update\HPWuSchd2.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programmi\Logitech\SetPoint\SetPoint.exe

C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE

C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\RtkBtMnt.exe

C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Programmi\Windows Live\installer\WLSetupSvc.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programmi\iTunes\iTunes.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\distnoted.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\msagent\AgentSvr.exe

C:\Programmi\Windows Live Toolbar\msn_sl.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\Documents and Settings\Proprietario\Desktop\Nuova cartella\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Invia a periferica &Bluetooth.... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs..exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7534107793

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://samy30firenze.spaces.live.com/Ph ... nPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://194.244.16.123/g_bin/eng/billard8_2_0_0_35.cab

O18 - Protocol: bw+0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {F6C24024-DAEA-412A-8F95-B6DAFC1E6FF8} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o.. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 23023 bytes

da **ste_95** » dom mar 16, 2008 9:14 pm

Il log è pulito.

C'è un problema particolare o era solo un controllo?

da **m@tteino** » dom mar 16, 2008 9:18 pm

il fatto è che qualcuno è entrato nel suo messenger e si pensava che dipendesse dal fatto che lei poteva aver accettato uno di quei virus bastardi che si trasmettono via messenger.
questo qui le controlla anche le conversazioni...
credevo che si potesse trovare qualcosa che non andava nel log!

a questo punto hai qualche consiglio da darci?

da **ste_95** » dom mar 16, 2008 9:19 pm

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.

da **m@tteino** » lun mar 17, 2008 2:40 pm

ecco i link

autostart : http://www.freefilehosting.net/download/3dhdh

rootkit : http://www.freefilehosting.net/download/3dhdi

da **ste_95** » lun mar 17, 2008 2:47 pm

Anche questi sono puliti. Cambiate password e la cosa non dovrebbe più succedere [:)]

.

da **m@tteino** » lun mar 17, 2008 3:05 pm

Forse mi sono spiegato male....
allora, qualche giorno fa le è comparso un nuovo contatto nella lista (lei dice di non aver accettato nessuno) e le ha scombussolato tutto.
Tra l'altro spiava le conversazioni (sapeva quello che lei diceva a me) e quando lei non era in linea controllava il suo contatto.
Poi alla fine le ha cambiato la password di messenger e ora lei non può più entrare!
Speravo di trovare qualche traccia in qualcuno di questi log.. invece nulla..
sai se c'è qualche modo per rimettere a posto tutto?
grazie

da **ste_95** » lun mar 17, 2008 3:07 pm

Prova a eseguire la scansione on-line estesa con Kaspersky come descritto qui

da **m@tteino** » lun mar 17, 2008 4:57 pm

questo è il log di kaspersky

KASPERSKY ONLINE SCANNER REPORT
Monday, March 17, 2008 4:33:55 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/03/2008
Kaspersky Anti-Virus database records: 635761

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
F:\

Scan Statistics
Total number of scanned objects 59325
Number of viruses found 2
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 00:56:23
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Proprietario\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Cronologia\History.IE5\MSHist012008031720080318\index.dat Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\ApplicationHistory\hpqimzone.exe.fd734169.ini.inuse Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\NERC9.tmp\Toolbar.exe Infected: not-a-virus:AdTool.Win32..MyWebSearch.bm skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\~DF471.tmp Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\~DF778F.tmp Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\~DF77B9.tmp Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\~DF8A69.tmp Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\~DFF34B.tmp Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Temporary Internet Files\Content.IE5\6GJIPYBH\68_180_219_139[2] Object is locked skipped

C:\Documents and Settings\Proprietario\Impostazioni locali\Temporary Internet Files\Content..IE5\index.dat Object is locked skipped

C:\Documents and Settings\Proprietario\Incomplete\T-4183160-03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Proprietario\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Proprietario\ntuser.dat.LOG Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\BWDocMap..pht Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\BWInfopakMap.pht Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\chandir.dat Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\chandir.idx Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\chn.dat Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\chn.idx Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\D0000000.FCS Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\inuse.txt Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\L0000007.FCS Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\main.log Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\prs.dat Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\prs.idx Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\prs_die.dat Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\prs_die.idx Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\prs_dnd.dat Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\prs_dnd.idx Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\prs_ext.dat Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\prs_ext.idx Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\prs_rcv.dat Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\prs_rcv.idx Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\storydb.dat Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Proprietario\Data\storydb.idx Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{901A6F47-AE7E-4B42-8A33-18257047E896}\RP121\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent..Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{901A6F47-AE7E-4B42-8A33-18257047E896}\RP121\change.log Object is locked skipped

Scan process completed.

da **ste_95** » lun mar 17, 2008 5:06 pm

Elimina manualmente questo file:

C:\Documents and Settings\Proprietario\Incomplete\T-4183160-03 Track 3.wma

da **m@tteino** » lun mar 17, 2008 5:11 pm

Ok grazie!
Per curiosità... che cosa sarebbe quel file?
Può esser stato davvero quello a creare tutti questi problemi?

da **ste_95** » lun mar 17, 2008 5:14 pm

m@tteino ha scritto:Per curiosità... che cosa sarebbe quel file?

Trojan-Downloader.WMA.Wimad.l

Può esser stato davvero quello a creare tutti questi problemi?

No.

da **m@tteino** » lun mar 17, 2008 5:34 pm

Ho capito... quindi c'è poco da fare per questa cosa...
Magari proviamo con MSNfix.. non si sa mai!
Grazie lo stesso

www.MegaLab.it

mi controllate questo log?

mi controllate questo log?

Chi c’è in linea