| Precedente :: Successivo |
| Autore |
Messaggio |
kampa1970
Mortale pio
Registrato: 26/01/08 18:22
Messaggi: 27
|
 Inviato: 26 Gen 2008 18:30 Oggetto: rilevati dei virus con Kaspersky online |
 |
|
ciao a tutti
Ho trovato su un vecchio topic di questo sito,una guida per utilizzare kaspersky, e che diceva di inviare qui il rapporto dell antivirus on line che mi ha individuato un tot di virus.
che faccio adesso? ho fatto bene ad incollare così o la procedura è un'altra?
scusate ma non sono granchè pratico
grazie
| Citazione: | KASPERSKY ONLINE SCANNER REPORT
Saturday, January 26, 2008 5:13:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/01/2008
Kaspersky Anti-Virus database records: 533349
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 145353
Number of viruses found 14
Number of infected objects 27
Number of suspicious objects 0
Duration of the scan process 02:23:39
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\MSDVRMM_203590391_13631488_59463 Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\MSDVRMM_203590391_2686976_55880 Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\SBE2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\{3E9194D2-6366-4563-9588-29D1A761A775}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\{F34A446E-3955-4FB2-94AF-E121EC04FE30}.TmpSBE Object is locked skipped
C:\Documents and Settings\claudio\.housecall6.6\Quarantine\5C84FA6Cd01.bac_a01056 Infected: not-a-virus:Porn-Dialer.Win32.Agent.ao skipped
C:\Documents and Settings\claudio\.housecall6.6\Quarantine\A0021744.exe.bac_a01056 Infected: not-a-virus:AdWare.Win32.SaveNow.be skipped
C:\Documents and Settings\claudio\.housecall6.6\Quarantine\A0021745.exe.bac_a01056 Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
C:\Documents and Settings\claudio\.housecall6.6\Quarantine\Dc80.exe.bac_a01056 Infected: not-a-virus:Porn-Dialer.Win32.Agent.ao skipped
C:\Documents and Settings\claudio\.housecall6.6\Quarantine\Italiawebcam.exe.bac_a01056 Infected: not-a-virus:Porn-Dialer.Win32.Agent.ao skipped
C:\Documents and Settings\claudio\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\claudio\Dati applicazioni\Microsoft\Modelli\Normal.dot Object is locked skipped
C:\Documents and Settings\claudio\Dati applicazioni\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\claudio\Dati applicazioni\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\k4lclj7d.default\cert8.db Object is locked skipped
C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\k4lclj7d.default\history.dat Object is locked skipped
C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\k4lclj7d.default\key3.db Object is locked skipped
C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\k4lclj7d.default\parent.lock Object is locked skipped
C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\k4lclj7d.default\search.sqlite Object is locked skipped
C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\k4lclj7d.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\claudio\Documenti\Downloads\DAEMON Tools Pro v4.10.0215 32bit and Paradox Crack\DAEMON Tools Pro v4.10.0215 32bit and Paradox Crack.part1.rar/DAEMON Tools Pro v4.10.0215 32bit and Paradox Crack/DTPro4100215Free.exe Infected: Trojan.Win32.VB.bla skipped
C:\Documents and Settings\claudio\Documenti\Downloads\DAEMON Tools Pro v4.10.0215 32bit and Paradox Crack\DAEMON Tools Pro v4.10.0215 32bit and Paradox Crack.part1.rar RAR: infected - 1 skipped
C:\Documents and Settings\claudio\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\claudio\Impostazioni locali\Cronologia\History.IE5\MSHist012008012620080127\index.dat Object is locked skipped
C:\Documents and Settings\claudio\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\claudio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\claudio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\claudio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\k4lclj7d.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\claudio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\k4lclj7d.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\claudio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\k4lclj7d.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\claudio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\k4lclj7d.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\claudio\Impostazioni locali\Temp\~DF7EDB.tmp Object is locked skipped
C:\Documents and Settings\claudio\Impostazioni locali\Temp\~DFF61.tmp Object is locked skipped
C:\Documents and Settings\claudio\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\claudio\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\claudio\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\3PI5TII1\wmiprves[1].exe Infected: Trojan-Downloader.Win32.Delf.dxh skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080126-141936.log Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\RECYCLER\S-1-5-21-4134752848-2657041755-2382716223-1005\Dc55.exe/WISE0025.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\RECYCLER\S-1-5-21-4134752848-2657041755-2382716223-1005\Dc55.exe/WISE0025.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\RECYCLER\S-1-5-21-4134752848-2657041755-2382716223-1005\Dc55.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\RECYCLER\S-1-5-21-4134752848-2657041755-2382716223-1005\Dc55.exe WiseSFX: infected - 3 skipped
C:\RECYCLER\S-1-5-21-4134752848-2657041755-2382716223-1005\Dc55.exe WiseSFXDropper: infected - 3 skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP438\A0115160.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP438\A0115540.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP438\A0115838.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP438\A0115840.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP438\A0115842.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP438\A0115855.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP438\A0115856.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP456\A0121885.sys Infected: Trojan-Downloader.Win32.Delf.dsx skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP474\A0127814.sys Infected: Trojan-Downloader.Win32.Delf.dsx skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP477\A0128087.sys Infected: Trojan-Downloader.Win32.Delf.dxh skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP477\A0128133.sys Infected: Trojan-Downloader.Win32.Delf.dxh skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP480\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A6CAFFC0-3AC0-4AFC-AEB2-7CF0F4A6054F}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\Indt2.sys Infected: Trojan-Clicker.Win32.VB.xo skipped
C:\WINDOWS\system32\ndt2.sys Infected: Trojan-Downloader.Win32.Delf.eed skipped
C:\WINDOWS\system32\routing.exe Infected: Trojan-Downloader.Win32.Agent.gwg skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_76c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed. |
|
|
| Top |
|
 |
ioSOLOio
Amministratore
Registrato: 12/09/03 19:01
Messaggi: 16342
Residenza: in un sacco di...acqua
|
| Inviato: 26 Gen 2008 21:27 Oggetto: |
|
|
il posto è quello giusto 
Un pizzico di pazienza visto che magari nel week end i soccorsi magari sono un po' più lenti. |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 27 Gen 2008 10:24 Oggetto: |
|
|
Ciao kampa1970 
Una parte dei virus si trovano già nella quarantena del tuo antivirus. Comunque la scansione con Kasper la rifaremo alla fine. Adesso guarda questa discussione
per postare un log di Hijackthis. |
|
| Top |
|
|
kampa1970
Mortale pio
Registrato: 26/01/08 18:22
Messaggi: 27
|
| Inviato: 27 Gen 2008 19:34 Oggetto: |
|
|
ciao
intanto grazie
ho seguito le discussioni che mi hai indicato,spero di non aver fatto troppi errori,ho chiuso tutte le applicazioni, ma mi pare di avere un bel po di roba che gira lo stesso
comunque il rapporto è questo:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.25.24, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\OCSCryptolib_Server.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Hijackthis\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgsoft.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMul0.dll
O1 - Hosts: AmsServer
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMul0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMul0.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Programmi\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmi\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184701553250
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Oberthur Cryptolib Service (OCSCryptolibService) - Oberthur Card Systems - C:\WINDOWS\OCSCryptolib_Server.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 10717 bytes |
|
| Top |
|
|
kampa1970
Mortale pio
Registrato: 26/01/08 18:22
Messaggi: 27
|
| Inviato: 27 Gen 2008 21:39 Oggetto: |
|
|
dimenticavo:
ho un pc packard bell
uso windows xp 2002 service pack2
come antivirus uso avast |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 28 Gen 2008 20:59 Oggetto: |
|
|
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria;
Avvia HjT e seleziona a sinistra queste righe e clicca poi su fix Checked: (quella in rosso se la conosci non selezionarla)
| Citazione: | R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O1 - Hosts: AmsServer
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE |
Riavvia il PC alla modalità normale e posta un nuovo log di HJT.
Guarda questa discussione
relativa a Combofix, e fai la scansione del PC postando il risultato come indicato. Già che ci sei fai una Scansione con FindAWF |
|
| Top |
|
|
kampa1970
Mortale pio
Registrato: 26/01/08 18:22
Messaggi: 27
|
| Inviato: 28 Gen 2008 22:06 Oggetto: |
|
|
primo punto:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.03.40, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\OCSCryptolib_Server.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Hijackthis\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgsoft.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMul0.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMul0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMul0.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Programmi\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmi\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184701553250
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Oberthur Cryptolib Service (OCSCryptolibService) - Oberthur Card Systems - C:\WINDOWS\OCSCryptolib_Server.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 10755 bytes
adesso vedo il resto, |
|
| Top |
|
|
kampa1970
Mortale pio
Registrato: 26/01/08 18:22
Messaggi: 27
|
| Inviato: 28 Gen 2008 22:18 Oggetto: |
|
|
ecco il rapporto di combofix
ComboFix 08-01-28.2 - claudio 2008-01-28 21.12.20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.529 [GMT 1:00]
Se ejecuta desde: C:\Documents and Settings\claudio\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\baafabdeaddbc_r.dll
.
(((((((((((((((((( Archivos creados desde 2007-12-28 - 2008-01-28 )))))))))))))))))))))))))))))))))
.
2008-01-27 18:40 . 2008-01-27 20:29 <DIR> d-------- C:\Programmi\a-squared Anti-Malware
2008-01-27 16:55 . 2008-01-27 17:34 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-01-27 16:53 . 2008-01-27 16:53 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-01-27 16:52 . 2008-01-27 16:52 <DIR> d-------- C:\Programmi\Lavasoft
2008-01-27 16:52 . 2008-01-27 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-27 16:51 . 2008-01-27 16:51 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-27 15:36 . 2008-01-27 15:36 532,480 --a------ C:\Programmi\cwshredder.exe
2008-01-26 18:23 . 2008-01-26 18:23 <DIR> d-------- C:\Programmi\DaemonTools_WhenUSave_Installer
2008-01-26 18:22 . 2008-01-27 20:29 <DIR> d-------- C:\Programmi\DAEMON Tools
2008-01-26 14:29 . 2008-01-26 14:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-26 14:29 . 2008-01-26 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-26 13:30 . 2008-01-26 14:04 <DIR> d-------- C:\VEXPLITE
2008-01-26 13:30 . 2008-01-16 16:53 36,480 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-01-23 00:00 . 2008-01-23 00:00 91,713 --a------ C:\WINDOWS\system32\tmp0_247852481408.bk
2008-01-21 00:02 . 2008-01-21 00:17 27,473 --a------ C:\WINDOWS\system32\tmp0_284425800954.bk
2008-01-14 22:47 . 2008-01-14 23:38 <DIR> d-------- C:\Programmi\Primal Pictures
2008-01-14 22:47 . 2008-01-14 23:38 <DIR> d-------- C:\Documents and Settings\claudio\Dati applicazioni\Primal Pictures
2008-01-14 22:47 . 2003-11-28 17:56 339,456 --a------ C:\WINDOWS\system32\tx32.dll
2008-01-14 22:47 . 2003-11-28 17:56 251,392 --a------ C:\WINDOWS\system32\tx4ole.ocx
2008-01-14 22:47 . 2003-11-28 17:56 69,120 --a------ C:\WINDOWS\system32\txtls32.dll
2008-01-14 22:47 . 2003-11-28 17:56 59,904 --a------ C:\WINDOWS\system32\tx_rtf32.dll
2008-01-14 22:47 . 2003-11-28 17:56 47,104 --a------ C:\WINDOWS\system32\wndtls32.dll
2008-01-11 23:42 . 2008-01-11 23:42 <DIR> d-------- C:\Programmi\CCleaner
2008-01-11 22:13 . 2008-01-21 22:43 <DIR> d-------- C:\Programmi\Illusion Softworks
2008-01-10 23:30 . 2008-01-10 23:30 <DIR> d-------- C:\Programmi\7-Zip
2008-01-07 23:53 . 2008-01-20 01:04 <DIR> d-------- C:\Programmi\Neon Wars
2008-01-07 23:52 . 2008-01-07 23:52 <DIR> d-------- C:\Programmi\ReflexiveArcade
2008-01-06 20:29 . 2008-01-06 21:09 <DIR> d-------- C:\Programmi\Pocket Tanks Deluxe
2008-01-05 10:05 . 2008-01-05 10:06 <DIR> d-------- C:\Programmi\iTunes
2008-01-05 10:05 . 2008-01-05 10:05 <DIR> d-------- C:\Programmi\iPod
2008-01-01 18:42 . 2000-05-22 03:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-01-01 18:42 . 2008-01-01 18:44 1,288 --a------ C:\WINDOWS\CITP_SearchHistory.INI
2007-12-28 20:42 . 2007-12-28 20:42 <DIR> d-------- C:\Programmi\Teamspeak2_RC2
2007-12-28 20:42 . 2007-12-28 20:42 <DIR> d-------- C:\Documents and Settings\claudio\Dati applicazioni\teamspeak2
2007-12-28 20:42 . 2007-12-28 20:42 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-28 20:03 . 2007-12-28 20:03 <DIR> d-------- C:\Programmi\File comuni\Skype
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 12:57 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\uTorrent
2008-01-28 12:34 --------- d-----w C:\Programmi\eMule
2008-01-27 21:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-27 16:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-26 19:44 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-01-26 15:59 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\OpenOffice.org2
2008-01-24 17:39 --------- d-----w C:\Programmi\PokerStars
2008-01-19 11:43 --------- d-----w C:\Programmi\uTorrent
2008-01-19 11:43 --------- d-----w C:\Programmi\Spyware Doctor
2008-01-13 20:09 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\Skype
2008-01-11 20:30 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-10 22:33 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\Vso
2008-01-05 09:05 --------- d-----w C:\Programmi\QuickTime
2008-01-03 18:10 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-01-02 23:13 --------- d-----w C:\Programmi\ewido anti-spyware 4.0
2007-12-28 19:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2007-12-27 16:25 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\VadeRetro
2007-12-27 14:07 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\Uniblue
2007-12-27 14:06 --------- d-----w C:\Programmi\Uniblue
2007-12-27 09:50 --------- d-----w C:\Programmi\Alcohol Soft
2007-12-26 16:27 --------- d-----w C:\Programmi\jv16 PowerTools 2007
2007-12-26 13:48 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-25 18:00 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\DAEMON Tools Pro
2007-12-25 14:14 --------- d-----w C:\Programmi\GameSpy Arcade
2007-12-25 02:50 --------- d-----w C:\Programmi\File comuni\LogiShared
2007-12-25 02:50 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\Logitech
2007-12-25 02:49 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-12-25 02:49 --------- d-----w C:\Programmi\Logitech
2007-12-25 02:48 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-25 02:48 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-25 02:47 --------- d-----w C:\Programmi\File comuni\Logitech
2007-12-25 02:46 --------- d-----w C:\Documents and Settings\claudio\Dati applicazioni\InstallShield
2007-12-25 02:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Logitech
2007-12-25 02:45 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\LogiShrd
2007-12-23 19:06 --------- d-----w C:\Programmi\File comuni\Sony Shared
2007-12-23 18:47 --------- d-----w C:\Programmi\Sony
2007-12-23 18:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony Corporation
2007-12-17 19:40 --------- d-----w C:\Programmi\Java
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 21:38 --------- d-----w C:\Programmi\MagicISO
2007-12-09 21:25 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\pdf995
2007-12-05 17:11 --------- d-----w C:\Programmi\Apple Software Update
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:27 727,552 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-01-14 20:14 87,608 ----a-w C:\Documents and Settings\claudio\Dati applicazioni\ezpinst.exe
2007-01-14 20:14 47,360 ----a-w C:\Documents and Settings\claudio\Dati applicazioni\pcouffin.sys
2002-03-21 02:14 3,192,012 ------w C:\Programmi\I.msi
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-07 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-07 13:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2004-02-19 16:23 1089536]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-01-16 16:53]
R2 OCSCryptolibService;Oberthur Cryptolib Service;C:\WINDOWS\OCSCryptolib_Server.exe [2006-06-07 17:03]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-01-26 13:32]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-05-29 11:03]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 18:14]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 16:27]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 10:50]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 04:44]
S3 mdxgthkn;mdxgthkn;C:\DOCUME~1\claudio\IMPOST~1\Temp\mdxgthkn.sys [2004-08-26 04:41]
S3 SunkFilt92;Alcor Micro Corp - 9362;C:\WINDOWS\System32\Drivers\sunkfilt92.sys [2003-09-13 13:44]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08187b10-c2e1-11dc-bda2-001617cea385}]
\Shell\AutoRun\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58d9b39b-1b72-11dc-bba5-000b0d3311b7}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70256c7e-89f0-11db-b9e0-001617cea385}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8da8b1de-e121-11db-baf4-001617cea385}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8da8b1df-e121-11db-baf4-001617cea385}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{908a50c9-229b-11dc-bbc0-000b0d3311b7}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{942c3e42-c14c-11dc-bd9d-001617cea385}]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d97515ad-fd40-11db-bb40-000b0d3311b7}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
*Newly Created Service* - PROCEXP90
.
Contenido de carpeta 'Tareas Programadas'
"2008-01-19 08:11:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-01-26 14:16:58 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-27 14:07:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 21:14:35
Windows 5.1.2600 Service Pack 2 NTFS
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
**************************************************************************
.
Tiempo completado: 2008-01-28 21.14.56
ComboFix-quarantined-files.txt 2008-01-28 20:14:55
.
2008-01-09 05:57:33 --- E O F --- |
|
| Top |
|
|
kampa1970
Mortale pio
Registrato: 26/01/08 18:22
Messaggi: 27
|
| Inviato: 28 Gen 2008 22:28 Oggetto: |
|
|
| la scansione con findAWF non ha prodotto risultati |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 29 Gen 2008 00:09 Oggetto: |
|
|
Bene, adesso fai una scansione con Systemscan e posta il log generato come
indicato quì |
|
| Top |
|
|
kampa1970
Mortale pio
Registrato: 26/01/08 18:22
Messaggi: 27
|
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 29 Gen 2008 16:02 Oggetto: |
|
|
A meno che non mi sfugga qualcosa, il log di systemscan non presenta nulla di pericoloso...
Adesso rifai la scansione del PC con Kaspersky e posta il risultato però in formato HTML su www.freefilehosting.net come indicato quì |
|
| Top |
|
|
kampa1970
Mortale pio
Registrato: 26/01/08 18:22
Messaggi: 27
|
| Inviato: 29 Gen 2008 23:37 Oggetto: |
|
|
ecco qua
[URL="http://www.freefilehosting.net/files/3b71j"]kaspersky 29-01.html[/URL] |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 30 Gen 2008 09:24 Oggetto: |
|
|
| OK, ripulisci la quarantena del tuo antivirus e dovresti essere a posto. Riscontri ancora problemi?. |
|
| Top |
|
|
kampa1970
Mortale pio
Registrato: 26/01/08 18:22
Messaggi: 27
|
| Inviato: 30 Gen 2008 18:51 Oggetto: |
|
|
no, mi pare tutto ok, anche i messaggi di errore che mi dava all'avvio sono spariti.adesso devo vedere di sistemare il router, ma ho già aperto un'altra discussione.
grazie infinite di tutto a tutti
ciao |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 30 Gen 2008 20:07 Oggetto: |
 |
|
|
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
