Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Finderg nella pagina iniziale di IE
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
whitesquall
Amministratore
Amministratore


Registrato: 26/06/07 15:03
Messaggi: 8413
MessaggioInviato: 06 Lug 2008 23:12    Oggetto: Finderg nella pagina iniziale di IE Rispondi citando
Ciao Smile

Oggi ho casualmente avviato Internet Explorer e l'homepage non era più Google ma
Codice:
http://www.finderg.com/


Ho reimpostato Google come homepage di IE e ho fatto una scansione con Hijackthis (ecco il log)
Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.07.38, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Styler\Styler.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Raxco\PerfectDiskRx\PD9Engine.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Raxco\PerfectDiskRx\PD9Agent.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programmi\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [PerfectDiskRx] C:\Programmi\Raxco\PerfectDiskRx\PerfectDiskRx.exe /tray /startrun
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [] C:\Programmi\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=it&product=SymNRT&version=2008.0.3.15&build=Symantec&a=00000082.00000010.00000020&b=00000082.0000001f.0000004b&c=00000082.00000049.000000b9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {6CD1628E-BE4C-4C8F-B37A-B61DD597AFA7} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9E0A3FF-5B57-4FD3-BBD3-32701CBCE713}: NameServer = 85.37.17.6 85.38.28.89
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD9Engine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDiskRx\PD9Engine.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--
End of file - 8272 bytes


ma non riesco a trovarlo Confused
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Lug 2008 08:49    Oggetto: Rispondi citando
Oh, ciao! Ciao

Think

Segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
whitesquall
Amministratore
Amministratore


Registrato: 26/06/07 15:03
Messaggi: 8413
MessaggioInviato: 07 Lug 2008 13:57    Oggetto: Rispondi citando
Ecco il log combofix
Citazione:
ComboFix 08-07-05.1 - Silvano 2008-07-07 13.44.05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.264 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Silvano\Desktop\Combo-Fix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\zlib.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-06-07 al 2008-07-07 )))))))))))))))))))))))))))))))))))
.

2008-07-07 00:03 . 2008-07-07 00:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-07 00:03 . 2008-07-07 00:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 21:49 . 2008-07-04 23:50 2,004 --a------ C:\WINDOWS\Sandboxie.ini
2008-06-24 22:24 . 2008-07-06 22:53 <DIR> d-------- C:\Programmi\uTorrent
2008-06-12 03:19 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 21:07 --------- d-----w C:\Documents and Settings\Silvano\Dati applicazioni\uTorrent
2008-07-06 13:40 --------- d-----w C:\Programmi\AdobePhotoshopCs3
2008-06-25 22:21 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-25 22:21 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-25 22:21 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-06-25 22:18 --------- d-----w C:\Programmi\eMule
2008-06-25 19:48 --------- d-----w C:\Programmi\Sandboxie
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-01 20:51 --------- d-----w C:\Programmi\WinFlip
2008-05-29 11:58 --------- d-----w C:\Programmi\GTAsa
2008-05-27 14:54 --------- d-----w C:\Programmi\Alky for Applications
2008-05-25 10:18 --------- d-----w C:\Documents and Settings\Silvano\Dati applicazioni\XnView
2008-05-24 17:50 --------- d-----w C:\Documents and Settings\Silvano\Dati applicazioni\gtk-2.0
2008-05-24 15:27 --------- d-----w C:\Programmi\MP4Cam2AVI_v2.71
2008-05-22 13:39 --------- d-----w C:\Programmi\DivFix++_v0.29
2008-05-22 13:37 --------- d-----w C:\Programmi\Any MP4 Media Converter
2008-05-21 22:16 63,768 ----a-w C:\Documents and Settings\Silvano\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-05-20 21:48 --------- d-----w C:\Programmi\RocketDock
2008-05-20 18:40 --------- d-----w C:\Programmi\Stardock
2008-05-20 18:40 --------- d-----w C:\Programmi\File comuni\Stardock
2008-05-18 21:15 --------- d-----w C:\Documents and Settings\Silvano\Dati applicazioni\PSpad
2008-05-16 21:19 --------- d-----w C:\Programmi\AmitySource
2008-05-10 22:49 --------- d-----w C:\Programmi\Dream Aquarium
2008-05-08 14:03 --------- d-----w C:\Programmi\FrostWire
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 13:58 --------- d-----w C:\Programmi\Styler
2008-05-07 13:58 --------- d-----w C:\Documents and Settings\Silvano\Dati applicazioni\Styler
2008-05-07 13:34 --------- d---a-w C:\Programmi\ToYcon
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 20:07 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2005-07-05 09:17 12,796,928 ----a-w C:\Programmi\mp10setup.exe
2007-11-25 09:17 9,236 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 18:00 1937408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Omnipage"="C:\Programmi\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"COMODO Firewall Pro"="C:\Programmi\COMODO\Firewall\cfp.exe" [2008-06-26 00:19 1655552]
"PerfectDiskRx"="C:\Programmi\Raxco\PerfectDiskRx\PerfectDiskRx.exe" [2007-06-18 14:11 6030864]
"SoundMan"="SOUNDMAN.EXE" [2002-09-11 04:57 46592 C:\WINDOWS\SOUNDMAN.EXE]
"CARPService"="carpserv.exe" [2001-12-22 06:02 4608 C:\WINDOWS\system32\carpserv.exe]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]

C:\Documents and Settings\Silvano\Menu Avvio\Programmi\Esecuzione automatica\
Styler.lnk - C:\Documents and Settings\Silvano\Dati applicazioni\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-05-07 15:58:33 15086]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-30 20:57:20 110592]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\FrostWire\\FrostWire.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-26 00:21]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-26 00:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 PD9Engine;PD9Engine;C:\Programmi\Raxco\PerfectDiskRx\PD9Engine.exe [2007-06-18 14:11]
R3 SbieDrv;SbieDrv;C:\Programmi\Sandboxie\SbieDrv.sys [2008-07-01 00:06]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 pfsvgae;pfsvgae;C:\DOCUME~1\MASSIM~1\IMPOST~1\Temp\pfsvgae.sys []
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-820.sys [2004-09-09 20:42]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2afacecc-a4e9-11dc-8a25-000e2e958f8b}]
\Shell\AutoRun\command - H:\ClickMe.exe

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-04 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Scansione completa sistema - Silvano.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exei/TASK:
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-CubeDesktop - (no file)
HKU-Default-Run-ALUAlert - C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe
Notify-WgaLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 13:48:08
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Ora fine scansione: 2008-07-07 13.51.42
ComboFix-quarantined-files.txt 2008-07-07 11:50:39

18 Directory 12,051,189,760 byte disponibili
22 Directory 12,398,342,144 byte disponibili

151 --- E O F --- 2008-06-20 21:37:08
Top
Profilo Invia messaggio privato
whitesquall
Amministratore
Amministratore


Registrato: 26/06/07 15:03
Messaggi: 8413
MessaggioInviato: 07 Lug 2008 14:01    Oggetto: Rispondi citando
Ed ecco Hijackthis

Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.00.31, on 07/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Raxco\PerfectDiskRx\PD9Agent.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Programmi\Styler\Styler.exe
C:\Programmi\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programmi\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [PerfectDiskRx] C:\Programmi\Raxco\PerfectDiskRx\PerfectDiskRx.exe /tray /startrun
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [] C:\Programmi\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=it&product=SymNRT&version=2008.0.3.15&build=Symantec&a=00000082.00000010.00000020&b=00000082.0000001f.0000004b&c=00000082.00000049.000000b9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {6CD1628E-BE4C-4C8F-B37A-B61DD597AFA7} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9E0A3FF-5B57-4FD3-BBD3-32701CBCE713}: NameServer = 85.37.17.6 85.38.28.89
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD9Engine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDiskRx\PD9Engine.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--
End of file - 7961 bytes
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 09 Lug 2008 18:07    Oggetto: Rispondi citando
Ciao, Ciao

Prepara col blocco note un file mettendoci questa scritta in rosso:
Citazione:
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2afacecc-a4e9-11dc-8a25-000e2e958f8b}]

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink
Posta il log aggiornato di combofix....
Top
Profilo Invia messaggio privato
whitesquall
Amministratore
Amministratore


Registrato: 26/06/07 15:03
Messaggi: 8413
MessaggioInviato: 11 Lug 2008 14:01    Oggetto: Rispondi citando
Ciao Smile

questo è il risultato dell'operazione indicata
Citazione:
ComboFix 08-07-05.1 - Silvano 2008-07-11 13.50.48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.252 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Silvano\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Silvano\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-11 al 2008-07-11 )))))))))))))))))))))))))))))))))))
.

2008-06-25 21:49 . 2008-07-04 23:50 2,004 --a------ C:\WINDOWS\Sandboxie.ini
2008-06-24 22:24 . 2008-07-06 22:53 <DIR> d-------- C:\Programmi\uTorrent
2008-06-20 19:39 . 2008-06-20 19:39 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-12 03:19 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 12:31 --------- d-----w C:\Programmi\eMule
2008-07-07 20:43 --------- d-----w C:\Programmi\AdobePhotoshopCs3
2008-07-06 21:07 --------- d-----w C:\Documents and Settings\Silvano\Dati applicazioni\uTorrent
2008-06-25 22:21 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-25 22:21 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-25 22:21 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-06-25 19:48 --------- d-----w C:\Programmi\Sandboxie
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-01 20:51 --------- d-----w C:\Programmi\WinFlip
2008-05-29 11:58 --------- d-----w C:\Programmi\GTAsa
2008-05-27 14:54 --------- d-----w C:\Programmi\Alky for Applications
2008-05-25 10:18 --------- d-----w C:\Documents and Settings\Silvano\Dati applicazioni\XnView
2008-05-24 17:50 --------- d-----w C:\Documents and Settings\Silvano\Dati applicazioni\gtk-2.0
2008-05-24 15:27 --------- d-----w C:\Programmi\MP4Cam2AVI_v2.71
2008-05-22 13:39 --------- d-----w C:\Programmi\DivFix++_v0.29
2008-05-22 13:37 --------- d-----w C:\Programmi\Any MP4 Media Converter
2008-05-21 22:16 63,768 ----a-w C:\Documents and Settings\Silvano\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-05-20 21:48 --------- d-----w C:\Programmi\RocketDock
2008-05-20 18:40 --------- d-----w C:\Programmi\Stardock
2008-05-20 18:40 --------- d-----w C:\Programmi\File comuni\Stardock
2008-05-18 21:15 --------- d-----w C:\Documents and Settings\Silvano\Dati applicazioni\PSpad
2008-05-16 21:19 --------- d-----w C:\Programmi\AmitySource
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 20:07 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2005-07-05 09:17 12,796,928 ----a-w C:\Programmi\mp10setup.exe
2007-11-25 09:17 9,236 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-07_13.50.24,07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-07 11:07:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 11:04:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-20 05:33:54 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:39:47 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-02-20 05:33:54 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:39:47 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 11:19:29 18,808 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:40 18,808 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-07-11 11:04:44 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_550.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 18:00 1937408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Omnipage"="C:\Programmi\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"COMODO Firewall Pro"="C:\Programmi\COMODO\Firewall\cfp.exe" [2008-06-26 00:19 1655552]
"PerfectDiskRx"="C:\Programmi\Raxco\PerfectDiskRx\PerfectDiskRx.exe" [2007-06-18 14:11 6030864]
"SoundMan"="SOUNDMAN.EXE" [2002-09-11 04:57 46592 C:\WINDOWS\SOUNDMAN.EXE]
"CARPService"="carpserv.exe" [2001-12-22 06:02 4608 C:\WINDOWS\system32\carpserv.exe]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]

C:\Documents and Settings\Silvano\Menu Avvio\Programmi\Esecuzione automatica\
Styler.lnk - C:\Documents and Settings\Silvano\Dati applicazioni\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-05-07 15:58:33 15086]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-30 20:57:20 110592]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\FrostWire\\FrostWire.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-26 00:21]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-26 00:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 PD9Engine;PD9Engine;C:\Programmi\Raxco\PerfectDiskRx\PD9Engine.exe [2007-06-18 14:11]
R3 SbieDrv;SbieDrv;C:\Programmi\Sandboxie\SbieDrv.sys [2008-07-01 00:06]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 pfsvgae;pfsvgae;C:\DOCUME~1\MASSIM~1\IMPOST~1\Temp\pfsvgae.sys []
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-820.sys [2004-09-09 20:42]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-04 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Scansione completa sistema - Silvano.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exei/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 13:54:55
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Ora fine scansione: 2008-07-11 13.58.14
ComboFix-quarantined-files.txt 2008-07-11 11:57:18
ComboFix2.txt 2008-07-07 11:51:43

18 Directory 12,097,896,448 byte disponibili
22 Directory 12,086,648,832 byte disponibili

158 --- E O F --- 2008-07-10 12:53:44
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 11 Lug 2008 17:27    Oggetto: Rispondi citando
Molto bene....

Adesso collegati a Kaspersky online scanner e procedi con la scansione estesa del PC, postando il log come indicato.
Top
Profilo Invia messaggio privato
whitesquall
Amministratore
Amministratore


Registrato: 26/06/07 15:03
Messaggi: 8413
MessaggioInviato: 30 Lug 2008 23:16    Oggetto: Rispondi citando
ciao, mi dispiace per l'attesa ma sono stato lontano dal pc per un po' Smile

ecco i risultati
scansione.html
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 31 Lug 2008 00:38    Oggetto: Rispondi citando
Non preoccuparti.....

Prepara un file con il blocco note e mettici queste scritte:
Citazione:
File::
C:\Documents and Settings\Silvano\Desktop\wp_1213459358203.rar
C:\Documents and Settings\Silvano\Documenti - Angelica\Programmi\Install\FLVPlayerSetup.exe
C:\Documents and Settings\Silvano\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\2d72scyc.default\Cache\0DD68682d01
C:\Programmi\Any MP4 Media Converter\AnyMP4MediaConverter6.0.exe
C:\RECYCLER\S-1-5-21-861567501-1972579041-839522115-1004\Dc10.rar
C:\RECYCLER\S-1-5-21-861567501-1972579041-839522115-1004\Dc12.rar
C:\RECYCLER\S-1-5-21-861567501-1972579041-839522115-1004\Dc7\LSPatch.exe
C:\RECYCLER\S-1-5-21-861567501-1972579041-839522115-1004\Dc9\LSPatch.exe
C:\WINDOWS\system32\cmd.ftp
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\F32EAY49\WksPatch[3].exe

Salvalo e riutilizza Combofix per la loro eliminazione come hai già fatto.
Ovviamente dopo posta il risultato...
Top
Profilo Invia messaggio privato
whitesquall
Amministratore
Amministratore


Registrato: 26/06/07 15:03
Messaggi: 8413
MessaggioInviato: 31 Lug 2008 02:10    Oggetto: Rispondi citando
però questi in teoria non dovrebbero essere virus Confused

Citazione:
C:\Documents and Settings\Silvano\Desktop\wp_1213459358203.rar
C:\Documents and Settings\Silvano\Documenti - Angelica\Programmi\Install\FLVPlayerSetup.exe
C:\Programmi\Any MP4 Media Converter\AnyMP4MediaConverter6.0.exe


sono stati infettati?
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 31 Lug 2008 09:44    Oggetto: Rispondi citando
O sono stati infettati o qualcuno è un falso positivo;

Quindi regolati di conseguenza... Wink
Top
Profilo Invia messaggio privato
whitesquall
Amministratore
Amministratore


Registrato: 26/06/07 15:03
Messaggi: 8413
MessaggioInviato: 04 Ago 2008 17:45    Oggetto: Rispondi citando
ecco il log aggiornato di combofix Smile

Citazione:
ComboFix 08-08-03.05 - Silvano 2008-08-04 17.36.33.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.270 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Silvano\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Silvano\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system\oeminfo.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-07-04 al 2008-08-04 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 11:30 --------- d-----w C:\Programmi\eMule
2008-07-29 15:56 --------- d-----w C:\Programmi\SystemRequirementsLab
2008-07-28 12:29 --------- d-----w C:\Programmi\AdobePhotoshopCs3
2008-07-06 21:07 --------- d-----w C:\Documents and Settings\Silvano\Dati applicazioni\uTorrent
2008-07-06 20:53 --------- d-----w C:\Programmi\uTorrent
2008-06-25 22:21 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-25 22:21 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-25 22:21 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-06-25 19:48 --------- d-----w C:\Programmi\Sandboxie
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-21 22:16 63,768 ----a-w C:\Documents and Settings\Silvano\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2005-07-05 09:17 12,796,928 ----a-w C:\Programmi\mp10setup.exe
2007-11-25 09:17 9,236 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-07_13.50.24,07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-06-20 10:44:38 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-02-20 05:33:54 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:39:47 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:39:47 247,296 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-02-20 05:33:54 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:39:47 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 11:19:29 18,808 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:40 18,808 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-07-28 12:09:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_50c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 18:00 1937408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Omnipage"="C:\Programmi\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"COMODO Firewall Pro"="C:\Programmi\COMODO\Firewall\cfp.exe" [2008-06-26 00:19 1655552]
"PerfectDiskRx"="C:\Programmi\Raxco\PerfectDiskRx\PerfectDiskRx.exe" [2007-06-18 14:11 6030864]
"SoundMan"="SOUNDMAN.EXE" [2002-09-11 04:57 46592 C:\WINDOWS\SOUNDMAN.EXE]
"CARPService"="carpserv.exe" [2001-12-22 06:02 4608 C:\WINDOWS\system32\carpserv.exe]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]

C:\Documents and Settings\Silvano\Menu Avvio\Programmi\Esecuzione automatica\
Styler.lnk - C:\Documents and Settings\Silvano\Dati applicazioni\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-05-07 15:58:33 15086]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-30 20:57:20 110592]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\FrostWire\\FrostWire.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-26 00:21]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-26 00:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 SbieDrv;SbieDrv;C:\Programmi\Sandboxie\SbieDrv.sys [2008-07-01 00:06]
S2 PD9Engine;PD9Engine;C:\Programmi\Raxco\PerfectDiskRx\PD9Engine.exe [2007-06-18 14:11]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 pfsvgae;pfsvgae;C:\DOCUME~1\MASSIM~1\IMPOST~1\Temp\pfsvgae.sys []
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-820.sys [2004-09-09 20:42]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
.
Contenuto della cartella 'Scheduled Tasks'

2008-07-11 C:\WINDOWS\Tasks\Norton Internet Security - Scansione completa sistema - Silvano.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 17:40:19
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Ora fine scansione: 2008-08-04 17:43:01
ComboFix-quarantined-files.txt 2008-08-04 15:42:49
ComboFix2.txt 2008-07-11 11:58:15
ComboFix3.txt 2008-07-07 11:51:43

Pre-Run: 3,591,454,720 byte disponibili
Post-Run: 3,641,700,352 byte disponibili

164 --- E O F --- 2008-07-10 12:53:44
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 04 Ago 2008 18:20    Oggetto: Rispondi citando
OK, dovremmo esserci adesso.

Riscontri ancora problemi?
Top
Profilo Invia messaggio privato
whitesquall
Amministratore
Amministratore


Registrato: 26/06/07 15:03
Messaggi: 8413
MessaggioInviato: 04 Ago 2008 18:25    Oggetto: Rispondi citando
Sembra tutto ok... Grazie dell'aiuto Very Happy
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 04 Ago 2008 19:46    Oggetto: Rispondi
Ciao
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi