Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

AIUTO PER IL LOG Opzioni
emiliorc
Inviato: Friday, December 11, 2009 6:27:14 PM
Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 68
Ecco cosa esce hijackthis
graze anticipatamente

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.25.53, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programmi\Intel\IntelDH\CCU\AlertService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Programmi\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Programmi\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Programmi\Trend Micro\BM\TMBMSRV.exe
C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rsvp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Programmi\Trend Micro\Internet Security\TmProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Programmi\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Programmi\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Programmi\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1360035731-1467615003-4010307876-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Programmi\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Programmi\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BB8008-4690-4816-8963-5E774E50F046}: NameServer = 85.37.17.51 85.38.28.97
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Programmi\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Server Multimediale Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Programmi\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Programmi\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Componente Central Control Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Programmi\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programmi\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programmi\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 9763 bytes
Sponsor
Inviato: Friday, December 11, 2009 6:27:14 PM

 
shapiro
Inviato: Friday, December 11, 2009 8:13:55 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

Avvia Hijack e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"

Commenta:
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\kb127\SearchSettings.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Programmi\ShoppingReport\Bin\2.6.58\ShoppingReport.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\kb127\SearchSettings.dll

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Programmi\ShoppingReport\Bin\2.6.58\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Programmi\ShoppingReport\Bin\2.6.58\ShoppingReport.dll



fai anche una scansione con Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum

emiliorc
Inviato: Sunday, December 13, 2009 9:19:25 AM
Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 68
Grazie intanto ecco cosa mi e' uscito dalla scansione:
Malwarebytes' Anti-Malware 1.42
Versione del database: 3350
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/12/2009 9.20.02
mbam-log-2009-12-13 (09-19-57).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 307176
Tempo trascorso: 1 hour(s), 14 minute(s), 35 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 31
Valori di registro infetti: 3
Elementi dato del registro infetti: 2
Cartelle infette: 22
File infetti: 42

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c4494903-b885-4cd1-9989-086d42c2f612} (Rogue.SpyRemover) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c4494923-b885-4cd1-9989-086d42c2f612} (Rogue.SpyRemover) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs\db (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs\report (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs\res1 (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs\db (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs\report (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs\res1 (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs\db (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs\report (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs\res1 (Adware.ShopperReports) -> No action taken.
C:\Programmi\ShoppingReport (Adware.ShopperReports) -> No action taken.
C:\Programmi\ShoppingReport\Bin (Adware.ShopperReports) -> No action taken.
C:\Programmi\ShoppingReport\Bin\2.6.58 (Adware.ShopperReports) -> No action taken.
C:\Programmi\SpyRemover Pro (Rogue.SpyRemover) -> No action taken.

File infetti:
C:\Programmi\ShoppingReport\Bin\2.6.58\ShoppingReport.dll (Adware.ShopperReports) -> No action taken.
C:\Programmi\SpyRemover Pro\SpyRemoverPro.exe (Rogue.SpyRemover) -> No action taken.
C:\Programmi\Trend Micro\HijackThis\backups\backup-20091212-233547-371.dll (Adware.SmartShopper) -> No action taken.
C:\System Volume Information\_restore{E370FEBC-7E96-4F3E-A494-EF4CECF412F4}\RP481\A0110853.exe (Rogue.SpyRemover) -> No action taken.
C:\System Volume Information\_restore{E370FEBC-7E96-4F3E-A494-EF4CECF412F4}\RP481\A0111283.exe (Rogue.SpyRemover) -> No action taken.
C:\utility\remover.exe (Rogue.SpyRemover) -> No action taken.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\1C.tmp (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\1D.tmp (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\1E.tmp (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\OjBW.dll (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\nsd59.tmp\Install.dll (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\nsu30.tmp\Install.dll (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\nsw55.tmp\Install.dll (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temporary Internet Files\Content.IE5\3PTRSI2C\eH2d4ffae3V0100f080006Rd70ae7cd102T66598f08201l0010K6d3c37e4316P000001070[1] (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Emilio\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Rosanna\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:\Programmi\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> No action taken.
C:\Programmi\SpyRemover Pro\News.html (Rogue.SpyRemover) -> No action taken.
C:\Programmi\SpyRemover Pro\ScanHistory.ini (Rogue.SpyRemover) -> No action taken.
C:\Programmi\SpyRemover Pro\SftTree_IX86_U_50.ocx (Rogue.SpyRemover) -> No action taken.
C:\Programmi\SpyRemover Pro\SpyRemover Pro_Startup.txt (Rogue.SpyRemover) -> No action taken.
C:\Programmi\SpyRemover Pro\SS_BHR.ini (Rogue.SpyRemover) -> No action taken.
C:\Documents and Settings\HelpAssistant\Desktop\SpyRemover Pro v3.0.4.lnk (Rogue.SpyRemover) -> No action taken.

GRAZIE ANCORA
shapiro
Inviato: Sunday, December 13, 2009 11:02:36 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
avevi una marea di infezioni....hai installato SpyRemoverPro? e' questo l'artefice del disastro che hai nel pc


riavvia malwarebytes e con la spunta accanto alle voci premi ''rimuovi selezionati''



Installa Ccleaner

http://www.aiutamici.com/software?ID=11223

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica http://www.atribune.org/ccount/click.php?id=1

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)


Scarica ComboFix da qui http://download.bleepingcomputer.com/sUBs/ComboFix.exe , avvialo e quindi premi 1 per avviare la scansione. Alla fine della scansione ti verrà rilasciato un file chiamato combofix.txt nella cartella c:\combofix, allegami tale file nel prossimo messaggio. ;)




emiliorc
Inviato: Sunday, December 13, 2009 11:54:21 AM
Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 68
purtroppo combofix non me lo fa installare anche altre ricerchemi portano alla pagina che mi hai indicato
shapiro
Inviato: Sunday, December 13, 2009 11:56:03 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai provato a rinominarlo prima di scaricarlo?
emiliorc
Inviato: Sunday, December 13, 2009 12:01:20 PM
Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 68
susami mi sono espresso male non mi da la pagina per fare il download
shapiro
Inviato: Sunday, December 13, 2009 12:04:11 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
prova da qui, l'ho rinominato

http://wikisend.com/download/593070/pippo.exe
emiliorc
Inviato: Sunday, December 13, 2009 4:02:02 PM
Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 68
ecco cosa mi ha dato combofix
ComboFix 09-12-11.05 - Emilio 13/12/2009 15.47.52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1006.585 [GMT 1:00]
Eseguito da: c:\utility\pippo.exe
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Personal Firewall Trend Micro *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Emilio\Dati applicazioni\ShoppingReport
c:\documents and settings\Emilio\Dati applicazioni\ShoppingReport\cs\Config.xml
c:\documents and settings\Emilio\Dati applicazioni\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Emilio\Dati applicazioni\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Emilio\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Emilio\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Emilio\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Emilio\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Rosanna\Dati applicazioni\ShoppingReport
c:\documents and settings\Rosanna\Dati applicazioni\ShoppingReport\cs\Config.xml
c:\documents and settings\Rosanna\Dati applicazioni\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Rosanna\Dati applicazioni\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Rosanna\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Rosanna\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Rosanna\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Rosanna\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs
c:\programmi\Search Settings
c:\programmi\Search Settings\kb127\SearchSettings.dll
c:\programmi\Search Settings\kb127\SearchSettingsRes409.dll
c:\programmi\Search Settings\SearchSettings.exe
c:\programmi\ShoppingReport
c:\programmi\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
c:\programmi\ShoppingReport\Uninst.exe
c:\windows\kb913800.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-11-13 al 2009-12-13 )))))))))))))))))))))))))))))))))))
.

2009-12-13 11:05 . 2009-09-01 10:26 558344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Trend Micro\OE\oe_engine\01\tmaseng.dll
2009-12-12 22:34 . 2009-12-12 22:34 -------- d-----w- c:\documents and settings\Emilio\Dati applicazioni\Malwarebytes
2009-12-12 22:34 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-12 22:34 . 2009-12-12 22:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-12 22:34 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-12 22:34 . 2009-12-12 22:34 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-11 17:50 . 2009-12-11 17:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-11 17:50 . 2009-12-12 21:41 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-12-11 17:50 . 2009-12-12 22:31 -------- d-----w- c:\documents and settings\Emilio\Dati applicazioni\DAEMON Tools Lite
2009-12-11 17:50 . 2009-12-11 17:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-12-11 16:05 . 2009-12-11 16:05 -------- d-----w- c:\programmi\Sophos
2009-12-11 15:55 . 2009-12-11 15:55 -------- d-----w- c:\programmi\CCleaner
2009-12-06 09:50 . 2009-12-06 09:52 870601 ----a-w- c:\windows\system32\SRPExe.zip
2009-12-06 09:50 . 2009-12-06 09:52 5364858 ----a-w- c:\windows\system32\SRPSig.zip
2009-12-06 06:55 . 2009-12-06 13:15 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-06 06:55 . 2009-12-06 13:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-06 06:50 . 2009-12-06 10:03 -------- d-----w- c:\programmi\SpyRemover Pro
2009-12-06 06:49 . 2009-12-06 13:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-12-05 06:40 . 2009-12-05 06:48 -------- d-----w- c:\programmi\RegCleaner
2009-12-02 14:27 . 2009-12-02 14:27 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2009-12-02 14:27 . 2009-12-02 14:27 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-12-02 14:27 . 2009-12-02 14:27 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2009-12-02 14:27 . 2009-12-02 14:27 -------- d-----w- c:\documents and settings\HelpAssistant\Phone Browser
2009-12-02 14:24 . 2009-12-03 05:47 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2009-12-02 14:24 . 2009-12-02 14:24 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2009-11-25 17:03 . 2005-03-11 17:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-11-25 17:01 . 2009-11-25 17:02 -------- d-----w- C:\ladygaga
2009-11-24 16:42 . 2009-11-24 16:42 -------- d-----w- c:\programmi\Giornata
2009-11-24 16:41 . 2009-11-24 16:41 -------- d-----w- c:\programmi\Settimana

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 15:59 . 2008-08-13 11:30 -------- d-----w- c:\programmi\Trend Micro
2009-12-11 06:24 . 2006-09-18 22:34 85848 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 06:24 . 2006-09-18 22:34 493516 ----a-w- c:\windows\system32\perfh010.dat
2009-12-10 20:38 . 2007-09-22 15:35 -------- d-----w- c:\programmi\Microsoft ActiveSync
2009-12-08 17:20 . 2009-03-17 21:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-12-08 17:20 . 2009-03-17 21:03 -------- d-----w- c:\programmi\File comuni\Nero
2009-12-06 13:11 . 2009-03-16 14:01 -------- d-----w- c:\programmi\Free Video Converter
2009-12-06 13:11 . 2007-01-07 18:45 -------- d-----w- c:\programmi\eMule
2009-12-06 13:11 . 2007-01-02 23:32 -------- d-----w- c:\programmi\comsummer
2009-10-31 05:55 . 2007-07-12 14:41 -------- d-----w- c:\documents and settings\Emilio\Dati applicazioni\ZoomBrowser EX
2009-10-31 05:52 . 2008-07-31 12:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ZoomBrowser
2009-10-30 13:52 . 2009-10-30 13:52 -------- d-----w- c:\documents and settings\Rosanna\Dati applicazioni\Nero
2009-10-29 07:40 . 2006-05-10 05:25 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-09-07 20:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-09-07 20:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-09-07 20:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2004-09-07 20:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-09-07 20:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-09-07 20:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="c:\programmi\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Acer WLAN 11g USB Dongle.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acer WLAN 11g USB Dongle.lnk
backup=c:\windows\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Microsoft Office OneNote 2003.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Microsoft Office OneNote 2003.lnk
backup=c:\windows\pss\Avvio veloce di Microsoft Office OneNote 2003.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Finestra di stato di Canon LBP-810.LNK]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Finestra di stato di Canon LBP-810.LNK
backup=c:\windows\pss\Finestra di stato di Canon LBP-810.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Nokia Nseries PC Suite.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Nokia Nseries PC Suite.lnk
backup=c:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Emilio^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\Emilio\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2006-04-18 18:54 49152 -c--a-w- c:\windows\system32\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 00:08 483328 ----a-w- c:\programmi\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 03:43 69632 -c--a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAPON]
2001-02-14 14:00 22528 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\CAPONN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
2006-06-05 00:52 303104 ----a-w- c:\programmi\Intel\IntelDH\CCU\CCU_TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\programmi\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 81920 ----a-w- c:\programmi\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2006-07-31 20:02 346112 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2006-06-01 13:40 413696 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-21 01:52 1211176 ----a-w- c:\programmi\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-07-06 05:15 151552 ----a-w- c:\programmi\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-09-07 20:00 44032 -c--a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-09-07 20:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-09-07 20:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
2006-03-29 18:10 375296 ----a-w- c:\programmi\File comuni\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2006-05-15 09:15 45056 ----a-w- c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-04-27 16:47 7573504 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-04-27 16:47 86016 -c--a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-04-27 16:47 1519616 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-09-07 20:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-09-07 20:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-08-13 23:00 16050176 -c--a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]
2007-10-11 17:12 94208 ----a-w- c:\programmi\SimpleCenter\bin\win\sclauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 03:04 2879488 -c--a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-16 10:13 148888 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Acer Zone\\Picture Slide DVD\\Component\\CLSLDVD.exe"=
"c:\\Programmi\\Acer Zone\\Plug and Record\\Component\\ARAWP.exe"=
"c:\\Programmi\\Acer Zone\\Plug and Record\\Component\\DVAX2Process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"6031:TCP"= 6031:TCP:Services
"3246:TCP"= 3246:TCP:Services

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [15/01/2007 7.08.40 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [15/01/2007 7.08.40 5248]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [12/03/2009 19.17.53 91136]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [31/07/2008 13.28.26 22912]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [13/08/2008 12.30.39 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [07/03/2008 10.30.06 36368]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [15/05/2006 19.04.00 892032]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [12/03/2009 19.15.53 23180]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [07/03/2008 10.30.06 333328]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/12/2009 23.34.43 38224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\B.tmp --> c:\windows\system32\B.tmp [?]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [13/08/2008 12.30.53 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\programmi\Trend Micro\Internet Security\TmProxy.exe [13/08/2008 12.30.56 648456]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/12/2009 18.50.48 691696]
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-au - c:\programmi\Dealio\DealioAU.exe
MSConfigStartUp-DataLayer - c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
MSConfigStartUp-HotbarSA - c:\programmi\Hotbar\bin\11.0.78.0\HotbarSA.exe
MSConfigStartUp-MsnMsgr - c:\programmi\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-PCSuiteTrayApplication - c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-PcSync - c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-SearchSettings - c:\programmi\Search Settings\SearchSettings.exe
MSConfigStartUp-WeatherDPA - c:\programmi\Hotbar\bin\11.0.78.0\Weather.exe



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1360035731-1467615003-4010307876-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1360035731-1467615003-4010307876-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1360035731-1467615003-4010307876-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1360035731-1467615003-4010307876-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1360035731-1467615003-4010307876-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-12-13 16:00:55
ComboFix-quarantined-files.txt 2009-12-13 15:00

Pre-Run: 35.553.243.136 byte disponibili
Post-Run: 35.496.722.432 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - F8D608C8A0D1568C1578248AE4A2A9D0
shapiro
Inviato: Sunday, December 13, 2009 6:39:38 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ne avevi di infezioni Sick

apri una pagina del blocco note e copia incolla quanto segue:


Commenta:
killAll

file::
c:\windows\system32\B.tmp

registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]




salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ...







se non lo hai installato, scarica

http://www.aiutamici.com/software?ID=11223

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica http://www.atribune.org/ccount/click.php?id=1

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)

r16
Inviato: Monday, December 14, 2009 12:01:14 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
@shapiro :
Hai deciso di danneggiargli l'antirootkit Sophos ?
Perchè quella chiave,(MEMSWEEP2) appartiene tale software.

E in ogni caso, quello script, non funzionerebbe.
Se vuoi fare pratica, comincia con il TUO pc.

@emiliorc:
Lascia perdere quella operazione, che serve solo a danneggiare Sophos.

E' più utile una scansione con Kaspersky:
Installa KASPERSKY VIRUS REMOVAL TOOL sul Desktop:
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
Doppio click sul Setup.exe.
verrà creata una apposta cartella sul Desktop e comparirà la schermata iniziale del Tool.
imposta le aree che intendi scansionare (Startup Objects e Disk boot sector sono impostate di default) e clicca "SCAN"
al termine della scansione sarà possibile rimuovere e/o mettere in quarantena i file infetti rilevati
salva il log che verrà rilasciato.

Clicca "Reports" poi - "Save to file" e per comodità salvalo sul Desktop.(poi lo posti qui)

Per eliminare Kaspersky Virus Removal Tool ,devi chiudere il programma cliccando X in alto alla finestra, ti comparirà una finestra, che ti chiederà se vuoi rimuovere completamente il programma dal tuo computer.
Clicca SI.
Dopo la disistallazione ti chiederà di riavviare il pc.
Clicca SI di nuovo.


shapiro
Inviato: Monday, December 14, 2009 11:15:35 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
@shapiro :
Hai deciso di danneggiargli l'antirootkit Sophos ?
Perchè quella chiave,(MEMSWEEP2) appartiene tale software.


r16

ma con tutte le infezioni che ha nel pc tu pensi a salvargli l'antirootkit? ma lo vedi quella chiave cosa carica?


c:\windows\system32\B.tmp

lo vedi o non lo vedi ???

http://www.prevx.com/filenames/4635392067452421-67831861/B.TMP.html

http://www.superantispyware.com/malwarefiles/B.TMP.html


emiliorc


esegui l'operazione che ti ho citato nel precedente post



r16
Inviato: Monday, December 14, 2009 1:42:29 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
ma con tutte le infezioni che ha nel pc tu pensi a salvargli l'antirootkit?

Già, eliminiamolo allora.Sick
E' proprio perchè ha delle infezioni che ho consigliato Kaspersky.
E non operazioni sballate, come le tue.
Fai eliminare, file che nemmeno sai a cosa servono. (c:\windows\system32\B.tmp fà parte di Sophos in questo caso.)
Fai script, che oltre a essere sbagliati non servono a nulla .( cosa serve eliminare una chiave di Sophos ?)
Te lo ripeto: la cavia, falla fare al tuo pc, NON in quello degli utenti.
Se vuoi imparare, fallo a spese del tuo pc.


shapiro
Inviato: Monday, December 14, 2009 1:52:18 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
senti SCARAFOGNETTA Drool

leggi cosa c'e' in questo post

http://forum.aiutamici.com/yaf_postst65001_problema-di-virus-al-compiuter-windows-xp.aspx


e anche se elimina quella chiave dopo sophos lo reinstalla SCARAFOGNETTA
r16
Inviato: Monday, December 14, 2009 1:59:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Cosa centra quel topic?
Cosa dico, di tanto anormale?
Cosa centra quel topic, con questo?
Cosa centra, quel topic, con le indicazioni, sbagliate e sballate che hai indicato tu in questo topic?
Io mi chiedo se sei normale.Think
shapiro
Inviato: Monday, December 14, 2009 2:02:23 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
leggi bene cosa c'e' tra le eliminazioni...... scarafognetta

fatti una ''sana lettura'' r16 alias scarafognetta



http://forum.wininizio.it/lofiversion/index.php/t99672.html

shapiro
Inviato: Monday, December 14, 2009 2:11:11 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Ciao paolopa tuttto bene? come stai? volevo farti gli auguri in anticipo
r16
Inviato: Monday, December 14, 2009 2:11:35 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Certi termini, rivolgili a tuo fratello, o a un tuo parente.
Non a me.
E che tu sia un incompetente cronico, lo dimostra che esegui quello che fanno gli altri, senza tenere conto che il contesto è diverso.
Tu sei più un pericolo, che un aiuto.

shapiro
Inviato: Monday, December 14, 2009 2:16:07 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
r16 r16 .... non comportarti cosi' solo perche' sbagli....qui prima o poi distruggerai il pc a qualcuno e solo perche' credi di fare tutto bene


ma perche' non ti informi prima di dire certe str...???


vai nei forum di Death, Deifobe, Luke 57 ed altri e leggi...LEGGI R16 LEGGI.....

Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.