Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Ram al 100% Opzioni
bunzi
Inviato: Friday, January 15, 2010 10:41:17 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
Per favore mi potete controllare il log perchè ho la Ram che lavora al 100%

Grazie



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.40.58, on 15/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\FixCamera.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\MemoRex\MemoRex.exe
C:\windows\System32\Ati2evxx.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\windows\System32\svchost.exe
C:\windows\System32\StkASv2K.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\windows\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Programmi\Family Toolbar\tbu09631\tbhelper.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Programmi\Family Toolbar\tbu09631\tbcore3.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Programmi\Family Toolbar\tbu09631\tbcore3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Programmi\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKCU\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKCU\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\windows\TEMP\E_S133.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96F7060D-D369-4582-8563-6BAA675EE335}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\windows\System32\StkASv2K.exe
O23 - Service: Servizio di condivisione in rete Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Programmi\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 8500 bytes
Sponsor
Inviato: Friday, January 15, 2010 10:41:17 PM

 
r16
Inviato: Friday, January 15, 2010 10:47:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Programmi\MyHeritage\Bin\FTBCheckUpdates.exe

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Riavvia il pc.

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina gli eventuali file infetti trovati.
Posta il log.
panchoz
Inviato: Friday, January 15, 2010 10:54:10 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
Bunzi,

controlla nel Task Manager qual'è il "processo", o i processi, che utilizza la RAM.

Può essere un'indicazione molto utile.
bunzi
Inviato: Sunday, January 17, 2010 12:10:25 AM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
r16 ha scritto:
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Programmi\MyHeritage\Bin\FTBCheckUpdates.exe

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Riavvia il pc.

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina gli eventuali file infetti trovati.
Posta il log.


Fixato le due voci suggerite, pulito con CCleaner e verificato con Malwarebites ( 1ora e 20 minuti ) e non ha trovato niente di infetto


Malwarebytes' Anti-Malware 1.44
Versione del database: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/01/2010 23.58.46
mbam-log-2010-01-16 (23-58-46).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 198591
Tempo trascorso: 1 hour(s), 21 minute(s), 15 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)


La ram impegnate è ballerina cioè va dal 100% al 2% e guardando la voce ciclo idle del sistema si sposta dal 85% al 96%

r16
Inviato: Sunday, January 17, 2010 12:26:44 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Vediamo di capirci:
Quando apri il Task Manager, la CPU schizza al 100% ma subito dopo si assesta e rimane al 2% giusto?
Il ciclo IDE è dentro a parametri normali (il mio, varia dal 90% al 99%)
bunzi
Inviato: Sunday, January 17, 2010 10:04:32 AM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
ciao r16 no, non proprio, per esempio ho acceso il pc ora e aprendo il Task Manager il diagramma è impazzito, va al 100%, per qualche decina di secondi è sceso intorno al 30% ,35%,poi va a 0% e adesso sembra stabilizzata su 1-3% con alcuni picchi fino al 17%.
Ci sono forse troppi processi in esecuzione (50) e la linea della memoria allocata è stabile sui 482 Mb.
L'unico cambiamento che ho fatto ultimamente è che ho eliminato Reg Cleaner e installato Agnitum Outpost e non credo che sia questo però....
r16
Inviato: Sunday, January 17, 2010 12:47:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Beh, levati il dubbio.
Disistalla Agnitum Outpost . (al limite lo reistalli)
Poi, se hai 50 processi in esecuzione, disabilitane qualcuno, e vedi se la CPU migliora.
panchoz
Inviato: Sunday, January 17, 2010 1:20:34 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
Chiudi il collegamento Internet.
bunzi
Inviato: Sunday, January 17, 2010 1:56:37 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
r16 ha scritto:
Beh, levati il dubbio.
Disistalla Agnitum Outpost . (al limite lo reistalli)
Poi, se hai 50 processi in esecuzione, disabilitane qualcuno, e vedi se la CPU migliora.

Disinstallato Agnitum, nessun cambiamentoBrick wall
bunzi
Inviato: Sunday, January 17, 2010 1:58:38 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
panchoz ha scritto:
Chiudi il collegamento Internet.


Ho staccato e riattaccato la connessione a Internet ma oltre a picchi alti e bassi del grafico la Ram è ancora ballerina come prima.
Non sarà che la mobo sta tirando le cuoia ?
r16
Inviato: Sunday, January 17, 2010 2:38:10 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non lo so se la mobo , stà salutandoti maleducatamente.
Però vediamo se il pc ha qualche infezione nascosta:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
panchoz
Inviato: Sunday, January 17, 2010 3:14:45 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
panchoz ha scritto:
Chiudi il collegamento Internet.


Il suggerimento era per il periodo in cui rimanevi senza firewall.
monsee
Inviato: Sunday, January 17, 2010 3:16:52 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
panchoz ha scritto:
panchoz ha scritto:
Chiudi il collegamento Internet.


Il suggerimento era per il periodo in cui rimanevi senza firewall.

Ottimo consiglio: condivido. Applause Applause Applause (c'è addirittura gente che -saggio anche questo- in casi del genere scollega il cavetto dell'ADSL)...
bunzi
Inviato: Thursday, January 21, 2010 5:26:56 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
r16 ha scritto:
Non lo so se la mobo , stà salutandoti maleducatamente.
Però vediamo se il pc ha qualche infezione nascosta:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.


Ciao r16 ecco il log di Combofix, vedi un pò grazie

ComboFix 10-01-20.05 - Pierino 21/01/2010 13.41.58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.735.399 [GMT 1:00]
Eseguito da: c:\documents and settings\Pierino\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100121-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pierino\Menu Avvio\Programmi\Esecuzione automatica\Logitech . Registrazione prodotti.lnk
c:\windows\msvrc20.dll
c:\windows\system32\dbfb.dll
c:\windows\system32\setup.ini
c:\windows\system32\SIntf16.dll
c:\windows\system32\twain_32.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\windows_messenger.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-12-21 al 2010-01-21 )))))))))))))))))))))))))))))))))))
.

2010-01-19 16:50 . 2010-01-19 16:51 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Xcelsius
2010-01-15 22:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 22:16 . 2010-01-15 22:16 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-15 22:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 22:11 . 2010-01-15 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-15 13:01 . 2010-01-17 21:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-01-13 17:28 . 2010-01-13 17:28 -------- d-----w- c:\programmi\File comuni\xing shared
2010-01-13 17:27 . 2010-01-13 17:27 -------- d-----w- c:\programmi\Real
2010-01-13 17:11 . 2010-01-13 17:28 -------- d-----w- c:\programmi\File comuni\Real
2010-01-12 18:18 . 2010-01-12 18:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivoGames
2010-01-12 16:38 . 2009-04-06 10:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-01-12 16:38 . 2009-02-10 15:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-01-12 16:37 . 2009-02-18 16:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-01-12 16:36 . 2010-01-12 16:36 -------- d-----w- c:\programmi\Agnitum
2010-01-12 16:34 . 2010-01-12 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2010-01-12 13:34 . 2010-01-12 13:34 -------- d-----w- c:\programmi\VDOWNLOADER
2010-01-12 13:34 . 2010-01-12 13:34 -------- d-----w- c:\programmi\File comuni\eBay
2010-01-12 13:32 . 2010-01-13 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2010-01-12 06:06 . 2010-01-19 15:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2010-01-11 22:55 . 2010-01-11 22:55 -------- d-----w- c:\documents and settings\Pierino\Impostazioni locali\Dati applicazioni\vdownloader
2010-01-11 20:41 . 2010-01-17 13:24 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype
2010-01-11 20:40 . 2010-01-11 20:40 -------- d-----w- c:\programmi\File comuni\Skype
2010-01-10 19:21 . 2010-01-10 19:23 -------- d-----w- c:\windows\SHELLNEW
2010-01-10 19:21 . 2010-01-10 19:21 -------- d-----w- c:\programmi\Microsoft.NET
2010-01-10 19:18 . 2010-01-10 19:18 -------- d-----r- C:\MSOCache
2010-01-05 09:49 . 2010-01-05 09:49 -------- d-----w- c:\programmi\Stampa Copertine
2010-01-04 22:34 . 2010-01-04 22:34 -------- d-----w- c:\documents and settings\Pierino\.thumbnails
2010-01-04 21:59 . 2010-01-04 22:00 -------- d-----w- c:\programmi\GIMPshop
2010-01-04 21:15 . 2010-01-05 09:37 -------- d-----w- c:\documents and settings\Pierino\.gimp-2.2
2010-01-04 21:09 . 2010-01-04 21:09 -------- d-----w- c:\programmi\IrfanView
2010-01-04 17:44 . 2010-01-04 18:18 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Vso
2010-01-03 09:43 . 2010-01-03 09:46 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\GetRightToGo
2009-12-31 16:11 . 2009-12-31 16:12 -------- d-----w- c:\programmi\Date Cracker 2000
2009-12-31 16:11 . 2010-01-01 11:03 249856 ------w- c:\windows\Setup1.exe
2009-12-31 11:40 . 2009-12-31 11:40 -------- d-----w- c:\programmi\Lavalys
2009-12-28 21:17 . 2009-12-28 21:19 -------- d-----w- c:\programmi\You Ripper
2009-12-28 21:17 . 2009-12-28 21:17 92728 ------w- c:\windows\system32\bass.dll
2009-12-27 09:42 . 2009-12-30 14:14 -------- d-----w- c:\programmi\MemoRex
2009-12-26 12:25 . 2009-12-26 12:33 -------- d-----w- c:\programmi\Ri-li
2009-12-26 12:25 . 2009-12-26 12:25 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-12-25 16:45 . 2009-12-25 16:55 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\AmazeCopy
2009-12-25 16:08 . 2009-12-25 16:08 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Jasc
2009-12-24 17:37 . 2009-12-24 17:46 -------- d-----w- c:\programmi\DivX
2009-12-24 14:59 . 2009-12-24 14:59 -------- d-----w- c:\programmi\Paravia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 14:24 . 2008-03-15 08:38 66096 ----a-w- c:\documents and settings\Pierino\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-17 08:43 . 2008-10-10 15:58 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\skypePM
2010-01-12 10:24 . 2009-05-05 12:50 -------- d-----w- c:\programmi\FairUse Wizard 2
2010-01-11 20:40 . 2009-11-30 13:58 -------- d-----w- c:\programmi\Skype
2010-01-11 20:40 . 2009-07-23 07:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-01-11 12:42 . 2008-03-14 16:25 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-01-11 12:42 . 2009-09-13 09:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2010-01-11 12:42 . 2008-03-14 16:26 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-08 16:50 . 2008-12-15 07:41 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\dvdcss
2010-01-01 11:03 . 2008-11-22 13:54 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-27 12:42 . 2008-03-20 12:34 -------- d-----w- c:\programmi\QuickTime
2009-12-27 10:07 . 2009-03-17 10:45 -------- d-----w- c:\programmi\AIMP2
2009-12-24 13:29 . 2008-03-18 12:34 -------- d-----w- c:\programmi\MyHeritage
2009-12-24 13:29 . 2009-12-19 13:46 -------- d-----w- c:\programmi\Family Toolbar
2009-12-21 21:34 . 2009-12-08 10:13 -------- d-----w- c:\programmi\MyPlayCity.com
2009-12-21 20:57 . 2009-12-21 20:57 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Sahmon Games
2009-12-20 16:20 . 2009-12-20 16:20 -------- d-----w- c:\programmi\Time Stopper
2009-12-14 22:24 . 2009-12-14 22:24 -------- d-----w- c:\programmi\MWSnap
2009-12-12 09:03 . 2008-03-28 12:35 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\URSE Games
2009-12-09 11:34 . 2009-12-09 11:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SugarGames
2009-12-07 22:56 . 2009-12-07 22:50 -------- d-----w- c:\programmi\Thumbs5
2009-12-04 10:30 . 2009-11-13 08:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\UDL
2009-12-04 10:28 . 2009-11-13 08:26 -------- d-----w- c:\programmi\ABBYY FineReader 6.0 Sprint
2009-12-04 10:27 . 2009-11-13 08:21 -------- d-----w- c:\programmi\epson
2009-12-04 10:26 . 2009-12-04 10:26 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\InstallShield
2009-12-02 13:28 . 2009-07-23 16:41 -------- d-----w- c:\programmi\REAPER
2009-12-02 13:23 . 2009-10-24 09:15 -------- d-----w- c:\programmi\eMule
2009-12-01 13:25 . 2008-07-04 11:27 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\RaimaRadio
2009-11-30 14:00 . 2009-11-30 14:00 -------- d-----w- c:\programmi\Casino Madness 98
2009-11-30 13:59 . 2009-11-13 09:56 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\EPSON
2009-11-30 13:58 . 2009-11-24 12:59 -------- d-----w- c:\programmi\GameSpy Arcade
2009-11-30 13:58 . 2009-11-24 13:43 -------- d-----w- c:\programmi\Skype(2)
2009-11-30 13:58 . 2009-11-24 13:44 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype(2)
2009-11-30 13:56 . 2009-11-30 13:07 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype(3)
2009-11-24 23:54 . 2008-03-17 11:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-03-17 11:33 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-03-17 11:33 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-04 16:46 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-04 16:46 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-03-17 11:33 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-03-17 11:33 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-03-17 11:33 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-03-17 11:32 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-02 09:26 . 2009-11-02 09:26 351248 ----a-w- c:\windows\system32\FTBSaver.scr
2009-10-25 08:42 . 2002-09-10 12:00 97290 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 08:42 . 2002-09-10 12:00 518314 ----a-w- c:\windows\system32\perfh010.dat
1999-08-20 07:25 . 2002-12-17 18:08 877 ----a-w- c:\programmi\config.cfg
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\programmi\Family Toolbar\tbu09631\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\programmi\Family Toolbar\tbu09631\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\programmi\Family Toolbar\tbu09631\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\programmi\Family Toolbar\tbu09631\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"CnxDslTaskBar"="c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-01-13 198160]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 17.46.08 114768]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/01/2010 17.38.31 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [12/01/2010 17.36.57 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 17.46.08 20560]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/01/2010 17.37.02 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/01/2010 17.38.21 257432]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [01/07/2009 10.23.30 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [01/07/2009 10.17.04 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [01/07/2009 10.23.30 108675]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-avast! - (no file)
HKLM-Run-RunOnStartup - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 16:50
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1417001333-113007714-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3351BA3D-5949-B0B2-2ED5-5F494CD2AABA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oajhppagpjpdkdbpndibfgkakgneje"=hex:64,61,69,6a,63,70,6e,65,00,d0
"oaffpdljdmehgkejnefchelmhjlhjd"=hex:6a,61,6a,6a,61,6f,6e,67,65,68,65,61,68,61,
68,6b,63,65,64,68,00,fd
"nalgbppjnjddnojkehonjgfkjeig"=hex:6b,61,69,6a,63,70,6c,68,6e,6a,68,6d,66,66,
6f,65,6a,67,68,6d,65,69,00,00

[HKEY_USERS\S-1-5-21-1417001333-113007714-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3460FD75-75A2-90B3-5647-1F8549834BF4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakdlaecgihembjpea"=hex:6b,61,67,67,6d,65,68,68,6c,68,6a,67,68,66,6d,61,6a,65,
6f,70,6e,6d,00,00
"haeedgpdkakcommj"=hex:6b,61,67,67,6d,65,68,68,6c,68,6a,67,68,66,6d,61,6a,65,
6f,70,6e,6d,00,00

[HKEY_USERS\S-1-5-21-1417001333-113007714-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77EB9369-FD26-597E-2064-BCA994FC7A21}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaigooalbngflknljlnoioefeodglo"=hex:64,61,68,61,70,6e,67,67,00,85
"oaefgbpfmicaekihdkigibpgekilch"=hex:6b,61,68,61,65,70,65,68,64,66,62,6b,6c,6c,
6b,70,63,68,66,63,64,6a,00,7c
"naofiagcnkjkmklfnpfdmndcbmpj"=hex:6a,61,68,61,65,70,65,68,67,66,69,6b,6c,6e,
63,62,67,6f,6b,6a,00,02
"eamfglmiac"=hex:61,61,00,00
"cafgcd"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-1417001333-113007714-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D5420F8A-693F-A861-43EF-972DCA2725A4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaahbdaagjmaohpjhpdomfpmbhmcgi"=hex:64,61,6c,63,62,6a,61,62,00,70
"oambficgdgjboeojgpfbmhaclafdbd"=hex:6a,61,6c,63,63,6a,67,61,6b,6a,68,6e,62,65,
6b,6b,6e,6e,66,6c,00,ba
"naoalcahfiffibaifpalmpodpfgi"=hex:6b,61,6c,63,6e,69,68,62,6e,64,6d,61,69,65,
67,6c,62,68,65,62,6c,70,00,00

[HKEY_USERS\S-1-5-21-1417001333-113007714-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1385F0E-5779-1C6B-CC04-2D6DCBD68989}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafoipkkgfhdkifamg"=hex:6b,61,62,70,62,69,6c,66,61,62,6e,6c,6a,66,6c,6b,68,6b,
68,67,70,69,00,00
"hahocmhaimnjcjhg"=hex:6b,61,62,70,62,69,6c,66,61,62,6e,6c,6a,66,6c,6b,68,6b,
68,67,70,69,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:ôwjY*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6094"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(608)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\windows\System32\Ati2evxx.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\StkASv2K.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\MemoRex\MemoRex.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-21 16:57:07 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-21 15:57

Pre-Run: 19.686.391.808 byte disponibili
Post-Run: 19.864.227.840 byte disponibili

- - End Of File - - 74FCD2F9446D4415FA73972221B2F4CB

r16
Inviato: Friday, January 22, 2010 10:57:49 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per prima cosa,Vai in Installazione Applicazioni, e rimuovi TUTTE le Toolbar che trovi.
Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
RegNull::
[HKEY_USERS\S-1-5-21-1417001333-113007714-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3351BA3D-5949-B0B2-2ED5-5F494CD2AABA}*]
[HKEY_USERS\S-1-5-21-1417001333-113007714-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3460FD75-75A2-90B3-5647-1F8549834BF4}*]
[HKEY_USERS\S-1-5-21-1417001333-113007714-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77EB9369-FD26-597E-2064-BCA994FC7A21}*]
[HKEY_USERS\S-1-5-21-1417001333-113007714-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D5420F8A-693F-A861-43EF-972DCA2725A4}*]
[HKEY_USERS\S-1-5-21-1417001333-113007714-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1385F0E-5779-1C6B-CC04-2D6DCBD68989}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:ôwjY*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:ôwjY*]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
bunzi
Inviato: Friday, January 22, 2010 5:03:14 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
ciao r16 non vorrei fare casino, siccome mi dici di iniziare a togliere le toolbar guardando in Installazione applicazioni a me sembra che non ce ne siano, però correggimi se sbaglio.
r16
Inviato: Friday, January 22, 2010 5:17:58 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Le toolbar, ci sono.
Comunque esegui le istruzioni di Combofix, che sono più importanti.
bunzi
Inviato: Friday, January 22, 2010 5:20:46 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
Le faccio subitooooo
bunzi
Inviato: Friday, January 22, 2010 5:51:36 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 378
r16 ecco il log aggiornato Grazie

ComboFix 10-01-20.05 - Pierino 22/01/2010 17.29.13.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.735.423 [GMT 1:00]
Eseguito da: c:\documents and settings\Pierino\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Pierino\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100122-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-12-22 al 2010-01-22 )))))))))))))))))))))))))))))))))))
.

2010-01-19 16:50 . 2010-01-19 16:51 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Xcelsius
2010-01-15 22:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 22:16 . 2010-01-15 22:16 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-15 22:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 22:11 . 2010-01-15 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-15 13:01 . 2010-01-17 21:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-01-13 17:28 . 2010-01-13 17:28 -------- d-----w- c:\programmi\File comuni\xing shared
2010-01-13 17:27 . 2010-01-13 17:27 -------- d-----w- c:\programmi\Real
2010-01-13 17:11 . 2010-01-13 17:28 -------- d-----w- c:\programmi\File comuni\Real
2010-01-12 18:18 . 2010-01-12 18:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivoGames
2010-01-12 16:38 . 2009-04-06 10:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-01-12 16:38 . 2009-02-10 15:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-01-12 16:37 . 2009-02-18 16:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-01-12 16:36 . 2010-01-12 16:36 -------- d-----w- c:\programmi\Agnitum
2010-01-12 16:34 . 2010-01-12 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2010-01-12 13:34 . 2010-01-12 13:34 -------- d-----w- c:\programmi\VDOWNLOADER
2010-01-12 13:34 . 2010-01-12 13:34 -------- d-----w- c:\programmi\File comuni\eBay
2010-01-12 13:32 . 2010-01-13 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2010-01-12 06:06 . 2010-01-19 15:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2010-01-11 22:55 . 2010-01-11 22:55 -------- d-----w- c:\documents and settings\Pierino\Impostazioni locali\Dati applicazioni\vdownloader
2010-01-11 20:41 . 2010-01-22 15:28 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype
2010-01-11 20:40 . 2010-01-11 20:40 -------- d-----w- c:\programmi\File comuni\Skype
2010-01-10 19:21 . 2010-01-10 19:23 -------- d-----w- c:\windows\SHELLNEW
2010-01-10 19:21 . 2010-01-10 19:21 -------- d-----w- c:\programmi\Microsoft.NET
2010-01-10 19:18 . 2010-01-10 19:18 -------- d-----r- C:\MSOCache
2010-01-05 09:49 . 2010-01-05 09:49 -------- d-----w- c:\programmi\Stampa Copertine
2010-01-04 22:34 . 2010-01-04 22:34 -------- d-----w- c:\documents and settings\Pierino\.thumbnails
2010-01-04 21:59 . 2010-01-04 22:00 -------- d-----w- c:\programmi\GIMPshop
2010-01-04 21:15 . 2010-01-05 09:37 -------- d-----w- c:\documents and settings\Pierino\.gimp-2.2
2010-01-04 21:09 . 2010-01-04 21:09 -------- d-----w- c:\programmi\IrfanView
2010-01-04 17:44 . 2010-01-04 18:18 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Vso
2010-01-03 09:43 . 2010-01-03 09:46 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\GetRightToGo
2009-12-31 16:11 . 2009-12-31 16:12 -------- d-----w- c:\programmi\Date Cracker 2000
2009-12-31 16:11 . 2010-01-01 11:03 249856 ------w- c:\windows\Setup1.exe
2009-12-31 11:40 . 2009-12-31 11:40 -------- d-----w- c:\programmi\Lavalys
2009-12-28 21:17 . 2009-12-28 21:19 -------- d-----w- c:\programmi\You Ripper
2009-12-28 21:17 . 2009-12-28 21:17 92728 ------w- c:\windows\system32\bass.dll
2009-12-27 09:42 . 2009-12-30 14:14 -------- d-----w- c:\programmi\MemoRex
2009-12-26 12:25 . 2009-12-26 12:33 -------- d-----w- c:\programmi\Ri-li
2009-12-26 12:25 . 2009-12-26 12:25 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-12-25 16:45 . 2009-12-25 16:55 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\AmazeCopy
2009-12-25 16:08 . 2009-12-25 16:08 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Jasc
2009-12-24 17:37 . 2009-12-24 17:46 -------- d-----w- c:\programmi\DivX
2009-12-24 14:59 . 2009-12-24 14:59 -------- d-----w- c:\programmi\Paravia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 15:01 . 2008-10-10 15:58 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\skypePM
2010-01-19 14:24 . 2008-03-15 08:38 66096 ----a-w- c:\documents and settings\Pierino\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-12 10:24 . 2009-05-05 12:50 -------- d-----w- c:\programmi\FairUse Wizard 2
2010-01-11 20:40 . 2009-11-30 13:58 -------- d-----w- c:\programmi\Skype
2010-01-11 20:40 . 2009-07-23 07:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-01-11 12:42 . 2008-03-14 16:25 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-01-11 12:42 . 2009-09-13 09:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2010-01-11 12:42 . 2008-03-14 16:26 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-08 16:50 . 2008-12-15 07:41 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\dvdcss
2010-01-01 11:03 . 2008-11-22 13:54 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-27 12:42 . 2008-03-20 12:34 -------- d-----w- c:\programmi\QuickTime
2009-12-27 10:07 . 2009-03-17 10:45 -------- d-----w- c:\programmi\AIMP2
2009-12-24 13:29 . 2008-03-18 12:34 -------- d-----w- c:\programmi\MyHeritage
2009-12-24 13:29 . 2009-12-19 13:46 -------- d-----w- c:\programmi\Family Toolbar
2009-12-21 21:34 . 2009-12-08 10:13 -------- d-----w- c:\programmi\MyPlayCity.com
2009-12-21 20:57 . 2009-12-21 20:57 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Sahmon Games
2009-12-20 16:20 . 2009-12-20 16:20 -------- d-----w- c:\programmi\Time Stopper
2009-12-14 22:24 . 2009-12-14 22:24 -------- d-----w- c:\programmi\MWSnap
2009-12-12 09:03 . 2008-03-28 12:35 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\URSE Games
2009-12-09 11:34 . 2009-12-09 11:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SugarGames
2009-12-07 22:56 . 2009-12-07 22:50 -------- d-----w- c:\programmi\Thumbs5
2009-12-04 10:30 . 2009-11-13 08:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\UDL
2009-12-04 10:28 . 2009-11-13 08:26 -------- d-----w- c:\programmi\ABBYY FineReader 6.0 Sprint
2009-12-04 10:27 . 2009-11-13 08:21 -------- d-----w- c:\programmi\epson
2009-12-04 10:26 . 2009-12-04 10:26 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\InstallShield
2009-12-02 13:28 . 2009-07-23 16:41 -------- d-----w- c:\programmi\REAPER
2009-12-02 13:23 . 2009-10-24 09:15 -------- d-----w- c:\programmi\eMule
2009-12-01 13:25 . 2008-07-04 11:27 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\RaimaRadio
2009-11-30 14:00 . 2009-11-30 14:00 -------- d-----w- c:\programmi\Casino Madness 98
2009-11-30 13:59 . 2009-11-13 09:56 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\EPSON
2009-11-30 13:58 . 2009-11-24 12:59 -------- d-----w- c:\programmi\GameSpy Arcade
2009-11-30 13:58 . 2009-11-24 13:43 -------- d-----w- c:\programmi\Skype(2)
2009-11-30 13:58 . 2009-11-24 13:44 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype(2)
2009-11-30 13:56 . 2009-11-30 13:07 -------- d-----w- c:\documents and settings\Pierino\Dati applicazioni\Skype(3)
2009-11-24 23:54 . 2008-03-17 11:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-03-17 11:33 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-03-17 11:33 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-04 16:46 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-04 16:46 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-03-17 11:33 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-03-17 11:33 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-03-17 11:33 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-03-17 11:32 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-02 09:26 . 2009-11-02 09:26 351248 ----a-w- c:\windows\system32\FTBSaver.scr
2009-10-25 08:42 . 2002-09-10 12:00 97290 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 08:42 . 2002-09-10 12:00 518314 ----a-w- c:\windows\system32\perfh010.dat
1999-08-20 07:25 . 2002-12-17 18:08 877 ----a-w- c:\programmi\config.cfg
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\programmi\Family Toolbar\tbu09631\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\programmi\Family Toolbar\tbu09631\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\programmi\Family Toolbar\tbu09631\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\programmi\Family Toolbar\tbu09631\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"CnxDslTaskBar"="c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-01-13 198160]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 17.46.08 114768]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/01/2010 17.38.31 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [12/01/2010 17.36.57 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 17.46.08 20560]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/01/2010 17.37.02 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/01/2010 17.38.21 257432]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [01/07/2009 10.23.30 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [01/07/2009 10.17.04 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [01/07/2009 10.23.30 108675]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 17:38
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:ôwjY*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6094"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4716)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\windows\System32\Ati2evxx.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\StkASv2K.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\MemoRex\MemoRex.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-22 17:45:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-22 16:45
ComboFix2.txt 2010-01-21 15:57

Pre-Run: 19.829.731.328 byte disponibili
Post-Run: 19.787.341.824 byte disponibili

- - End Of File - - 6AFB545B28F6CCAB97794C5C7C94D153
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.