Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

computer lentissimo Opzioni
paose
Inviato: Tuesday, March 02, 2010 5:40:17 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
C'è qualcosa che non va nel mio Pc, è troppo lento e certe volte lancio Internet Explorer ma non si avvia. Mi potreste controllare il log? Grazie

Ho installato l'antivirus ESET NOD 32 in prova ma a tutti i files mi dice controllo interno non eseguito



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.34.29, on 02/03/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Microsoft Student\Microsoft Encarta 2008 - Premium + Student DVD\EDICT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [L08IXLRD_111405109] "C:\Programmi\Microsoft Student\Microsoft Encarta 2008 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://sonhotel.it.gg/entra-in-hotel.htm?PHPSESSID=1cd32cbc97e4e126532ce21ac8a45d81"
O4 - Startup: Collegamento a Sei la peggio.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99ECA254-0BF1-4494-8D65-8548B0184CB1}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9877275591084) (gupdate1c9877275591084) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\shared\hpqwmi.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9892 bytes
Sponsor
Inviato: Tuesday, March 02, 2010 5:40:17 PM

 
r16
Inviato: Tuesday, March 02, 2010 8:15:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
paose
Inviato: Wednesday, March 03, 2010 5:49:06 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
ho fatto la scansione ho trovato un troyan e l'ho rimosso, questo è il log prima della rimozione.

Grazie

Malwarebytes' Anti-Malware 1.44
Versione del database: 3818
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/03/10 5.45.00
mbam-log-2010-03-03 (17-44-49).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 212328
Tempo trascorso: 1 hour(s), 16 minute(s), 37 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys (Trojan.MultipleAV) -> No action taken.
r16
Inviato: Wednesday, March 03, 2010 8:46:20 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
paose
Inviato: Saturday, March 06, 2010 2:43:35 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
ComboFix 10-03-05.03 - Paola 06/03/2010 14.21.59.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.512.238 [GMT 1:00]
Eseguito da: c:\documents and settings\Paola\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Oleopri20091.dll
c:\windows\system32\timedefw32ex.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-02-06 al 2010-03-06 )))))))))))))))))))))))))))))))))))
.

2010-03-06 13:04 . 2010-03-06 13:04 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ESET
2010-03-03 20:58 . 2010-03-03 20:58 -------- d-----w- c:\documents and settings\Paola\Impostazioni locali\Dati applicazioni\ESET
2010-03-03 19:05 . 2010-03-03 19:05 -------- d-----w- c:\programmi\ESET
2010-03-03 19:05 . 2010-03-03 19:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2010-02-18 08:33 . 2010-02-18 08:39 -------- d-----w- c:\documents and settings\Paola\_backup
2010-02-18 07:34 . 2010-02-18 08:12 -------- d-----w- C:\FlashLIB
2010-02-18 07:32 . 2010-02-18 07:32 -------- d-----w- c:\windows\FlashCAD
2010-02-18 07:32 . 2010-03-06 13:33 -------- d-----w- c:\programmi\FlashCAD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 10:47 . 2009-02-06 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-03-04 16:20 . 2008-11-28 16:19 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2010-03-03 21:01 . 2008-12-18 19:16 -------- d-----w- c:\programmi\Unlocker
2010-03-03 19:31 . 2009-02-06 17:11 -------- d-----w- c:\programmi\Google
2010-03-03 18:55 . 2008-11-28 16:19 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-03 18:49 . 2010-03-03 18:49 443912 ----a-w- c:\documents and settings\Paola\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-02-15 14:50 . 2008-12-21 21:28 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2010-01-08 16:01 . 2009-04-02 11:54 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-08 16:01 . 2009-05-11 16:02 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-04-02 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-02 11:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 09:53 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:40 . 2008-11-28 15:51 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 08:06 . 2006-03-02 12:00 81206 ----a-w- c:\windows\system32\perfc010.dat
2009-12-10 08:06 . 2006-03-02 12:00 483286 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 10:07 . 2006-03-02 12:00 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2004-08-19 15:34 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
2009-10-19 11:25 . 2009-08-21 06:44 308160 ----a-w- c:\programmi\avast_home_setup.exe
2009-10-18 17:17 . 2009-10-18 17:17 39079849 ----a-w- c:\programmi\finaldraft8.zip
2009-10-09 17:56 . 2009-10-09 17:55 93074728 ----a-w- c:\programmi\iTunesSetup.exe
2009-04-02 11:53 . 2009-04-02 11:53 2882679 ----a-w- c:\programmi\Malwarebytes.zip
2009-04-02 11:37 . 2009-04-02 11:37 911723 ----a-w- c:\programmi\ccleaner.zip
2009-04-02 07:14 . 2009-04-02 07:13 812344 ----a-w- c:\programmi\HJTInstall.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L08IXLRD_8918390"="c:\programmi\Microsoft Student\Microsoft Encarta 2008 - Premium + Student DVD\EDICT.EXE" [2007-06-12 351000]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 39408]
"FlashCAD"="c:\programmi\FlashCAD\FlashCAD.exe" [2009-11-25 8314880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-11-30 185872]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2_12\bin\jusched.exe" [2006-05-09 32881]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-2 113664]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-28 66864]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=sb16snd.dll
"MIDI1"=sb16snd.dll
"aux1"=sb16snd.dll
"mixer1"=sb16snd.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\FileZilla Client\\filezilla.exe"=
"c:\\Programmi\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\FlashCAD\\FlashCAD.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16/11/2009 9.03.36 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16/11/2009 9.06.50 96408]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [16/11/2009 9.04.30 735960]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [28/11/2008 17.26.47 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [28/11/2008 17.26.47 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [28/11/2008 17.26.47 108675]
S2 gupdate1c9887e47a616b6;Google Update Service (gupdate1c9887e47a616b6);c:\programmi\Google\Update\GoogleUpdate.exe [06/02/2009 18.13.45 133104]
S2 spd3ssl;Spyware-Process-Detector v3.15.3;\??\c:\programmi\Spyware Process Detector\spd315.sys --> c:\programmi\Spyware Process Detector\spd315.sys [?]
S3 sb16snd;sb16snd;c:\windows\system32\drivers\sb16snd.sys [29/11/2008 9.26.11 70672]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-06 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 20:56]

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-06 17:13]

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-06 17:13]

2010-03-06 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 21:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: {25D36AEC-D909-4EEC-ADA7-EBF7939CA535} = 85.37.17.17 85.38.28.72
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 14:31
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(6048)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\fxssvc.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-06 14:41:58 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-06 13:41
ComboFix2.txt 2010-01-14 17:11

Pre-Run: 101.910.716.416 byte disponibili
Post-Run: 101.896.601.600 byte disponibili

- - End Of File - - 587A00FD97105D0716436A40708B07B1
r16
Inviato: Saturday, March 06, 2010 2:54:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\programmi\avast_home_setup.exe
c:\windows\system32\drivers\sb16snd.sys

Folder::
c:\programmi\Spyware Process Detector

Driver::
sb16snd


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
paose
Inviato: Monday, March 08, 2010 5:09:15 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
ho copiato il file in combofix, si avvia ma ad un certo punto appare questo messaggio: tentavate di far funzionare CFScript il nome CFScript appare ortograficamente non corretto, e si chiude.
paose
Inviato: Monday, March 08, 2010 5:13:46 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
scusa, avevo scritto male il nome del file, ora riprovo
paose
Inviato: Monday, March 08, 2010 5:17:52 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
ho riprovato ma dopo che ho copiato il file in combofix mi appare questo messaggio NIRCMD non è riconosciuto come comando interno o esterno un programma eseguibile o un file batch
r16
Inviato: Monday, March 08, 2010 5:28:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina Combofix:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Riscarichi Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Fai la scansione.
Riavvia il pc. (se non si riavvia da solo)
Posta di nuovo il log.
Quando hai postato il log, riesegui le indicazioni dello script. (scrivilo giusto questa volta Drool )
paose
Inviato: Monday, March 08, 2010 6:31:34 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
ComboFix 10-03-08.01 - Paola 08/03/2010 18.02.03.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.512.255 [GMT 1:00]
Eseguito da: c:\documents and settings\Paola\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\timedefw32ex.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-02-08 al 2010-03-08 )))))))))))))))))))))))))))))))))))
.

2010-03-08 17:13 . 2010-03-08 17:13 18 ----a-w- c:\windows\system32\timedefw32ex.dll
2010-03-06 13:04 . 2010-03-06 13:04 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ESET
2010-03-03 20:58 . 2010-03-03 20:58 -------- d-----w- c:\documents and settings\Paola\Impostazioni locali\Dati applicazioni\ESET
2010-03-03 19:05 . 2010-03-03 19:05 -------- d-----w- c:\programmi\ESET
2010-03-03 19:05 . 2010-03-03 19:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2010-02-18 08:33 . 2010-02-18 08:39 -------- d-----w- c:\documents and settings\Paola\_backup
2010-02-18 07:34 . 2010-02-18 08:12 -------- d-----w- C:\FlashLIB
2010-02-18 07:32 . 2010-02-18 07:32 -------- d-----w- c:\windows\FlashCAD
2010-02-18 07:32 . 2010-03-08 17:15 -------- d-----w- c:\programmi\FlashCAD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 15:54 . 2009-02-06 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-03-04 16:20 . 2008-11-28 16:19 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2010-03-03 21:01 . 2008-12-18 19:16 -------- d-----w- c:\programmi\Unlocker
2010-03-03 19:31 . 2009-02-06 17:11 -------- d-----w- c:\programmi\Google
2010-03-03 18:55 . 2008-11-28 16:19 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-03 18:49 . 2010-03-03 18:49 443912 ----a-w- c:\documents and settings\Paola\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-02-15 14:50 . 2008-12-21 21:28 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2010-01-08 16:01 . 2009-04-02 11:54 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-08 16:01 . 2009-05-11 16:02 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-04-02 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-02 11:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 09:53 . 2006-03-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:40 . 2008-11-28 15:51 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 08:06 . 2006-03-02 12:00 81206 ----a-w- c:\windows\system32\perfc010.dat
2009-12-10 08:06 . 2006-03-02 12:00 483286 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 10:07 . 2006-03-02 12:00 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2004-08-19 15:34 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
2009-10-19 11:25 . 2009-08-21 06:44 308160 ----a-w- c:\programmi\avast_home_setup.exe
2009-10-18 17:17 . 2009-10-18 17:17 39079849 ----a-w- c:\programmi\finaldraft8.zip
2009-10-09 17:56 . 2009-10-09 17:55 93074728 ----a-w- c:\programmi\iTunesSetup.exe
2009-04-02 11:53 . 2009-04-02 11:53 2882679 ----a-w- c:\programmi\Malwarebytes.zip
2009-04-02 11:37 . 2009-04-02 11:37 911723 ----a-w- c:\programmi\ccleaner.zip
2009-04-02 07:14 . 2009-04-02 07:13 812344 ----a-w- c:\programmi\HJTInstall.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L08IXLRD_8918390"="c:\programmi\Microsoft Student\Microsoft Encarta 2008 - Premium + Student DVD\EDICT.EXE" [2007-06-12 351000]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 39408]
"FlashCAD"="c:\programmi\FlashCAD\FlashCAD.exe" [2009-11-25 8314880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-11-30 185872]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2_12\bin\jusched.exe" [2006-05-09 32881]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-2 113664]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-28 66864]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=sb16snd.dll
"MIDI1"=sb16snd.dll
"aux1"=sb16snd.dll
"mixer1"=sb16snd.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\FileZilla Client\\filezilla.exe"=
"c:\\Programmi\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\FlashCAD\\FlashCAD.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16/11/2009 9.03.36 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16/11/2009 9.06.50 96408]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [16/11/2009 9.04.30 735960]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [28/11/2008 17.26.47 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [28/11/2008 17.26.47 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [28/11/2008 17.26.47 108675]
S2 gupdate1c9887e47a616b6;Google Update Service (gupdate1c9887e47a616b6);c:\programmi\Google\Update\GoogleUpdate.exe [06/02/2009 18.13.45 133104]
S2 spd3ssl;Spyware-Process-Detector v3.15.3;\??\c:\programmi\Spyware Process Detector\spd315.sys --> c:\programmi\Spyware Process Detector\spd315.sys [?]
S3 sb16snd;sb16snd;c:\windows\system32\drivers\sb16snd.sys [29/11/2008 9.26.11 70672]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-08 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 20:56]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-06 17:13]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-06 17:13]

2010-03-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 21:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: {25D36AEC-D909-4EEC-ADA7-EBF7939CA535} = 85.37.17.17 85.38.28.72
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 18:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\windows\system32\timedefw32ex.dll 18 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(6252)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-08 18:23:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-08 17:23

Pre-Run: 101.846.249.472 byte disponibili
Post-Run: 101.818.462.208 byte disponibili

- - End Of File - - D1C9347628D0D4B05536CCB2BAE549CE
paose
Inviato: Monday, March 08, 2010 6:54:08 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
FATTO TUTTO!!!

ComboFix 10-03-08.01 - Paola 08/03/2010 18.34.32.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.512.177 [GMT 1:00]
Eseguito da: c:\documents and settings\Paola\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Paola\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\programmi\avast_home_setup.exe"
"c:\windows\system32\drivers\sb16snd.sys"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\avast_home_setup.exe
c:\windows\system32\drivers\sb16snd.sys
c:\windows\system32\timedefw32ex.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_sb16snd


((((((((((((((((((((((((( Files Creati Da 2010-02-08 al 2010-03-08 )))))))))))))))))))))))))))))))))))
.

2010-03-08 17:45 . 2010-03-08 17:45 18 ----a-w- c:\windows\system32\timedefw32ex.dll
2010-03-06 13:04 . 2010-03-06 13:04 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ESET
2010-03-03 20:58 . 2010-03-03 20:58 -------- d-----w- c:\documents and settings\Paola\Impostazioni locali\Dati applicazioni\ESET
2010-03-03 19:05 . 2010-03-03 19:05 -------- d-----w- c:\programmi\ESET
2010-03-03 19:05 . 2010-03-03 19:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2010-02-18 08:33 . 2010-02-18 08:39 -------- d-----w- c:\documents and settings\Paola\_backup
2010-02-18 07:34 . 2010-02-18 08:12 -------- d-----w- C:\FlashLIB
2010-02-18 07:32 . 2010-02-18 07:32 -------- d-----w- c:\windows\FlashCAD
2010-02-18 07:32 . 2010-03-08 17:46 -------- d-----w- c:\programmi\FlashCAD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 15:54 . 2009-02-06 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-03-04 16:20 . 2008-11-28 16:19 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2010-03-03 21:01 . 2008-12-18 19:16 -------- d-----w- c:\programmi\Unlocker
2010-03-03 19:31 . 2009-02-06 17:11 -------- d-----w- c:\programmi\Google
2010-03-03 18:55 . 2008-11-28 16:19 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-03 18:49 . 2010-03-03 18:49 443912 ----a-w- c:\documents and settings\Paola\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-02-15 14:50 . 2008-12-21 21:28 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2010-01-08 16:01 . 2009-04-02 11:54 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-08 16:01 . 2009-05-11 16:02 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-04-02 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-02 11:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 09:53 . 2006-03-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:40 . 2008-11-28 15:51 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 08:06 . 2006-03-02 12:00 81206 ----a-w- c:\windows\system32\perfc010.dat
2009-12-10 08:06 . 2006-03-02 12:00 483286 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 10:07 . 2006-03-02 12:00 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2004-08-19 15:34 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
2009-10-18 17:17 . 2009-10-18 17:17 39079849 ----a-w- c:\programmi\finaldraft8.zip
2009-10-09 17:56 . 2009-10-09 17:55 93074728 ----a-w- c:\programmi\iTunesSetup.exe
2009-04-02 11:53 . 2009-04-02 11:53 2882679 ----a-w- c:\programmi\Malwarebytes.zip
2009-04-02 11:37 . 2009-04-02 11:37 911723 ----a-w- c:\programmi\ccleaner.zip
2009-04-02 07:14 . 2009-04-02 07:13 812344 ----a-w- c:\programmi\HJTInstall.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L08IXLRD_8918390"="c:\programmi\Microsoft Student\Microsoft Encarta 2008 - Premium + Student DVD\EDICT.EXE" [2007-06-12 351000]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 39408]
"FlashCAD"="c:\programmi\FlashCAD\FlashCAD.exe" [2009-11-25 8314880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-11-30 185872]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2_12\bin\jusched.exe" [2006-05-09 32881]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-2 113664]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-28 66864]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=sb16snd.dll
"MIDI1"=sb16snd.dll
"aux1"=sb16snd.dll
"mixer1"=sb16snd.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\FileZilla Client\\filezilla.exe"=
"c:\\Programmi\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\FlashCAD\\FlashCAD.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16/11/2009 9.03.36 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16/11/2009 9.06.50 96408]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [16/11/2009 9.04.30 735960]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [28/11/2008 17.26.47 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [28/11/2008 17.26.47 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [28/11/2008 17.26.47 108675]
S2 gupdate1c9887e47a616b6;Google Update Service (gupdate1c9887e47a616b6);c:\programmi\Google\Update\GoogleUpdate.exe [06/02/2009 18.13.45 133104]
S2 spd3ssl;Spyware-Process-Detector v3.15.3;\??\c:\programmi\Spyware Process Detector\spd315.sys --> c:\programmi\Spyware Process Detector\spd315.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-08 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 20:56]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-06 17:13]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-06 17:13]

2010-03-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 21:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: {25D36AEC-D909-4EEC-ADA7-EBF7939CA535} = 85.37.17.17 85.38.28.72
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 18:44
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\windows\system32\timedefw32ex.dll 18 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(8012)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\fxssvc.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-08 18:52:43 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-08 17:52
ComboFix2.txt 2010-03-08 17:23

Pre-Run: 101.820.149.760 byte disponibili
Post-Run: 101.698.883.584 byte disponibili

- - End Of File - - 5B543ABA12A4D1862D4FFFD9E117F2CE
r16
Inviato: Monday, March 08, 2010 8:38:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Sì, ma c'è qualcosa che non mi quadra.
Lo hai installato tu questo programma:?
Spyware-Process-Detector

Il pc è ancora lento?
paolopa
Inviato: Monday, March 08, 2010 9:03:56 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ciao r16,tanto che aspetti:ma quel file nascosto che ha trovato combo,e che non era presente nella sua prima scansione,era un rootkit?
r16
Inviato: Monday, March 08, 2010 10:29:45 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
paolopa ha scritto:
ciao r16,tanto che aspetti:ma quel file nascosto che ha trovato combo,e che non era presente nella sua prima scansione,era un rootkit?

E' una delle cose che non mi quadra.
Un'altra, è questo file, che viene eliminato, e poi si rigenera subito:
c:\windows\system32\timedefw32ex.dll
Nella prima scansione di Combofix, lo ha eliminato, e non si è rigenerato.
Me lo ritrovo adesso.
E per giunta rigenerato....Think
((((((((((((((((((((((((( Files Creati Da 2010-02-08 al 2010-03-08 )))))))))))))))))))))))))))))))))))

2010-03-08 17:45 . 2010-03-08 17:45 18 ----a-w- c:\windows\system32\timedefw32ex.dll

@ paose:
Non è per caso che usi qualche periferica infetta?
Con la funzione "Cerca" di Windows trova il file in rosso ed eliminalo:
c:\windows\system32\timedefw32ex.dll
paose
Inviato: Tuesday, March 09, 2010 3:57:08 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
Ho cancellato il file c:\windows\system32\timedefw32ex.dll ma ancora sento il computer molto lento
r16
Inviato: Tuesday, March 09, 2010 4:03:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
In che senso lento....
All'avvio, all'apertura delle pagine, durante la navigazione....
Questa lentezza, si è verificata, dopo che hai installato qualche programma?
paose
Inviato: Tuesday, March 09, 2010 4:06:45 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
precisamente è lento quando accendo il pc e si carica windows e quando lanci0 per la prima volta internet. Da quando ho cancellato l'ultimo file ho notato che riaprendo successivamente internet explorer (dopo la prima volta) è più veloce.
r16
Inviato: Tuesday, March 09, 2010 4:11:50 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
E' già qualcosa.
Prova a fare queste pulizie:

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Per eliminare i vari Tooll scaricati: (combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Fai una deframmentazione del HD.
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.

Ricontrolla se quel file, non si sia rigenerato.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.