MegaLab.it


http://www.megalab.it/forum/

pubblicità invasiva

./viewtopic.php?f=33&t=56163&start=0

Pagina 1 di 1

pubblicità invasiva

MessaggioInviato: lun ago 24, 2009 11:11 pm
da xalx67
Windows vista home premium. Avira antivir personal free.
Si aprono spesso pagine pubblicitarie di vario tipo. Avira non segnala nulla. Ho provato con una scansione online con kaspersky ed ho eliminato i seguenti file:
C:\Program Files\Hotbar\bin\10.2.236.0\firefox\extensions\plugins\npclntax_HotbarSA.dll
C:\Program Files\Hotbar\bin\10.2.236.0\Wallpaper.dll
C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
Lasciando i seguenti:
C:\Program Files\Microsoft LifeCam\Driver32\VX6000\VX6000Xp.sys
C:\Windows\System32\DriverStore\FileRepository\vx6000.inf_eb0d6ed6\VX6000Xp.sys
Allego log di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.49.38, on 24/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\vVX3000.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Andrea\AppData\Local\kgdavz.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchFilterHost.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kgdavz] "c:\users\andrea\appdata\local\kgdavz.exe" kgdavz
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7229 bytes
in quanto ci sono elementi di cui non riesco a trovare informazioni chiare.
Altro problema riscontrato è il funzionamento parziale del ripristino configurazione di sistema, in quanto i punti di ripristino vengono creati solo quando si installano gli aggiornamenti. Crearne uno manuale restituisce questo messaggio: "impossibile creare l' attività pianificata per il motivo seguente: l' immagine dell' attività è danneggiata o è stata manomessa. (0x80041321)

Re: pubblicità invasiva

MessaggioInviato: lun ago 24, 2009 11:32 pm
da Amantide
Per quanto riguarda la pubblicità, fai la scansione con Combofix, così ti eliminerà i file incriminati (scommeterei che i problemi hanno iniziato dopo aver installato FunkyEmoticons)
http://www.MegaLab.it/4612/favorit-netw ... i-gratuiti

Per il secondo problema invece dovresti aprire un argomento nuovo.

Re: pubblicità invasiva

MessaggioInviato: mar ago 25, 2009 6:51 am
da crazy.cat
Se ti sei installato anche Hotbar fai una scansione con malwarebytes o superantispyware, quello che hai tolto non basta ti installa un macello di schifezze.

Re: pubblicità invasiva

MessaggioInviato: mar ago 25, 2009 9:01 am
da xalx67
Purtroppo non sò dirvi molto in quanto il pc non è mio.. di sicuro sò che aveva provato a scaricare un gioco con tanto di crack sù eMule. Seguirò i vostri consigli scaricando il necessario e poi vi farò sapere. Mi chiedo come mai Avira non segnalava nulla..

Re: pubblicità invasiva

MessaggioInviato: mar ago 25, 2009 11:09 am
da xalx67
Questo è il log di malwarebytes. Mi dite se ci sono falsi positivi prima di cancellare?

Malwarebytes' Anti-Malware 1.40
Versione del database: 2693
Windows 6.0.6000

25/08/2009 12.12.02
mbam-log-2009-08-25 (12-11-40).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 219965
Tempo trascorso: 53 minute(s), 36 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kgdavz (Trojan.Agent.H) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
c:\Users\Andrea\AppData\Local\kgdavz.exe (Trojan.Agent.H) -> No action taken.
C:\Windows\service.exe (Backdoor.Bot) -> No action taken.

Re: pubblicità invasiva

MessaggioInviato: mar ago 25, 2009 11:23 am
da Amantide
Tutte le voci rilevate sono da rimuovere. Così dovrebbe sparire anche il problema delle pubblicità, anche se rimarranno ancora altri 3 file da eliminare, quindi la scansione con Combofix la farei lo stesso.

Re: pubblicità invasiva

MessaggioInviato: mar ago 25, 2009 11:47 am
da xalx67
Ok.. procedo e appena posso torno qui

Re: pubblicità invasiva

MessaggioInviato: mar ago 25, 2009 8:39 pm
da xalx67
Posto il log di Combofix. Se per voi è tutto regolare fatemi sapere

ComboFix 09-08-24.06 - Andrea 25/08/2009 21.20.12.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.1790.1106 [GMT 2:00]
Eseguito da: D:\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-292214054-3889295820-745551110-500
c:\$recycle.bin\S-1-5-21-3450396369-1997837415-3888786090-500
c:\$recycle.bin\S-1-5-21-562593655-1936356248-2708367035-500
c:\program files\QUAD Utilities
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Uninstall Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk
c:\users\Andrea\AppData\Local\kgdavz.dat
c:\users\Andrea\AppData\Local\kgdavz_nav.dat
c:\users\Andrea\AppData\Local\kgdavz_navps.dat
c:\users\Andrea\ntuser.dat{22980dba-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{29118dd5-c529-11dd-a7f3-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{5dabed32-a685-11dd-ac34-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{84ff134a-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{87039cf9-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{8ff21247-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{9a049f49-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{abb8e96f-e5ab-11dd-b07e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{acbd3e57-a1e8-11dd-a80e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{af49844a-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{b1a6b64a-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{df8f0bb2-7318-11de-b940-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{ef2ab3cb-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{f49a0d86-b4f7-11dd-8b3f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{f90ba611-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\users\Public\NTUSER.DAT{3c5da6ae-72ba-11dd-9db1-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Public\NTUSER.DAT{c1ad96bb-9165-11de-8c64-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{22980db8-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{84ff1348-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{87039cf7-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{8ff21245-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{9a049f42-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{af498448-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{b1a6b648-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{ef2ab3c9-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{f49a0d84-b4f7-11dd-8b3f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{f90ba60f-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{22980db6-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{7737ab70-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{77e9a07c-3d7a-11de-96fa-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{84ff1346-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{87039cf5-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{8ff21243-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{9a049f40-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{a9d1a56b-ff28-11dd-baab-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{af498446-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{b1a6b646-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{ef2ab3c7-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{f90ba60d-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\config\systemprofile\ntuser.dat{d17a10b3-755e-11db-9150-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{7737ab74-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{7737ab72-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{53a0cdfb-85ed-11de-987c-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2009-07-25 al 2009-08-25 )))))))))))))))))))))))))))))))))))
.

2009-08-25 19:26 . 2009-08-25 19:30 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2009-08-25 08:49 . 2009-08-25 08:49 3942048 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-25 08:49 . 2009-08-25 08:49 -------- d-----w- c:\users\Andrea\AppData\Roaming\Malwarebytes
2009-08-25 08:49 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 08:49 . 2009-08-25 10:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 08:49 . 2009-08-25 08:49 -------- d-----w- c:\programdata\Malwarebytes
2009-08-25 08:49 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-11 20:04 . 2009-08-11 20:04 -------- d-----w- c:\program files\ESET
2009-08-11 11:41 . 2009-08-11 11:41 -------- d-----w- c:\users\Andrea\AppData\Roaming\FunkyEmoticons
2009-08-11 11:40 . 2009-08-25 06:38 90 ----a-w- c:\users\Andrea\AppData\Local\gaslm.bat
2009-08-11 11:40 . 2009-08-17 12:46 -------- d-----w- c:\program files\FunkyEmoticons
2009-08-11 07:04 . 2009-08-11 07:04 -------- d-----w- c:\windows\system32\wbem\en-US
2009-08-11 07:03 . 2006-11-02 09:45 99840 ----a-w- c:\windows\system32\poqexec.exe
2009-08-05 21:19 . 2009-08-05 21:19 -------- d-----w- c:\programdata\Electronic Arts
2009-08-05 21:17 . 2009-08-05 21:17 10134 ----a-r- c:\users\Andrea\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-08-05 21:17 . 2009-08-05 21:17 -------- d-----w- c:\program files\Microsoft WSE
2009-08-04 14:31 . 2009-08-10 20:47 -------- d-----w- c:\program files\HiYo
2009-08-04 14:31 . 2009-08-04 14:31 -------- d-----w- c:\program files\HiYo(15)
2009-08-04 14:31 . 2009-08-04 14:31 -------- d-----w- c:\programdata\HiYo
2009-08-02 20:11 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-08-02 20:11 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-02 20:11 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-02 20:11 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-08-02 20:11 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-02 20:11 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 16:10 . 2007-07-23 10:39 739418 ----a-w- c:\windows\system32\perfh010.dat
2009-08-25 16:10 . 2007-07-23 10:39 136940 ----a-w- c:\windows\system32\perfc010.dat
2009-08-22 23:11 . 2007-07-24 06:26 7428 ----a-w- c:\windows\bthservsdp.dat
2009-08-14 06:15 . 2008-08-29 12:40 -------- d-----w- c:\programdata\NOS
2009-08-14 06:15 . 2008-08-29 12:40 -------- d-----w- c:\program files\NOS
2009-08-13 11:25 . 2008-08-05 17:08 -------- d-----w- c:\users\Andrea\AppData\Roaming\Datalayer
2009-08-05 21:55 . 2007-07-24 06:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-02 21:55 . 2008-08-24 20:43 -------- d-----w- c:\program files\Java
2009-08-02 21:55 . 2008-08-02 15:16 -------- d-----w- c:\programdata\McAfee
2009-07-18 12:17 . 2009-07-29 06:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 12:10 . 2009-07-29 06:32 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-07-18 12:10 . 2009-07-29 06:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 12:07 . 2009-07-29 06:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-18 10:00 . 2009-07-29 06:32 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 08:34 . 2009-07-29 06:32 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-17 14:52 . 2009-08-12 06:24 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:02 . 2009-08-12 06:24 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 13:01 . 2009-08-12 06:24 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 13:00 . 2009-08-12 06:24 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 11:11 . 2009-08-12 06:24 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-13 20:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 19:42 . 2007-07-24 07:20 -------- d-----w- c:\programdata\Microsoft Help
2009-06-29 17:23 . 2008-07-13 14:01 1469 ----a-w- c:\windows\system32\dmlg.dat
2009-06-10 12:16 . 2009-08-12 06:24 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:10 . 2009-08-12 06:24 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-06-10 12:10 . 2009-08-12 06:24 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-06-10 12:09 . 2009-08-12 06:24 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-06-10 12:07 . 2009-08-12 06:24 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-06-10 12:04 . 2009-08-12 06:24 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 12:04 . 2009-08-12 06:24 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-06-04 12:47 . 2009-08-12 06:24 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-06-04 12:43 . 2009-08-12 06:24 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-04 12:36 . 2009-08-12 06:24 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-05-28 10:34 . 2008-08-25 16:20 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-25 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-07-24 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"funkyemoticons"="c:\program files\FunkyEmoticons\FunkyEmoticons.exe" [2009-06-16 283360]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-13 4489216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"NoHotStart"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2678460D-99CF-4E82-A29F-B754DA30836F}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{2CAE3635-4861-4AB2-8103-57AF1E6D92A6}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B06ED532-2DB8-47A4-B09E-D2C286E3D1EC}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{E6457DB7-AF38-4008-8AFC-38C39D9036F6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EFAF95C7-A3F2-4825-83F0-4BE3F09E857C}"= UDP:c:\program files\eMule\emule.exe:eMule
"{EA8394C2-884E-4757-A517-D65118FBA5D1}"= TCP:c:\program files\eMule\emule.exe:eMule
"{2C0CA1C5-679D-4A54-8720-4715B8D734E3}"= UDP:4662:emule
"{B833CCFE-4AF2-4163-A200-3619008935E8}"= TCP:4672:emule
"{2578937F-2030-48E3-8989-7E82B119C18D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{CBE76F0F-0ABA-4220-B52C-6A6C44AB9E94}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{09FEE12B-09D5-4C68-82BD-7858C18C4D35}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{4A3FA78A-565A-4AEC-9E7E-E2E84340DBFD}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{AD632BD9-713D-4033-B40C-25ED311F4DB5}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{48968542-F5F6-4CA8-BAF3-125FCB53405C}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{CE418E73-6ADB-4799-921A-8C377343A078}c:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{B24910AF-E010-4734-981E-AC4AF856DD4A}c:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"{A2472324-6CE2-4411-8B4C-11413CFC92DD}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{4CB7199A-8DC9-4E5F-9895-6869129271D2}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{2AFC5046-7666-4BE7-BC55-AE2A80CF6842}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{567CD6BA-0BDC-44CD-80AE-4A248D758284}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{8810595A-D5C0-49EF-B50F-A80CFE3D057E}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{28397C4B-2E78-4E2E-9D55-05DF90A97E9E}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{1CC5E430-3565-4FC9-864E-13CD0BC98E35}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BB0C4316-53EF-4878-B470-531A014F88DE}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{1CC9E3FA-4CED-46B1-9750-ECD4143ABF66}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{26D3B96A-E310-4E1B-9712-82278FDDA55B}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{D0826226-31A4-4A61-AA0A-EA605EAEE811}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{DADAFDED-0FAD-4E0F-993F-783F31C88881}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 BcmSqlStartupSvc;Servizio di avvio SQL Server di Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 10.41.32 30312]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [24/07/2007 8.47.36 13312]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22.31.10 29263712]
S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [02/11/2006 12.25.17 2589184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-25 c:\windows\Tasks\User_Feed_Synchronization-{B336C6D4-5DE7-4FCC-B5EF-5611F88722CF}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\c8ho9gga.default\
FF - prefs.js: browser.search.selectedEngine - Trova Rapido
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 21:29
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\windows\TEMP\TMP0000000C2AB4F2574B183A76 524288 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="26B776B63C5CA2F961E0F68D48CC4A6CCAF1420D8430DF54DCF0D1AB75DEA9EBD47AE753458C703031A9D90377B3354290922FF6E717385E58BE8C609B4AC9DAAB506FB6E05871B9BA9BBD8AC06A60D0CEE71E75BC8D3772BE312812657A9BBA21FE6088B1F8995BD64B80A43ACA5B81637A99862F2FAA4313DD7ED732EAC929F94F7E986D6B92BBB253F4FA0FF36C267F53A2C97F5B966BAE60DB6876DB34A7530D06D7DE7136E24FD063FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407FEBC9E127BECC74C375D31A7EC65959FC484FE59CB1C709693960D1B9122DF23B728AC41FB1701F880AAF5CE0966591E06C1ADDC4A53BD3E437BAEC9C64EC749414D6A45EC20DDD94EE7F89C98DEC6F1CCD2B167A03AD0900BE260F47E118B812F7502937ADA0C93B0019029F362410FE27C638E324ADF880E861E4C456751759F6C2E1C78EB429FDD785A3DD959B3DBB492E019C3D0A39B132F243689A442475193EC00A048BB6AADE236DA69FE083056000A84016D5A30053E764C9FED0F8AA85F03970EBAB7D61DE9C7352B62B0DB7CC38580F795C5A1F22559DABD3D6947ACD7766BC2627B38CD4AF6B18668222002EF3CF29A132BBC90EAD8E5806007790A1813BA2133CDD70456F1EE4948D33463A9DA74BE0154C7B22D42A0E778249090D26777F273F9732A72A53AA48E44BF432C524FA0D08F7855992776D47C7FF0B3C9C6C9E4BCD03B4A97C9982D1AF263E7C5D786DDC6AEF99873DD0291355A730CD6C98A857E24D518D3D3405E9E642FBA5965CC787D856ABC128118C6C0FCE2D4E549494BFB4D59E5C7809D95A521AACADBB68CD65FEF5DAB61EF3D068F31806E76E4480DCAA7552FA9504F1288B7CE47D8CEDFC3AE49DAED60CA29416A447E5D9E02FD885712CA8EC208A97A783689886D7099ED7F755BB321F8CBD0688B07C7844494DDDEF02C476EAE34D7F7333E08CB27BDE6BB5851CF4D24457078DBB57B651A6A9075AB65BC9F902B18E045C1E2BB3F04251EDC9CB71E3AEBBE5C9098661230130901ADD1F6DC3F7B0D5D8B5E5C96495984B8F0968863ECC8BE2A08B59EEE7BD5943D664425BB8D4BEA6E255259C99BDD41F0840900013399D8CA2585D972B22AE337CA0096EC13F1CB66B6CFE2D9CDE67F7E0F34016DC7CED7FBCD71F52A4FC10AD350BDC0B02DF8AC6D69FBA8DA3E7C44EE88C91335A7106B50ED5CF1B793FC8048F4ABBC5BFAA16F806AF1FBF70D5B7B23EFF0DFF51635A62DF218F14C7FF22420B7EAC6D662DED9ED69BD526FA0F3724EC5C437E3974D01CC50EE3DB25CEEB3B91B1041A00AD8935B1BE4C51422E95B7A11550C46F797D5BCFC1B40C6B46E54C7A825AECA5E6AAB"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3656)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\oodag.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\program files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-25 21.36.37 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-25 19:36

Pre-Run: 60.177.027.072 byte disponibili
Post-Run: 60.005.810.176 byte disponibili

424 --- E O F --- 2009-08-22 20:23

Grazie

Re: pubblicità invasiva

MessaggioInviato: mar ago 25, 2009 11:23 pm
da Amantide
Per quanto riguarda le seguenti rimozioni ne sono sicura al 100%

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-292214054-3889295820-745551110-500
c:\$recycle.bin\S-1-5-21-3450396369-1997837415-3888786090-500
c:\$recycle.bin\S-1-5-21-562593655-1936356248-2708367035-500
c:\program files\QUAD Utilities
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Uninstall Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk
c:\users\Andrea\AppData\Local\kgdavz.dat
c:\users\Andrea\AppData\Local\kgdavz_nav.dat
c:\users\Andrea\AppData\Local\kgdavz_navps.dat


Invece questi mi sanno tanto di file di sistema (anche se non uso Vista), e quindi forse sarà meglio ripristinarli dov'erano, restituendoli l'estensione originale [uhm]

c:\users\Andrea\ntuser.dat{22980dba-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{29118dd5-c529-11dd-a7f3-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{5dabed32-a685-11dd-ac34-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{84ff134a-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{87039cf9-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{8ff21247-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{9a049f49-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{abb8e96f-e5ab-11dd-b07e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{acbd3e57-a1e8-11dd-a80e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{af49844a-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{b1a6b64a-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{df8f0bb2-7318-11de-b940-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{ef2ab3cb-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{f49a0d86-b4f7-11dd-8b3f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{f90ba611-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\users\Public\NTUSER.DAT{3c5da6ae-72ba-11dd-9db1-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Public\NTUSER.DAT{c1ad96bb-9165-11de-8c64-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{22980db8-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{84ff1348-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{87039cf7-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{8ff21245-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{9a049f42-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{af498448-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{b1a6b648-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{ef2ab3c9-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{f49a0d84-b4f7-11dd-8b3f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{f90ba60f-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{22980db6-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{7737ab70-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{77e9a07c-3d7a-11de-96fa-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{84ff1346-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{87039cf5-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{8ff21243-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{9a049f40-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{a9d1a56b-ff28-11dd-baab-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{af498446-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{b1a6b646-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{ef2ab3c7-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{f90ba60d-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\config\systemprofile\ntuser.dat{d17a10b3-755e-11db-9150-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{7737ab74-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{7737ab72-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{53a0cdfb-85ed-11de-987c-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita


Sinceramente è la prima volta che vedo Combofix ad eliminare questi file [8)]

Re: pubblicità invasiva

MessaggioInviato: mer ago 26, 2009 8:40 am
da xalx67
Si Amantide.. qualcosa è andato storto in quanto dopo la pulizia il pc era impallato alla grande. Era la prima volta che usavo Combofix e, da quello che ho visto, fà tutto in automatico, quindi non ho sbagliato settaggi io. Fortunatamente ha creato un punto di ripristino che poi ho utilizzato. Quando avrò il pc sotto mano procederò con una pulitura manuale dei file che mi hai indicato come sicura zozzeria. Resta il fatto che non riesco a creare punti di ripristino in manuale e non se ne creano neanche in automatico, tranne se vengono fatte installazioni di aggiornamenti o software tipo Combofix. L' errore restituito è riportato ad inizio post.
Grazie per l' aiuto

Re: pubblicità invasiva

MessaggioInviato: mer ago 26, 2009 12:19 pm
da Amantide
xalx67 ha scritto: L' errore restituito è riportato ad inizio post.

L'unico consiglio che ti posso dare e vedere se trovi qualcosa di utile qui [boh]
Tutti gli orari sono UTC + 1 ora [ ora legale ]
Pagina 1 di 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/