www.MegaLab.it

da **luan88** » ven mar 20, 2009 7:46 pm

ho scaricato findykill e combofix e ho fatto entrambe le scansioni come suggerito......vi posto i log.txt

############################## [ FindyKill V4.720 ]

# User : Gino (Administrators) # GINO-DB9E6BDD11
# Update on 19/03/09 by Chiquitine29
# Start at: 19.05.39 | 20/03/2009

# AMD Sempron(tm) Processor 2600+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 74,52 Go (67,41 Go free) # NTFS
# D:\ # Disco CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\documents and settings\gino\impostazioni locali\dati applicazioni\atfbm.exe
C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\Gino\Dati applicazioni\m\flec006.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected processes stopped ]

"C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe" (704)
"C:\Documents and Settings\Gino\Dati applicazioni\m\flec006.exe" (4016)
"C:\WINDOWS\system32\wintems.exe" (2804)

################## [ Infected Files / Folders C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

Deleted ! - "C:\WINDOWS\system32\drivers\down"

################## [ C:\.. Application Data ... ]

Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\list.oct"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\data.oct"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\shared"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\downld"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers"

################## [ Registry / Infected keys ]

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]

# Deleting files :

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe
CRC32 .. : d8f3958d
MD5 .... : 23df44d298f1a9fd16fa87cfeefcc65f

Deleted ! : [15cd9751] C:\Programmi\eMule\Incoming\PC Sport 2008 7.0.0.12(4).zip

Deleted ! : C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
# Taille : 806912 # MD5 : 23DF44D298F1A9FD16FA87CFEEFCC65F

################## [ PEH Corrupted ]

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\system32\dllcache\sysinfo.exe

################## [ ! End of Report # FindyKill V4.720 ! ]

ComboFix 09-03-19.02 - Gino 2009-03-20 19.18.15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.255.88 [GMT 1:00]
Eseguito da: c:\documents and settings\Gino\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm.dat
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm.exe
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm_nav.dat
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm_navps.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\aplib.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-02-20 al 2009-03-20 )))))))))))))))))))))))))))))))))))
.

2009-03-20 19:03 . 2009-03-20 19:10 <DIR> d-------- c:\programmi\FindyKill
2009-03-20 18:25 . 2009-03-20 18:25 <DIR> d-------- c:\programmi\Trend Micro
2009-03-20 18:05 . 2009-03-20 18:05 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\AVGTOOLBAR
2009-03-20 16:45 . 2009-03-20 16:45 <DIR> d---s---- c:\documents and settings\utente\UserData
2009-03-19 16:37 . 2009-03-19 16:37 <DIR> d-------- c:\programmi\Pirelli
2009-03-19 16:37 . 2004-04-20 16:24 52,864 --a------ c:\windows\system32\drivers\CnxTrUsb.sys
2009-03-19 16:37 . 2004-04-20 16:24 25,984 --a------ c:\windows\system32\drivers\CnxTrLan.sys
2009-03-19 16:36 . 2009-03-19 16:41 <DIR> d-------- c:\programmi\Alice ti aiuta
2009-03-19 16:30 . 2009-03-19 16:30 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Motive
2009-03-13 17:25 . 2001-08-30 23:08 99,328 --a------ c:\windows\system32\srusd.dll
2009-03-13 17:25 . 2001-08-30 23:08 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-03-13 17:25 . 2001-08-30 23:07 71,680 --a------ c:\windows\system32\fnfilter.dll
2009-03-13 17:25 . 2001-08-30 23:07 71,680 --a--c--- c:\windows\system32\dllcache\fnfilter.dll
2009-03-13 17:25 . 2001-08-30 22:28 6,912 --a------ c:\windows\system32\drivers\serscan.sys
2009-03-13 17:25 . 2001-08-30 22:28 6,912 --a--c--- c:\windows\system32\dllcache\serscan.sys
2009-03-13 17:22 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-13 17:22 . 2001-08-17 22:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-03-13 17:21 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-13 17:21 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-03-13 17:21 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-13 17:21 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-20 17:13 . 2004-08-30 21:00 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-02-20 17:04 . 2004-08-30 21:00 1,086,058 -ra------ c:\windows\SET33.tmp
2009-02-20 17:04 . 2004-08-30 21:00 1,014,202 -ra------ c:\windows\SET30.tmp
2009-02-20 17:04 . 2004-08-30 21:00 14,043 -ra------ c:\windows\SET3F.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 17:36 --------- d-----w c:\programmi\BitComet
2009-03-20 17:09 --------- d-----w c:\programmi\Euro Gunz Client 8.5.6
2009-03-20 17:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-19 15:36 --------- d-----w c:\programmi\Motive
2009-03-19 10:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-02-20 16:31 --------- d-----w c:\programmi\eMule
2009-02-20 16:26 --------- d-----w c:\programmi\GV Principessa Casino
2009-02-20 15:50 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\CasinoOnNet
2009-02-20 08:45 --------- d-----w c:\programmi\Alwil Software
2009-02-19 11:23 --------- d-----w c:\programmi\Google
2009-02-18 14:36 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-02-13 20:07 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\AVGTOOLBAR
2009-02-08 11:34 --------- d-----w c:\programmi\Crea i tuoi calendari!
2009-02-08 11:30 8 --sha-w c:\programmi\.drv120405.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data211204.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data211004.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data110704.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.dat000002.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.dat000001.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.drv190904.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.drv120205.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.data001.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.data000.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.app190905.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.addit001.dat
2009-02-08 11:22 --------- d-----w c:\programmi\Eazel-IT
2009-02-08 11:16 --------- d-----w c:\programmi\Conduit
2009-02-08 10:09 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-02 16:09 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-02-01 14:39 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\Motive
2009-02-01 11:52 --------- d-----w c:\programmi\Messenger Plus! Live
2009-01-31 14:41 155,995 ----a-w c:\windows\java\Packages\2CTV5R3X.ZIP
2009-01-31 14:41 --------- d-----w c:\programmi\Common Files
2009-01-31 14:40 --------- d-----w c:\programmi\Telecom Italia
2009-01-28 15:32 --------- d-----w c:\programmi\Windows Live SkyDrive
2009-01-28 15:32 --------- d-----w c:\programmi\Windows Live
2009-01-28 15:32 --------- d-----w c:\programmi\Microsoft
2009-01-28 15:27 --------- d-----w c:\programmi\File comuni\Windows Live
2009-01-28 13:55 --------- d-----w c:\programmi\D-Link
2009-01-28 12:01 --------- d-----w c:\programmi\SereneScreen
2009-01-28 11:58 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-28 11:54 --------- d-----w c:\programmi\Microsoft.NET
2009-01-28 11:54 --------- d-----w c:\programmi\Microsoft Works
2009-01-28 11:48 --------- d-----w c:\programmi\File comuni\Ahead
2009-01-28 11:48 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\Ahead
2009-01-28 11:47 --------- d-----w c:\programmi\Nero
2009-01-28 11:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-01-28 11:22 --------- d-----w c:\programmi\File comuni\InstallShield
2009-01-28 11:22 --------- d-----w c:\programmi\AMD
2009-01-28 10:38 --------- d-----w c:\programmi\microsoft frontpage
2009-01-28 10:36 --------- d-----w c:\programmi\Servizi in linea
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdc465a-cf20-4b82-9a26-47c9dc52fa32}"= "c:\programmi\Eazel-IT\tbEaze.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdc465a-cf20-4b82-9a26-47c9dc52fa32}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-30 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CnxTrApp"="c:\programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll" [2004-04-20 247296]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-03-19 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\permchk32]
2005-02-08 13:43 12800 c:\windows\system32\permchk32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\BitComet\\BitComet.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17564:TCP"= 17564:TCP:BitComet 17564 TCP
"17564:UDP"= 17564:UDP:BitComet 17564 UDP
"4452:TCP"= 4452:TCP:messenger

R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [2009-01-28 29696]
S2 permchk32;MSWC Permission Checker;rundll32.exe c:\windows\system32\permchk32.dll,ocib -->

rundll32.exe c:\windows\system32\permchk32.dll,ocib [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - IP6FW
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-20 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 11:36]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - c:\programmi\PHPNukeIT\tbPHP0.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-atfbm - c:\documents and settings\gino\impostazioni locali\dati applicazioni\atfbm.exe

.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {1F4D7DBD-4AB9-4C13-AE96-C5CAA2826563} = 85.37.17.49 85.38.28.91
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 19:19:35
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\permchk32.dll
.
Ora fine scansione: 2009-03-20 19.21.09
ComboFix-quarantined-files.txt 2009-03-20 18:20:55

Pre-Run: 72.696.131.584 byte disponibili
Post-Run: 73,791,578,112 byte disponibili

175

cosa devo fare adesso?

da **ste_95** » ven mar 20, 2009 7:53 pm

Correggi i log secondo le queste regole.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto: Files to delete: c:\windows\system32\permchk32.dll Registry keys to delete: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\permchk32

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti.

Poi dai una passata con questo tool. [^]

da **luan88** » ven mar 20, 2009 8:09 pm

ecco le correzzioni:

############################## [ FindyKill V4.720 ]

# User : Gino (Administrators) # GINO-DB9E6BDD11
# Update on 19/03/09 by Chiquitine29
# Start at: 19.05.39 | 20/03/2009

# AMD Sempron(tm) Processor 2600+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 74,52 Go (67,41 Go free) # NTFS
# D:\ # Disco CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\documents and settings\gino\impostazioni locali\dati applicazioni\atfbm.exe
C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\Gino\Dati applicazioni\m\flec006.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected processes stopped ]

"C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe" (704)
"C:\Documents and Settings\Gino\Dati applicazioni\m\flec006.exe" (4016)
"C:\WINDOWS\system32\wintems.exe" (2804)

################## [ Infected Files / Folders C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

Deleted ! - "C:\WINDOWS\system32\drivers\down"

################## [ C:\.. Application Data ... ]

Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\list.oct"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\data.oct"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\shared"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\downld"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers"

################## [ Registry / Infected keys ]

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]

# Deleting files :

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe
CRC32 .. : d8f3958d
MD5 .... : 23df44d298f1a9fd16fa87cfeefcc65f

Deleted ! : [15cd9751] C:\Programmi\eMule\Incoming\PC Sport 2008 7.0.0.12(4).zip

Deleted ! : C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
# Taille : 806912 # MD5 : 23DF44D298F1A9FD16FA87CFEEFCC65F

################## [ PEH Corrupted ]

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\system32\dllcache\sysinfo.exe

################## [ ! End of Report # FindyKill V4.720 ! ]

ComboFix 09-03-19.02 - Gino 2009-03-20 19.18.15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.255.88 [GMT 1:00]
Eseguito da: c:\documents and settings\Gino\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm.dat
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm.exe
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm_nav.dat
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm_navps.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\aplib.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-02-20 al 2009-03-20 )))))))))))))))))))))))))))))))))))
.

2009-03-20 19:03 . 2009-03-20 19:10 <DIR> d-------- c:\programmi\FindyKill
2009-03-20 18:25 . 2009-03-20 18:25 <DIR> d-------- c:\programmi\Trend Micro
2009-03-20 18:05 . 2009-03-20 18:05 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\AVGTOOLBAR
2009-03-20 16:45 . 2009-03-20 16:45 <DIR> d---s---- c:\documents and settings\utente\UserData
2009-03-19 16:37 . 2009-03-19 16:37 <DIR> d-------- c:\programmi\Pirelli
2009-03-19 16:37 . 2004-04-20 16:24 52,864 --a------ c:\windows\system32\drivers\CnxTrUsb.sys
2009-03-19 16:37 . 2004-04-20 16:24 25,984 --a------ c:\windows\system32\drivers\CnxTrLan.sys
2009-03-19 16:36 . 2009-03-19 16:41 <DIR> d-------- c:\programmi\Alice ti aiuta
2009-03-19 16:30 . 2009-03-19 16:30 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Motive
2009-03-13 17:25 . 2001-08-30 23:08 99,328 --a------ c:\windows\system32\srusd.dll
2009-03-13 17:25 . 2001-08-30 23:08 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-03-13 17:25 . 2001-08-30 23:07 71,680 --a------ c:\windows\system32\fnfilter.dll
2009-03-13 17:25 . 2001-08-30 23:07 71,680 --a--c--- c:\windows\system32\dllcache\fnfilter.dll
2009-03-13 17:25 . 2001-08-30 22:28 6,912 --a------ c:\windows\system32\drivers\serscan.sys
2009-03-13 17:25 . 2001-08-30 22:28 6,912 --a--c--- c:\windows\system32\dllcache\serscan.sys
2009-03-13 17:22 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-13 17:22 . 2001-08-17 22:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-03-13 17:21 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-13 17:21 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-03-13 17:21 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-13 17:21 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-20 17:13 . 2004-08-30 21:00 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-02-20 17:04 . 2004-08-30 21:00 1,086,058 -ra------ c:\windows\SET33.tmp
2009-02-20 17:04 . 2004-08-30 21:00 1,014,202 -ra------ c:\windows\SET30.tmp
2009-02-20 17:04 . 2004-08-30 21:00 14,043 -ra------ c:\windows\SET3F.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 17:36 --------- d-----w c:\programmi\BitComet
2009-03-20 17:09 --------- d-----w c:\programmi\Euro Gunz Client 8.5.6
2009-03-20 17:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-19 15:36 --------- d-----w c:\programmi\Motive
2009-03-19 10:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-02-20 16:31 --------- d-----w c:\programmi\eMule
2009-02-20 16:26 --------- d-----w c:\programmi\GV Principessa Casino
2009-02-20 15:50 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\CasinoOnNet
2009-02-20 08:45 --------- d-----w c:\programmi\Alwil Software
2009-02-19 11:23 --------- d-----w c:\programmi\Google
2009-02-18 14:36 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-02-13 20:07 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\AVGTOOLBAR
2009-02-08 11:34 --------- d-----w c:\programmi\Crea i tuoi calendari!
2009-02-08 11:30 8 --sha-w c:\programmi\.drv120405.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data211204.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data211004.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data110704.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.dat000002.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.dat000001.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.drv190904.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.drv120205.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.data001.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.data000.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.app190905.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.addit001.dat
2009-02-08 11:22 --------- d-----w c:\programmi\Eazel-IT
2009-02-08 11:16 --------- d-----w c:\programmi\Conduit
2009-02-08 10:09 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-02 16:09 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-02-01 14:39 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\Motive
2009-02-01 11:52 --------- d-----w c:\programmi\Messenger Plus! Live
2009-01-31 14:41 155,995 ----a-w c:\windows\java\Packages\2CTV5R3X.ZIP
2009-01-31 14:41 --------- d-----w c:\programmi\Common Files
2009-01-31 14:40 --------- d-----w c:\programmi\Telecom Italia
2009-01-28 15:32 --------- d-----w c:\programmi\Windows Live SkyDrive
2009-01-28 15:32 --------- d-----w c:\programmi\Windows Live
2009-01-28 15:32 --------- d-----w c:\programmi\Microsoft
2009-01-28 15:27 --------- d-----w c:\programmi\File comuni\Windows Live
2009-01-28 13:55 --------- d-----w c:\programmi\D-Link
2009-01-28 12:01 --------- d-----w c:\programmi\SereneScreen
2009-01-28 11:58 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-28 11:54 --------- d-----w c:\programmi\Microsoft.NET
2009-01-28 11:54 --------- d-----w c:\programmi\Microsoft Works
2009-01-28 11:48 --------- d-----w c:\programmi\File comuni\Ahead
2009-01-28 11:48 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\Ahead
2009-01-28 11:47 --------- d-----w c:\programmi\Nero
2009-01-28 11:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-01-28 11:22 --------- d-----w c:\programmi\File comuni\InstallShield
2009-01-28 11:22 --------- d-----w c:\programmi\AMD
2009-01-28 10:38 --------- d-----w c:\programmi\microsoft frontpage
2009-01-28 10:36 --------- d-----w c:\programmi\Servizi in linea
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdc465a-cf20-4b82-9a26-47c9dc52fa32}"= "c:\programmi\Eazel-IT\tbEaze.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdc465a-cf20-4b82-9a26-47c9dc52fa32}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-30 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CnxTrApp"="c:\programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll" [2004-04-20 247296]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-03-19 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\permchk32]
2005-02-08 13:43 12800 c:\windows\system32\permchk32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\BitComet\\BitComet.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17564:TCP"= 17564:TCP:BitComet 17564 TCP
"17564:UDP"= 17564:UDP:BitComet 17564 UDP
"4452:TCP"= 4452:TCP:messenger

R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [2009-01-28 29696]
S2 permchk32;MSWC Permission Checker;rundll32.exe c:\windows\system32\permchk32.dll,ocib -->

rundll32.exe c:\windows\system32\permchk32.dll,ocib [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - IP6FW
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-20 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 11:36]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - c:\programmi\PHPNukeIT\tbPHP0.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-atfbm - c:\documents and settings\gino\impostazioni locali\dati applicazioni\atfbm.exe

.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {1F4D7DBD-4AB9-4C13-AE96-C5CAA2826563} = 85.37.17.49 85.38.28.91
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 19:19:35
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\permchk32.dll
.
Ora fine scansione: 2009-03-20 19.21.09
ComboFix-quarantined-files.txt 2009-03-20 18:20:55

Pre-Run: 72.696.131.584 byte disponibili
Post-Run: 73,791,578,112 byte disponibili

175

da **luan88** » ven mar 20, 2009 8:23 pm

ho scaricato avenger, ho fatto la scansione e questo è il risultato:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "c:\windows\system32\permchk32.dll" deleted successfully.
Registry key "HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\permchk32" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

da **ste_95** » ven mar 20, 2009 8:29 pm

ste_95 ha scritto:Poi dai una passata con questo tool.

da **luan88** » ven mar 20, 2009 8:32 pm

ho già provato a scaricarlo ma non va...mi dice che non è stato installato correttamente... che faccio??

da **ste_95** » ven mar 20, 2009 8:33 pm

luan88 ha scritto:ho già provato a scaricarlo ma non va...mi dice che non è stato installato correttamente... che faccio??

Non capisco... A me funziona senza problemi. Qual è, di preciso, l'errore?

da **luan88** » ven mar 20, 2009 8:39 pm

errore di applicazione (0xc0000135)

da **luan88** » ven mar 20, 2009 8:54 pm

niente da fare...mi dà sempre lo stesso errore... boh [cry+]

da **ste_95** » sab mar 21, 2009 7:27 am

luan88 ha scritto:niente da fare...mi dà sempre lo stesso errore... boh

Dovresti essere comunque essere in grado di reinstallare l'antivirus, ma ti sarei grato se mi aiutassi a risolvere questo problema, visto che non riesco a venirne a capo. Hai il .NET FrameWork 3.5 installato?

da **Andy94** » sab mar 21, 2009 7:42 am

Ho provato il programma personalmente e funziona.
Quindi è sicuramente il net framework, devi installare una delle ultime versioni.
Puoi trovare il 3.5SP1 a questo indirizzo.

da **luan88** » sab mar 21, 2009 9:46 am

installo il 3.5SP1 o il 3.5 e mi dice che devo prima istallare windows installer 3.1, ora è in corso l'installazione del 3.1 poi inizio quella del 3.5 e vi faccio sapere.. ok?

da **luan88** » sab mar 21, 2009 9:49 am

ok...sta installando microsoft. net framenwork! [:)]

è un passo avanti!!

da **ste_95** » sab mar 21, 2009 10:15 am

da **luan88** » sab mar 21, 2009 10:25 am

ripristino completato.....ok! ora dovrebbe essere tutto apposto, come antivirus ho kaspersky anti-virus 2009 va bene?

grazieeeeeeeeeeeeee 10000000000000

da **ste_95** » sab mar 21, 2009 12:25 pm

luan88 ha scritto:kaspersky anti-virus 2009 va bene?

Meglio Avira Antivir, nei test risulta più efficace. Con la versione 9 anche la versione gratuita integra un modulo anti-spyware e sei protetto al 100%. [^]

da **Amantide** » sab mar 21, 2009 12:45 pm

ste_95 ha scritto:
luan88 ha scritto:kaspersky anti-virus 2009 va bene?

Meglio Avira Antivir, nei test risulta più efficace. Con la versione 9 anche la versione gratuita integra un modulo anti-spyware e sei protetto al 100%.

Uso da sempre Kaspersky sul mio pc desktop e non ho mai avuto i problemi... e non mi dire che tanto io potrei benissimo cavarmela anche senza l'antivirus [bleh]

, quel pc lo usano anche il mio marito e mio figlio.

Invece sul portatile di mio marito, con Antivir installato, non passa nemmeno una settimana che mi tocca ripulirlo da qualche schifezza [XX(]

www.MegaLab.it

APLLICAZIONE DI WIN32 NOIN VALIDA

APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Re: APLLICAZIONE DI WIN32 NOIN VALIDA

Chi c’è in linea