Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Virus CID
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Mistert
Mortale pio
Mortale pio


Registrato: 05/08/07 23:48
Messaggi: 25
MessaggioInviato: 07 Ago 2007 18:55    Oggetto: Rispondi citando
bdoriano ha scritto:
Disattivare il ripristino di sistema

Edit:
Fai la scansione con Virit come ti ha consigliato Orange. Ti eliminerà parecchi ospiti indesiderati.

ora sto usando CCleaner, ma quella cartella che mi ha indicato che devo cancellare....non la trovoo Sad
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Ago 2007 18:58    Oggetto: Rispondi citando
Mistert ha scritto:
bdoriano ha scritto:
Disattivare il ripristino di sistema

Edit:
Fai la scansione con Virit come ti ha consigliato Orange. Ti eliminerà parecchi ospiti indesiderati.

ora sto usando CCleaner, ma quella cartella che mi ha indicato che devo cancellare....non la trovoo Sad

Se usi Virit, te la trova lui! Twisted Evil Wink
Top
Profilo Invia messaggio privato
Mistert
Mortale pio
Mortale pio


Registrato: 05/08/07 23:48
Messaggi: 25
MessaggioInviato: 07 Ago 2007 19:00    Oggetto: Rispondi citando
bdoriano ha scritto:
Mistert ha scritto:
bdoriano ha scritto:
Disattivare il ripristino di sistema

Edit:
Fai la scansione con Virit come ti ha consigliato Orange. Ti eliminerà parecchi ospiti indesiderati.

ora sto usando CCleaner, ma quella cartella che mi ha indicato che devo cancellare....non la trovoo Sad

Se usi Virit, te la trova lui! Twisted Evil Wink

ok, lo sto usando...poi devo attivare la modalità provvisoria?
Top
Profilo Invia messaggio privato
Mistert
Mortale pio
Mortale pio


Registrato: 05/08/07 23:48
Messaggi: 25
MessaggioInviato: 07 Ago 2007 19:41    Oggetto: Rispondi citando
in uno per ora mi dice "contattare il supporto tecnico TG soft" che vuol di?
Top
Profilo Invia messaggio privato
Mistert
Mortale pio
Mortale pio


Registrato: 05/08/07 23:48
Messaggi: 25
MessaggioInviato: 07 Ago 2007 20:15    Oggetto: Rispondi citando
ecco il risultato

Top
Profilo Invia messaggio privato
Mistert
Mortale pio
Mortale pio


Registrato: 05/08/07 23:48
Messaggi: 25
MessaggioInviato: 07 Ago 2007 20:25    Oggetto: Rispondi citando
questo il log attuale di HijackThis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20.24.55, on 07/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\VNICMon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Alcohol 120\StarWind\StarWindService.exe
C:\Programmi\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Febbius\Desktop\Fabio\Applicazioni\Antivirus-CID\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Borebows] C:\DOCUME~1\Febbius\DATIAP~1\PLANLO~1\64 gram.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://badangelbo.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 9257 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Ago 2007 21:29    Oggetto: Rispondi citando
Mistert ha scritto:
in uno per ora mi dice "contattare il supporto tecnico TG soft" che vuol di?

Vuol dire che é una variante nuova di qualche virus

Scarica AVENGER e scompattalo in una sua cartella non temporanea e non sul desktop, lo useremo dopo.

Avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
Citazione:
O4 - HKCU\..\Run: [Borebows] C:\DOCUME~1\Febbius\DATIAP~1\PLANLO~1\64 gram.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

clicca fix checked
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo

Hai disattivato il ripristino di sistema?

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
C:\Documents and Settings\All Users\Dati applicazioni\01cashadmineach\freeinternet.exe
C:\Documents and Settings\All Users\Dati applicazioni\01cashadmineach\Wipe Lite.exe
C:\Documents and Settings\All Users\Dati applicazioni\GREY THIS META JUMP\Coal Exit Aim.exe
C:\Documents and Settings\All Users\Dati applicazioni\Jump Poll Poke Mp3\byte flap.exe
C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\64 gram.exe
C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\cast long warn.exe
C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\cast more each.exe
C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\DvdEachTheShow.exe
C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\kzlkmwtw.exe
C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\oobfmxso.exe
C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\rfdaalhv.exe
C:\Documents and Settings\Febbius\Desktop\Fabio\Applicazioni\A_MSN_Monitor.exe
C:\Documents and Settings\Febbius\Desktop\Fabio\Applicazioni\Tutti codec per DivX.zip
C:\Documents and Settings\Febbius\Desktop\Fabio\Applicazioni\ultra_codec_pack(1).zip
C:\Documents and Settings\Matteo\Dati applicazioni\PLANLOGOKIND\64 gram.exe
C:\Documents and Settings\Matteo\Dati applicazioni\Sun\Java\Deployment\cache\6.0\16\1afaf450-5b20e800
C:\Documents and Settings\Matteo\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6ceac608-4726147c.zip

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato.
Top
Profilo Invia messaggio privato
Mistert
Mortale pio
Mortale pio


Registrato: 05/08/07 23:48
Messaggi: 25
MessaggioInviato: 07 Ago 2007 22:03    Oggetto: Rispondi citando
ecco cosa mi ha dato come risultato...
Ah come faccio a far si che VirIt Explorer non mi si avvi ad ogni avvio di windows? SmileGrazie

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gpefnvaj

*******************

Script file located at: \??\C:\uuodvhpe.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\All Users\Dati applicazioni\01cashadmineach\freeinternet.exe deleted successfully.
File C:\Documents and Settings\All Users\Dati applicazioni\01cashadmineach\Wipe Lite.exe deleted successfully.


File C:\Documents and Settings\All Users\Dati applicazioni\GREY THIS META JUMP\Coal Exit Aim.exe not found!
Deletion of file C:\Documents and Settings\All Users\Dati applicazioni\GREY THIS META JUMP\Coal Exit Aim.exe failed!

Could not process line:
C:\Documents and Settings\All Users\Dati applicazioni\GREY THIS META JUMP\Coal Exit Aim.exe
Status: 0xc0000034

File C:\Documents and Settings\All Users\Dati applicazioni\Jump Poll Poke Mp3\byte flap.exe deleted successfully.
File C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\64 gram.exe deleted successfully.
File C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\cast long warn.exe deleted successfully.


File C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\cast more each.exe not found!
Deletion of file C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\cast more each.exe failed!

Could not process line:
C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\cast more each.exe
Status: 0xc0000034

File C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\DvdEachTheShow.exe deleted successfully.
File C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\kzlkmwtw.exe deleted successfully.
File C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\oobfmxso.exe deleted successfully.


File C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\rfdaalhv.exe not found!
Deletion of file C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\rfdaalhv.exe failed!

Could not process line:
C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND\rfdaalhv.exe
Status: 0xc0000034

File C:\Documents and Settings\Febbius\Desktop\Fabio\Applicazioni\A_MSN_Monitor.exe deleted successfully.
File C:\Documents and Settings\Febbius\Desktop\Fabio\Applicazioni\Tutti codec per DivX.zip deleted successfully.
File C:\Documents and Settings\Febbius\Desktop\Fabio\Applicazioni\ultra_codec_pack(1).zip deleted successfully.
File C:\Documents and Settings\Matteo\Dati applicazioni\PLANLOGOKIND\64 gram.exe deleted successfully.
File C:\Documents and Settings\Matteo\Dati applicazioni\Sun\Java\Deployment\cache\6.0\16\1afaf450-5b20e800 deleted successfully.
File C:\Documents and Settings\Matteo\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6ceac608-4726147c.zip deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Ago 2007 22:51    Oggetto: Rispondi citando
Mistert ha scritto:
Ah come faccio a far si che VirIt Explorer non mi si avvi ad ogni avvio di windows?

Non ho sotto mano virit e non te lo so dire... prova a guardare nelle sue opzioni. Razz

Direi che avenger ha fatto bene il suo dovere. Wink
Gli errori segnalati sono dovuti al fatto che ti facevo cancellare files già eliminati da virit.

Mi sono dimenticato di farti cancellare le directory dei virus... Laughing

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Folders to delete:
C:\Documents and Settings\All Users\Dati applicazioni\01cashadmineach
C:\Documents and Settings\All Users\Dati applicazioni\GREY THIS META JUMP
C:\Documents and Settings\All Users\Dati applicazioni\Jump Poll Poke Mp3
C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND
C:\Documents and Settings\Matteo\Dati applicazioni\PLANLOGOKIND

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato.

Rifai anche un log aggiornato di hijackthis.
Top
Profilo Invia messaggio privato
Mistert
Mortale pio
Mortale pio


Registrato: 05/08/07 23:48
Messaggi: 25
MessaggioInviato: 07 Ago 2007 23:28    Oggetto: Rispondi citando
allora quando sn tornato su xp, dopo il riavvio mi chiedeva queste cose



io ho fatto "continua" e ok nell'altra richiesta di vitrIt

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ehmisnrd

*******************

Script file located at: \??\C:\WINDOWS\rudccrvx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Documents and Settings\All Users\Dati applicazioni\01cashadmineach deleted successfully.
Folder C:\Documents and Settings\All Users\Dati applicazioni\GREY THIS META JUMP deleted successfully.
Folder C:\Documents and Settings\All Users\Dati applicazioni\Jump Poll Poke Mp3 deleted successfully.
Folder C:\Documents and Settings\Febbius\Dati applicazioni\PLANLOGOKIND deleted successfully.
Folder C:\Documents and Settings\Matteo\Dati applicazioni\PLANLOGOKIND deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

questo il logfile

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23.28.09, on 07/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\VNICMon.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\PowerDVD\PDVDServ.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Febbius\Desktop\Fabio\Applicazioni\Antivirus-CID\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Borebows] C:\DOCUME~1\Febbius\DATIAP~1\PLANLO~1\64 gram.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://badangelbo.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 9081 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Ago 2007 23:44    Oggetto: Rispondi citando
Che cosa curiosa, c'è ancora una riga che non dovrebbe esserci... Think
Citazione:
O4 - HKCU\..\Run: [Borebows] C:\DOCUME~1\Febbius\DATIAP~1\PLANLO~1\64 gram.exe


Prova a rifare lo scan con Kaspersky.
Top
Profilo Invia messaggio privato
Mistert
Mortale pio
Mortale pio


Registrato: 05/08/07 23:48
Messaggi: 25
MessaggioInviato: 08 Ago 2007 15:21    Oggetto: Rispondi citando
ecco il report di kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 08, 2007 3:15:25 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 8/08/2007
Kaspersky Anti-Virus database records: 377056
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 153471
Number of viruses found: 12
Number of infected objects: 43
Number of suspicious objects: 0
Duration of the scan process: 02:31:54

Infected Object Name / Virus Name / Last Action
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/1afaf450-5b20e800/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/1afaf450-5b20e800/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/1afaf450-5b20e800/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/1afaf450-5b20e800 Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/64 gram.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/64 gram.exe-ren-370 Infected: Trojan.Win32.Obfuscated.en skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/A_MSN_Monitor.exe/data0001 Infected: not-a-virus:Monitor.Win32.MsnChatMonitor.33 skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/A_MSN_Monitor.exe Infected: not-a-virus:Monitor.Win32.MsnChatMonitor.33 skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/byte flap.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/cast long warn.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/count.jar-6ceac608-4726147c.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/count.jar-6ceac608-4726147c.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/count.jar-6ceac608-4726147c.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/count.jar-6ceac608-4726147c.zip Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/DvdEachTheShow.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/freeinternet.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/kzlkmwtw.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/oobfmxso.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/Tutti codec per DivX.zip/DivXPro501GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3102 skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/Tutti codec per DivX.zip/DivXPro501GAINBundle.exe Infected: not-a-virus:AdWare.Win32.Gator.3102 skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/Tutti codec per DivX.zip Infected: not-a-virus:AdWare.Win32.Gator.3102 skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip/avenger/Wipe Lite.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\avenger\backup-07.08.2007-23.21.09,18.zip ZIP: infected - 22 skipped
C:\Documents and Settings\Febbius\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Febbius\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Febbius\Impostazioni locali\Cronologia\History.IE5\MSHist012007080820070809\index.dat Object is locked skipped
C:\Documents and Settings\Febbius\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Febbius\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Febbius\Impostazioni locali\Temp\bisFA8.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Febbius\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Febbius\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Febbius\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Franca-Lucio\Impostazioni locali\Temporary Internet Files\Content.IE5\0DMZOLYJ\rrjbcm[1].ani Infected: Exploit.Win32.IMG-ANI.k skipped
C:\Documents and Settings\Franca-Lucio\Impostazioni locali\Temporary Internet Files\Content.IE5\41AP6LG5\nthxanii[1].ani Infected: Exploit.Win32.IMG-ANI.k skipped
C:\Documents and Settings\Franca-Lucio\Impostazioni locali\Temporary Internet Files\Content.IE5\80XKFSBA\d[1].ddd Infected: Trojan.Win32.Dialer.ic skipped
C:\Documents and Settings\Franca-Lucio\Impostazioni locali\Temporary Internet Files\Content.IE5\80XKFSBA\p0[1].dat Infected: Trojan-Downloader.Win32.Agent.bcr skipped
C:\Documents and Settings\Franca-Lucio\Impostazioni locali\Temporary Internet Files\Content.IE5\8T6V0TSV\an[1].ani Infected: Exploit.Win32.IMG-ANI.k skipped
C:\Documents and Settings\Franca-Lucio\Impostazioni locali\Temporary Internet Files\Content.IE5\JRTNNP0W\p4[1].dat Infected: Trojan-Proxy.Win32.Agent.mi skipped
C:\Documents and Settings\Franca-Lucio\Impostazioni locali\Temporary Internet Files\Content.IE5\OPANSHUZ\beahblwf[1].ani Infected: Exploit.Win32.IMG-ANI.k skipped
C:\Documents and Settings\Laura\Dati applicazioni\PLANLOGOKIND\64 gram.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Laura\Impostazioni locali\Temporary Internet Files\Content.IE5\VTSYO5AC\index[1].htm Infected: Trojan-Downloader.JS.Psyme.cg skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matteo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Temp\10568.exe/(App) Easy Cd-Da Extractor Key Generator/ezcddax620kg.exe Infected: Trojan-Dropper.Win32.Agent.azv skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Temp\10568.exe RAR: infected - 1 skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Temp\5270.exe Infected: Trojan-Downloader.Win32.Agent.bcr skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Temp\6AE2F9.dmp Object is locked skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Temp\IH22E.tmp/(App) Easy Cd-Da Extractor Key Generator/ezcddax620kg.exe Infected: Trojan-Dropper.Win32.Agent.azv skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Temp\IH22E.tmp RAR: infected - 1 skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Temp\IH22E.tmp PE-Crypt.XorPE: infected - 1 skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Temp\IH917.tmp Infected: Trojan.Win32.Dialer.qi skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Temporary Internet Files\Content.IE5\B9FR6G9C\vyn[1].ani Infected: Exploit.Win32.IMG-ANI.k skipped
C:\Documents and Settings\Matteo\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matteo\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Matteo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alcohol 120\StarWind\logs\starwind.2007-08-08.10-05-40.log Object is locked skipped
C:\Programmi\DAP\History\Franca-Lucio\_lasthist.dat Object is locked skipped
C:\Programmi\DAP\History\Laura\_lasthist.dat Object is locked skipped
C:\Programmi\DAP\History\Matteo\_lasthist.dat Object is locked skipped
C:\Programmi\ESET\cache\CACHE.NDB Object is locked skipped
C:\Programmi\ESET\infected\FBTOKNBA.NQF Infected: Trojan.Win32.Dialer.qi skipped
C:\Programmi\ESET\infected\IQHGRADA.NQF Infected: Trojan.Win32.Dialer.qi skipped
C:\Programmi\ESET\logs\virlog.dat Object is locked skipped
C:\Programmi\ESET\logs\warnlog.dat Object is locked skipped
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\VEXPLITE\Febbius\reg.dat Object is locked skipped
C:\VEXPLITE\Matteo\reg.dat Object is locked skipped
C:\VEXPLITE\reg_ecc.dat Object is locked skipped
C:\VEXPLITE\VIRITMON.LOG Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd2845.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped
C:\WINDOWS\Temp\~DF2FC0.tmp Object is locked skipped
C:\WINDOWS\Temp\~DF2FE8.tmp Object is locked skipped
C:\WINDOWS\Temp\~DFADB4.tmp Object is locked skipped
C:\WINDOWS\Temp\~DFADDF.tmp Object is locked skipped
C:\WINDOWS\Temp\~DFE2CD.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 08 Ago 2007 19:48    Oggetto: Rispondi citando
Usa ATF-Cleaner o CCleaner per pulire i files temporanei.

Avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
Citazione:
O4 - HKCU\..\Run: [Borebows] C:\DOCUME~1\Febbius\DATIAP~1\PLANLO~1\64 gram.exe

clicca fix checked
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo.
Top
Profilo Invia messaggio privato
Mistert
Mortale pio
Mortale pio


Registrato: 05/08/07 23:48
Messaggi: 25
MessaggioInviato: 09 Ago 2007 00:28    Oggetto: Rispondi citando
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0.27.28, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\VNICMon.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Alcohol 120\StarWind\StarWindService.exe
C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Febbius\Desktop\Fabio\Applicazioni\Antivirus-CID\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://badangelbo.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 9008 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 09 Ago 2007 10:26    Oggetto: Rispondi citando
Sembra tutto ok. Wink
Tu rilevi ancora problemi?
Top
Profilo Invia messaggio privato
Mistert
Mortale pio
Mortale pio


Registrato: 05/08/07 23:48
Messaggi: 25
MessaggioInviato: 09 Ago 2007 11:39    Oggetto: Rispondi citando
bdoriano ha scritto:
Sembra tutto ok. Wink
Tu rilevi ancora problemi?

i cid non si vedono da un paio di gironi Smile
ho la connessione però un po lenta...bho...
a mi faresti un elenco di antivirus e programmini vari per tenere a posto il pc?
io per ora ho nod32 ma vorrei cambiarlo
grazie
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 09 Ago 2007 11:58    Oggetto: Rispondi
Per gli antivirus, puoi dare un'occhiata a questa discussione oppure a questo thread.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a Precedente  1, 2
Pagina 2 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi