Olimpo Informatico

[agatucc]

salve,sono nuova del vostro forum..ho un gran bisogno di aiuto perchè sto impazzendo...con spyware doctor ho rilevato numerose infezioni e minacce sto provando antivirus e antispyware ma non riesco a cancellarli, ecco il resoconto:
25 adware.hotbar
2 trojan.purity scan
5 dialer.instant_access

cHE FARE? vI PREGO DI AIUTARMI...

[Danielix]

Ciao e benvenuta. Forse conviene cominciare col dire che antivirus stai utilizzando, che ne dici?!

[bdoriano]

Ciao agatucc,

Segui le istruzioni di questo topic per postare il log di hijackthis.

PS: se vuoi, puoi presentarti qui

[agatucc]

sto utilizzando AVG sia come antivirus che come antispyware...poi ho anche installato avast antivirus e mi ha eliminato un bel pò di infezioni ma le minacce più grosse sono rimaste!

[agatucc]

sto leggendo la vostra guida per il pronto soccorso virus e provo a seguire le istruzioni installando HJT per rilevare le infezioni!

[agatucc]

ho seguito le indicazioni che mi avete postato,veramente molto chiare devo dire...nonostante l'ansia che mi assaliva!

in modalità provvisoria ho eseguito i porgrammi indicati con i seguenti risultati:
CwShredder:"none infected";
Ad_Adware 1.06 . "non è possibile effettuare l'installazione a causa dei criteri impostati dall'amministratore di sistema";
spybot Search & Destroy :"Error sending request. Ipossibile risolvere il nome del server o l'indirizzo;
Bit defender 8 free: "non è possibile effettuare l'installazione a causa dei criteri impostati dall'amministratore di sistema";
Ccleaner: fatto

successivamente ho avviato Hijack (HJT) e mi ha dato come risultato il seguente:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16.26.13, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\HJT\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/results.aspx?mkt=it-it&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidTemplatesFromClientWithLog?clid=1040&ver=12&app=osa.exe&p1=OF&p2=12&p3=1040&p4=6
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fvumlemldb] c:\documents and settings\utente\impostazioni locali\dati applicazioni\fvumlemldb.exe fvumlemldb
O4 - HKCU\..\Run: [eikwpzyfd] c:\windows\system32\eikwpzyfd.exe eikwpzyfd
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe

--
End of file - 7017 bytes


CHE FARE ADESSO???

[agatucc]

ho rifatto la scansione con spyware doctor e sono sempre risultati:
17 Adware Hotbar
2 Trojan Purity Scan
5 Dialer Instant Access

C'è qualche programma in particolare che posso usare?Quando mi connetto ad internet si aprono di continuo messaggi pubblicitari e il pc risulta rallentato ancora,anche se un pò meno dopo aver utilizzato Avast Antivirus.

[agatucc]

ed ecco cosa è risultato utilizzando FINDAWF:

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report


NON SO COSA VOGLIA PROPRIO DIRE!! che altro dovrei fare??

[bdoriano]

Segui le istruzioni di questo topic per postare il log di combofix.

[agatucc]

Ecco il report di COMBOFIX....Che fare ora??




ComboFix 08-01-06.5 - utente 2008-01-06 18.58.52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1399 [GMT 1:00]
Eseguito da: C:\Documents and Settings\utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\Config.xml
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\LocalService\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs
c:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\fvumlemldb.dat
c:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\fvumlemldb_nav.dat
c:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\fvumlemldb_navps.dat
C:\WINDOWS\recover.reg
C:\WINDOWS\system32\eikwpzyfd.dat
c:\WINDOWS\system32\eikwpzyfd_nav.dat
c:\WINDOWS\system32\eikwpzyfd_navps.dat
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((( Files Creati Da 2007-12-06 al 2008-01-06 )))))))))))))))))))))))))))))))))))
.

2008-01-06 18:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 16:20 . 2008-01-05 16:20 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-05 16:07 . 2008-01-05 16:10 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-01-05 16:06 . 2008-01-05 16:06 2,566,736 --a------ C:\Programmi\spywareblastersetup351.exe
2008-01-05 15:58 . 2008-01-05 15:59 363,363 --a------ C:\Programmi\HiJackThis_v2.zip
2008-01-05 15:56 . 2008-01-05 16:26 <DIR> d-------- C:\HJT
2008-01-05 14:18 . 2008-01-05 14:18 25,618,144 --a------ C:\Programmi\a2AntiMalwareSetup.exe
2008-01-05 14:04 . 2008-01-05 14:04 912,224 --a------ C:\Programmi\EFRCSetup.exe
2008-01-05 14:01 . 2008-01-05 14:01 22,103,392 --a------ C:\Programmi\bitdefender_free_v10.exe
2008-01-05 13:55 . 2008-01-05 13:55 7,467,056 --a------ C:\Programmi\spybotsd15.exe
2008-01-05 13:48 . 2008-01-05 13:48 21,216,112 --a------ C:\Programmi\aaw2007.exe
2008-01-05 13:34 . 2008-01-05 13:34 532,480 --a------ C:\Programmi\cwshredder.exe
2008-01-04 17:09 . 2008-01-04 17:09 <DIR> d-------- C:\Programmi\Alwil Software
2008-01-04 17:09 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-04 17:09 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-04 17:09 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-04 17:09 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-04 17:09 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-04 17:09 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-04 17:09 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-04 17:09 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-03 21:11 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-02 19:08 . 2008-01-02 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2007-12-28 15:32 . 2007-12-28 15:32 <DIR> d-------- C:\Programmi\ReflexiveArcade
2007-12-26 19:50 . 2007-12-27 17:36 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Zylom
2007-12-26 19:50 . 2007-12-26 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Zylom
2007-12-26 19:37 . 2008-01-06 18:48 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-26 17:20 . 2004-11-04 09:19 7,207 -ra------ C:\WINDOWS\Disktool.INI
2007-12-26 17:20 . 2004-12-31 04:39 6,399 -ra------ C:\WINDOWS\fwupgrade.ini
2007-12-26 17:20 . 2004-05-12 03:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI
2007-12-26 17:11 . 2007-12-26 17:11 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2007-12-26 16:55 . 2008-01-03 20:57 <DIR> d-------- C:\Programmi\Spyware Doctor
2007-12-26 16:55 . 2007-12-26 16:55 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\PC Tools
2007-12-26 16:55 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-26 16:55 . 2007-12-27 18:09 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-26 16:55 . 2007-12-27 18:09 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-26 16:55 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-26 16:55 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-26 14:58 . 2007-12-26 15:29 <DIR> d-------- C:\Programmi\Sinapsi Antispam
2007-12-26 14:58 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\msinet.ocx
2007-12-26 14:58 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx
2007-12-26 14:18 . 2007-12-26 14:18 279,552 --a------ C:\WINDOWS\system32\vsdxwhoxn.exe
2007-12-26 14:02 . 2007-12-26 14:02 286,208 --a------ C:\WINDOWS\system32\fafzam.exe
2007-12-25 10:43 . 2007-12-25 10:43 272,384 --a------ C:\WINDOWS\system32\zfoskdw.exe
2007-12-25 09:53 . 2007-12-25 09:53 279,552 --a------ C:\WINDOWS\system32\chumvqyv.exe
2007-12-24 14:44 . 2007-12-24 14:44 305,152 --a------ C:\WINDOWS\system32\mskhqtkmu.exe
2007-12-23 17:33 . 2007-12-23 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Trymedia
2007-12-23 17:33 . 2007-12-23 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PlayFirst
2007-12-23 17:31 . 2008-01-04 19:54 <DIR> d-------- C:\Downloads
2007-12-23 14:48 . 2007-12-23 14:48 310,272 --a------ C:\WINDOWS\system32\eqxnlhk.exe
2007-12-23 13:15 . 2007-12-23 13:15 300,544 --a------ C:\WINDOWS\system32\fetcyqinv.exe
2007-12-22 18:13 . 2007-12-22 18:13 <DIR> d-------- C:\Programmi\Xilisoft
2007-12-21 22:33 . 2007-12-21 22:33 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
2007-12-21 22:33 . 2007-12-21 22:33 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-12-21 22:33 . 2007-12-21 22:33 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2007-12-21 22:33 . 2007-12-21 22:33 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2007-12-21 22:33 . 2007-12-21 23:10 352 --a------ C:\WINDOWS\system32\lsprst7.tgz
2007-12-21 22:33 . 2007-12-21 23:10 338 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-12-21 22:33 . 2007-12-21 23:10 87 --a------ C:\WINDOWS\system32\ssprs.tgz
2007-12-21 22:33 . 2007-12-21 23:10 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-12-21 22:32 . 2007-12-21 22:32 <DIR> d-------- C:\Programmi\PacketVideo
2007-12-19 19:19 . 2007-12-19 19:19 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\DivX
2007-12-19 19:06 . 2007-12-22 18:15 <DIR> d-------- C:\Programmi\DivX
2007-12-18 21:26 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-18 21:26 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-18 21:26 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-16 16:45 . 2008-01-04 19:54 <DIR> d-------- C:\Programmi\Windows Live Toolbar
2007-12-16 16:45 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-16 16:44 . 2007-12-16 16:44 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-16 16:44 . 2007-12-16 16:44 <DIR> d-------- C:\Documents and Settings\utente\Contacts
2007-12-16 16:37 . 2007-12-16 16:40 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-16 16:37 . 2007-12-29 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-16 16:03 . 2007-12-22 18:12 <DIR> d-------- C:\unzipped
2007-12-14 14:09 . 2007-12-16 13:15 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-12 22:54 . 2007-12-12 22:54 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2007-12-12 22:54 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-12 22:53 . 2007-12-12 22:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-12 22:53 . 2007-12-12 22:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-12 22:53 . 2007-12-12 22:53 <DIR> d-------- C:\dc84fecf11c4fd1f8497d97522
2007-12-12 22:53 . 2007-12-12 22:54 <DIR> d-------- C:\78a0725991d12c5071
2007-12-11 23:32 . 2007-12-11 23:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-09 19:36 . 2007-12-09 19:36 <DIR> d-------- C:\WINDOWS\Sun
2007-12-08 22:49 . 2008-01-04 18:34 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-08 17:40 . 2007-12-08 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo!
2007-12-08 17:38 . 2007-12-22 18:15 <DIR> d-------- C:\Programmi\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 19:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-01-04 18:55 --------- d-----w C:\Programmi\Google
2008-01-03 20:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-12-30 18:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2007-12-26 15:01 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\AVG7
2007-12-14 13:09 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-02 10:23 --------- d-----w C:\Programmi\MSBuild
2007-12-02 10:21 --------- d-----w C:\Programmi\Microsoft Visual Studio 8
2007-11-30 21:41 --------- d-----w C:\Programmi\Picasa2
2007-11-30 21:00 --------- d-----w C:\Programmi\Microsoft Works
2007-11-29 17:54 --------- d-----w C:\Programmi\Alice ti aiuta
2007-11-29 17:54 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Motive
2007-11-25 18:45 --------- d-----w C:\Programmi\Canon
2007-11-24 18:34 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\CyberLink
2007-11-24 17:57 --------- d-----w C:\Programmi\Motive
2007-11-24 17:56 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-24 17:56 --------- d-----w C:\Programmi\Telecom Italia
2007-11-20 15:22 155,995 ----a-w C:\WINDOWS\java\Packages\QSYY0S8I.ZIP
2007-11-20 15:22 --------- d-----w C:\Programmi\Common Files
2007-11-17 21:05 --------- d-----w C:\Programmi\File comuni\LightScribe
2007-11-14 16:37 --------- d-----w C:\Programmi\AutoCAD 2004
2007-11-14 16:35 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-11-14 16:35 12,464 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2007-11-14 16:35 --------- d-----w C:\Programmi\File comuni\Macrovision Shared
2007-11-14 16:35 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2007-11-14 16:35 --------- d-----w C:\Programmi\Autodesk
2007-11-14 16:35 --------- d-----w C:\Programmi\AnswerWorks 4.0
2007-11-14 16:34 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Autodesk
2007-11-14 16:34 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 14:32 --------- d-----w C:\Programmi\Microsoft.NET
2007-11-12 14:29 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2007-11-12 14:28 --------- d-----w C:\Programmi\CyberLink
2007-11-12 14:24 --------- d-----w C:\Programmi\Windows Media Components
2007-11-12 14:24 --------- d-----w C:\Programmi\CCleaner
2007-11-12 14:23 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-12 14:23 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-11-12 14:23 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2007-11-12 14:16 --------- d-----w C:\Programmi\File comuni\Ahead
2007-11-12 14:16 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Ahead
2007-11-12 14:14 --------- d-----w C:\Programmi\Nero
2007-11-12 14:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2007-11-12 14:11 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\ATI
2007-11-12 14:02 --------- d-----w C:\Programmi\ATI Technologies
2007-11-12 13:59 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-11-12 13:59 --------- d-----w C:\Programmi\File comuni\ATI Technologies
2007-11-12 13:32 --------- d-----w C:\Programmi\Marvell
2007-11-12 13:32 --------- d-----w C:\Programmi\Attansic
2007-11-12 12:40 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-11-12 12:40 --------- d-----w C:\Programmi\File comuni\ODBC
2007-11-12 12:09 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-12 12:09 --------- d-----w C:\Programmi\Realtek
2007-11-12 12:06 --------- d-----w C:\Programmi\Intel
2007-11-12 11:55 --------- d-----w C:\Programmi\microsoft frontpage
2007-11-12 11:54 --------- d-----w C:\Programmi\Servizi in linea
2007-11-12 11:53 --------- d-----w C:\Programmi\File comuni\MSSoap
2007-10-29 22:42 1,292,800 ------w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 18:10 579072]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SDTray"="C:\Programmi\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-03 21:11 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-27 21:20 219136]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-11-24 18:57:25]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2007-12-16 16:01:33]

R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-05-25 04:35]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 07:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24698775-911b-11dc-a76c-806d6172696f}]
\shell\AutoRun\command - D:\.\Bin\Assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f66154f-9551-11dc-afc7-001d605998f4}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baeac38c-9923-11dc-afcd-001d605998f4}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 19:00:28
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-06 19.00.54
ComboFix-quarantined-files.txt 2008-01-06 18:00:51
.
2007-12-26 20:06:12 --- E O F ---

[agatucc]

Ed ecco il risultato con la nuova scansione con spyware doctor:

2 infezioni trojan.purity scan
1 infezione trojan pws-tanspy
1 infezione dialer.instant_access
1 infezione trojan.generic

[agatucc]

File Result/infection Path

Kernel32.dll Change C:\\WINDOWS\sistem32\kernel32.dll
user32.dll Change C:\\WINDOWS\sistem32\user32.dll
shell32.dll Change C:\\WINDOWS\sistem32\shell32.dll
ntoskrnl.exe Change C:\\WINDOWS\sistem32\ntoskrnl.exe


Sono posizionati qui?

[bdoriano]

Ciao agatucc,
hai diverse infezioni in corso.
Vediamo di fare alcune pulizie:

• Fai una scansione online con Bitdefender.
  
• Fai una scansione online con Panda Active Scan.
  
• Fai una scansione online con Eset.

Al termine, ri-segui le istruzioni di questo topic per postare il log di combofix.

[agatucc]

Grazie bdoriano...mando risultati dopo le scansioni!

[agatucc]

Il controllo Active X mi blocca la connessione con il primo e con il "Panda" non riesco a completare la scansione perchè Avast Antivirus me la blocca dandomi comunicazione che è infetto da virus WIN 32!!!
Che succede?

[agatucc]

non riesco a fare le scansioni
bit defender mi dice:"Scan failed"
Panda Active scan viene bloccato da avast antivirus perchè sarebbe infetto da virus win32
Eset sono riuscita a completarlo e mi da come risultato "No threats found"!

[bdoriano]

Sei già la seconda persona che riceve questa segnalazione da parte di Avast!
Propendo più per un falso allarme che per un virus vero e proprio.

Per fare la scansione con BitDefender, disabilita momentaneamente il tuo antivirus.

[agatucc]

ok, ecco nuovi risultati:

Bit defender:"NO VIRUS FOUND"

Panda Active scan:
1.Incident
2.Status
3.Location
1. Potentially unwanted tool:Application/NirCmd.A
2. Not disinfected
3. C:\Documents and settings\utente\Desktop\ComboFix.exe[nircmd.exe]
1. Potentially unwanted tool:Application/NirCmd.A 2. Not disinfected
3. C:\Documents and Settings\utente\Desktop\ComboFix.exe[nircmd.cfexe]
1. Potentially unwanted tool:Application/NirCmd.A 2. Not disinfected
3.C:\WINDOWS\NirCmd.exe
1. Adware:Adware/NaviPromo .
2. Not disinfected
3. C:\WINDOWS\system32\mskhqtkmu.exe"

Eset On Line scanner: "No threats found"



E POI NUOVO REPORT COMBOFIX:

ComboFix 08-01-06.5 - utente 2008-01-07 20.04.35.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1347 [GMT 1:00]
Eseguito da: C:\Documents and Settings\utente\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2007-12-07 al 2008-01-07 )))))))))))))))))))))))))))))))))))
.

2008-01-07 19:24 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-07 18:54 . 2008-01-07 19:58 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-07 18:34 . 2008-01-07 18:53 <DIR> d-------- C:\Programmi\EsetOnlineScanner
2008-01-07 16:09 . 2008-01-07 19:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-07 16:09 . 2008-01-07 19:10 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-07 16:09 . 2008-01-07 19:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-07 16:09 . 2008-01-07 19:10 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-06 18:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 16:20 . 2008-01-05 16:20 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-05 16:07 . 2008-01-05 16:10 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-01-05 16:06 . 2008-01-05 16:06 2,566,736 --a------ C:\Programmi\spywareblastersetup351.exe
2008-01-05 15:58 . 2008-01-05 15:59 363,363 --a------ C:\Programmi\HiJackThis_v2.zip
2008-01-05 15:56 . 2008-01-05 16:26 <DIR> d-------- C:\HJT
2008-01-05 14:18 . 2008-01-05 14:18 25,618,144 --a------ C:\Programmi\a2AntiMalwareSetup.exe
2008-01-05 14:04 . 2008-01-05 14:04 912,224 --a------ C:\Programmi\EFRCSetup.exe
2008-01-05 14:01 . 2008-01-05 14:01 22,103,392 --a------ C:\Programmi\bitdefender_free_v10.exe
2008-01-05 13:55 . 2008-01-05 13:55 7,467,056 --a------ C:\Programmi\spybotsd15.exe
2008-01-05 13:48 . 2008-01-05 13:48 21,216,112 --a------ C:\Programmi\aaw2007.exe
2008-01-05 13:34 . 2008-01-05 13:34 532,480 --a------ C:\Programmi\cwshredder.exe
2008-01-04 17:09 . 2008-01-04 17:09 <DIR> d-------- C:\Programmi\Alwil Software
2008-01-04 17:09 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-04 17:09 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-04 17:09 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-04 17:09 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-04 17:09 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-04 17:09 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-04 17:09 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-04 17:09 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-03 21:11 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-02 19:08 . 2008-01-02 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2007-12-28 15:32 . 2007-12-28 15:32 <DIR> d-------- C:\Programmi\ReflexiveArcade
2007-12-26 19:50 . 2007-12-27 17:36 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Zylom
2007-12-26 19:50 . 2007-12-26 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Zylom
2007-12-26 19:37 . 2008-01-07 20:02 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-26 17:20 . 2004-11-04 09:19 7,207 -ra------ C:\WINDOWS\Disktool.INI
2007-12-26 17:20 . 2004-12-31 04:39 6,399 -ra------ C:\WINDOWS\fwupgrade.ini
2007-12-26 17:20 . 2004-05-12 03:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI
2007-12-26 17:11 . 2007-12-26 17:11 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2007-12-26 16:55 . 2008-01-07 19:36 <DIR> d-------- C:\Programmi\Spyware Doctor
2007-12-26 16:55 . 2007-12-26 16:55 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\PC Tools
2007-12-26 16:55 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-26 16:55 . 2007-12-27 18:09 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-26 16:55 . 2007-12-27 18:09 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-26 16:55 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-26 16:55 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-26 14:58 . 2007-12-26 15:29 <DIR> d-------- C:\Programmi\Sinapsi Antispam
2007-12-26 14:58 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\msinet.ocx
2007-12-26 14:58 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx
2007-12-26 14:18 . 2007-12-26 14:18 279,552 --a------ C:\WINDOWS\system32\vsdxwhoxn.exe
2007-12-26 14:02 . 2007-12-26 14:02 286,208 --a------ C:\WINDOWS\system32\fafzam.exe
2007-12-25 10:43 . 2007-12-25 10:43 272,384 --a------ C:\WINDOWS\system32\zfoskdw.exe
2007-12-25 09:53 . 2007-12-25 09:53 279,552 --a------ C:\WINDOWS\system32\chumvqyv.exe
2007-12-24 14:44 . 2007-12-24 14:44 305,152 --a------ C:\WINDOWS\system32\mskhqtkmu.exe
2007-12-23 17:33 . 2007-12-23 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Trymedia
2007-12-23 17:33 . 2007-12-23 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PlayFirst
2007-12-23 17:31 . 2008-01-04 19:54 <DIR> d-------- C:\Downloads
2007-12-23 14:48 . 2007-12-23 14:48 310,272 --a------ C:\WINDOWS\system32\eqxnlhk.exe
2007-12-23 13:15 . 2007-12-23 13:15 300,544 --a------ C:\WINDOWS\system32\fetcyqinv.exe
2007-12-22 18:13 . 2007-12-22 18:13 <DIR> d-------- C:\Programmi\Xilisoft
2007-12-21 22:33 . 2007-12-21 22:33 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
2007-12-21 22:33 . 2007-12-21 22:33 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-12-21 22:33 . 2007-12-21 22:33 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2007-12-21 22:33 . 2007-12-21 22:33 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2007-12-21 22:33 . 2007-12-21 23:10 352 --a------ C:\WINDOWS\system32\lsprst7.tgz
2007-12-21 22:33 . 2007-12-21 23:10 338 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-12-21 22:33 . 2007-12-21 23:10 87 --a------ C:\WINDOWS\system32\ssprs.tgz
2007-12-21 22:33 . 2007-12-21 23:10 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-12-21 22:32 . 2007-12-21 22:32 <DIR> d-------- C:\Programmi\PacketVideo
2007-12-19 19:19 . 2007-12-19 19:19 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\DivX
2007-12-19 19:06 . 2007-12-22 18:15 <DIR> d-------- C:\Programmi\DivX
2007-12-18 21:26 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-18 21:26 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-18 21:26 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-16 16:45 . 2008-01-04 19:54 <DIR> d-------- C:\Programmi\Windows Live Toolbar
2007-12-16 16:45 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-16 16:44 . 2007-12-16 16:44 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-16 16:44 . 2007-12-16 16:44 <DIR> d-------- C:\Documents and Settings\utente\Contacts
2007-12-16 16:37 . 2007-12-16 16:40 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-16 16:37 . 2007-12-29 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-16 16:03 . 2007-12-22 18:12 <DIR> d-------- C:\unzipped
2007-12-14 14:09 . 2007-12-16 13:15 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-12 22:54 . 2007-12-12 22:54 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2007-12-12 22:54 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-12 22:53 . 2007-12-12 22:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-12 22:53 . 2007-12-12 22:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-12 22:53 . 2007-12-12 22:53 <DIR> d-------- C:\dc84fecf11c4fd1f8497d97522
2007-12-12 22:53 . 2007-12-12 22:54 <DIR> d-------- C:\78a0725991d12c5071
2007-12-11 23:32 . 2007-12-11 23:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-09 19:36 . 2007-12-09 19:36 <DIR> d-------- C:\WINDOWS\Sun
2007-12-08 22:49 . 2008-01-04 18:34 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-08 17:40 . 2007-12-08 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo!
2007-12-08 17:38 . 2007-12-22 18:15 <DIR> d-------- C:\Programmi\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 18:34 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-01-07 18:34 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-01-06 19:08 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\AVG7
2008-01-06 19:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-01-04 18:55 --------- d-----w C:\Programmi\Google
2008-01-03 20:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-12-30 18:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2007-12-14 13:09 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-02 10:23 --------- d-----w C:\Programmi\MSBuild
2007-12-02 10:21 --------- d-----w C:\Programmi\Microsoft Visual Studio 8
2007-11-30 21:41 --------- d-----w C:\Programmi\Picasa2
2007-11-30 21:00 --------- d-----w C:\Programmi\Microsoft Works
2007-11-29 17:54 --------- d-----w C:\Programmi\Alice ti aiuta
2007-11-29 17:54 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Motive
2007-11-25 18:45 --------- d-----w C:\Programmi\Canon
2007-11-24 18:34 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\CyberLink
2007-11-24 17:57 --------- d-----w C:\Programmi\Motive
2007-11-24 17:56 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-24 17:56 --------- d-----w C:\Programmi\Telecom Italia
2007-11-20 15:22 155,995 ----a-w C:\WINDOWS\java\Packages\QSYY0S8I.ZIP
2007-11-20 15:22 --------- d-----w C:\Programmi\Common Files
2007-11-14 16:37 --------- d-----w C:\Programmi\AutoCAD 2004
2007-11-14 16:35 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-11-14 16:35 12,464 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2007-11-14 16:35 --------- d-----w C:\Programmi\File comuni\Macrovision Shared
2007-11-14 16:35 --------- d-----w C:\Programmi\Autodesk
2007-11-14 16:35 --------- d-----w C:\Programmi\AnswerWorks 4.0
2007-11-14 16:34 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Autodesk
2007-11-14 16:34 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 14:32 --------- d-----w C:\Programmi\Microsoft.NET
2007-11-12 14:29 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2007-11-12 14:28 --------- d-----w C:\Programmi\CyberLink
2007-11-12 14:24 --------- d-----w C:\Programmi\Windows Media Components
2007-11-12 14:24 --------- d-----w C:\Programmi\CCleaner
2007-11-12 14:23 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-12 14:23 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-11-12 14:23 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2007-11-12 14:16 --------- d-----w C:\Programmi\File comuni\Ahead
2007-11-12 14:16 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Ahead
2007-11-12 14:14 --------- d-----w C:\Programmi\Nero
2007-11-12 14:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2007-11-12 14:11 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\ATI
2007-11-12 14:02 --------- d-----w C:\Programmi\ATI Technologies
2007-11-12 13:59 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-11-12 13:59 --------- d-----w C:\Programmi\File comuni\ATI Technologies
2007-11-12 13:32 --------- d-----w C:\Programmi\Marvell
2007-11-12 13:32 --------- d-----w C:\Programmi\Attansic
2007-11-12 12:40 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-11-12 12:40 --------- d-----w C:\Programmi\File comuni\ODBC
2007-11-12 12:09 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-12 12:09 --------- d-----w C:\Programmi\Realtek
2007-11-12 12:06 --------- d-----w C:\Programmi\Intel
2007-11-12 11:55 --------- d-----w C:\Programmi\microsoft frontpage
2007-11-12 11:54 --------- d-----w C:\Programmi\Servizi in linea
2007-11-12 11:53 --------- d-----w C:\Programmi\File comuni\MSSoap
2007-10-29 22:42 1,292,800 ------w C:\WINDOWS\system32\quartz.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-06_19.00.35,59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-07 17:55:18 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-01-07 17:55:18 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-01-07 17:55:19 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-01-07 18:44:48 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-07 18:44:48 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-10-25 09:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-01-07 18:44:49 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-01-07 17:55:19 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-08-24 07:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
+ 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2007-10-25 09:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2007-03-29 08:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 15:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 13:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 10:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 12:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2007-11-12 08:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
+ 2006-02-16 17:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-25 17:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 10:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 14:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 12:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 09:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 12:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-16 17:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 15:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2007-06-04 10:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 13:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 13:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2007-10-30 09:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
+ 2006-08-01 12:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2007-11-21 09:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-10-31 12:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 10:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 10:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 07:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 13:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 09:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 09:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 15:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 08:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 09:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 13:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 13:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 12:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 07:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 07:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-10-18 08:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll
+ 2007-11-23 13:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll
+ 2007-10-18 08:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll
+ 2007-10-30 10:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 07:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll
+ 2007-11-12 14:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
+ 2007-08-22 07:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 07:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll
+ 2007-10-04 14:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 10:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll
+ 2007-05-24 10:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
+ 2007-04-18 16:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 13:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 2007-06-08 08:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 09:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys
+ 1997-09-18 05:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 16:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2007-09-17 08:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll
+ 2006-08-02 11:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
+ 2007-07-27 14:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 14:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-05 19:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 12:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-02 17:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-02 17:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-08 15:30:12 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 10:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
+ 2004-12-07 10:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
+ 2003-03-25 17:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
+ 2008-01-07 19:02:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 18:10 579072]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SDTray"="C:\Programmi\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-03 21:11 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-27 21:20 219136]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-11-24 18:57:25]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2007-12-16 16:01:33]

R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-05-25 04:35]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 07:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24698775-911b-11dc-a76c-806d6172696f}]
\shell\AutoRun\command - D:\.\Bin\Assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f66154f-9551-11dc-afc7-001d605998f4}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baeac38c-9923-11dc-afcd-001d605998f4}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 20:06:37
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-07 20.07.05
ComboFix-quarantined-files.txt 2008-01-07 19:07:02
ComboFix2.txt 2008-01-07 18:05:53
ComboFix3.txt 2008-01-06 18:00:55
.
2007-12-26 20:06:12 --- E O F ---
[/b]

[bdoriano]

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[agatucc]

"Scarica avenger e scompattalo in una sua cartella non temporanea"

SCUSAMI MA NON SONO TANTO ESPERTA...POTRESTI SPIEGARMI IN CHE SENSO DEVO SCOMPATTARE IN UNA CARTELLA NON TEMPORANEA?
DEVO FORSE ESTRARLO E SALVARLO IN UN POSTO CHE NON SIA IL DESKTOP??