Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
WIN32 TROJAN DOWNLOADER AGENT PMB........HELP
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
freddy60
Mortale pio
Mortale pio


Registrato: 29/09/09 00:55
Messaggi: 16
MessaggioInviato: 29 Set 2009 01:00    Oggetto: WIN32 TROJAN DOWNLOADER AGENT PMB........HELP Rispondi citando
aiuto sono perseguitato da questo trojan...nod32 lo vede ma non lo elimina aiutatemi

posto il log di hijack...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.35.01, on 29/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\SPAMfighter\SFAgent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Programmi\QuickTime\qttask.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\drivers\rsvp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\FreeSoft\Uranium\Uranium.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\programmi\internetcalls.com\internetcalls\internetcalls.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Programmi\RegCleaner\RegCleanr.exe
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Programmi\RegCleaner\RegCleanr.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\DOCUME~1\pc1\DATIAP~1\spoolsv.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmi\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P30 "EPSON Stylus Photo R340 Series" /O43 "http://192.168.1.1:1631/printers/My_Printer" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P40 "EPSON Stylus Photo R340 Series (Copia 1)" /O43 "http://192.168.1.1:1631/printers/My_Printer" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series (Copia 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P40 "EPSON Stylus Photo R340 Series (Copia 2)" /O12 "\\C\GIANGIAN" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [\\http://192.168.1.1:1631\My_Printer (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P46 "\\http://192.168.1.1:1631\My_Printer (Copia 1)" /O43 "http://192.168.1.1:1631/printers/My_Printer" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [InternetCalls] "C:\programmi\internetcalls.com\internetcalls\internetcalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System\clipsrv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\pc1\DATIAP~1\MICROS~1\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\pc1\DATIAP~1\cisvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\pc1\DATIAP~1\spoolsv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\DOCUME~1\pc1\IMPOST~1\Temp\mqtgsvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\pc1\DATIAP~1\MICROS~1\cmstp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\Documents and Settings\pc1\LOCALS~1\APPLIC~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Documents and Settings\pc1\LOCALS~1\APPLIC~1\esentutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\pc1\DATIAP~1\MICROS~1\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\Documents and Settings\pc1\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\WINDOWS\System32\drivers\rsvp.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\WINDOWS\System\mstsc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Mstsc] C:\WINDOWS\System\mstsc.exe /waitservice (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: USRobotics Wireless USB Adapter.lnk = C:\Programmi\USRobotics\Wireless USB Manager\USR54G.exe
O4 - Global Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Servizio di Google Update (gupdate1c9c21e7a161126) (gupdate1c9c21e7a161126) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmi\SPAMfighter\sfus.exe

--
End of file - 13068 bytes
Top
Profilo Invia messaggio privato
lorenaino
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 14/02/09 11:44
Messaggi: 147
Residenza: Sasso Marconi
MessaggioInviato: 29 Set 2009 12:37    Oggetto: Rispondi citando
ciao,prova a fare una scansione completa con malwarebytes' anti-malware free e superantispyware free e posta i relativi log,così gli esperti ti aiuteranno:

http://download.cnet.com/3001-8022_4-10804572.html?spi=360082d1b0e067d4e6f29abead5874e9&part=dl-10804572

http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

Wink
Top
Profilo Invia messaggio privato
freddy60
Mortale pio
Mortale pio


Registrato: 29/09/09 00:55
Messaggi: 16
MessaggioInviato: 30 Set 2009 00:09    Oggetto: Rispondi citando
Ciao e grazie per la celerità........invio il log di malware...ci sono dei file che ho paura a cancellare o mettere in quarantena...sembrano file di Win

Malwarebytes' Anti-Malware 1.41
Versione del database: 2873
Windows 5.1.2600 Service Pack 3

29/09/2009 22.42.27
mbam-log-2009-09-29 (22-42-27).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 361486
Tempo trascorso: 1 hour(s), 27 minute(s), 48 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 10
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 6

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mstsc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IEudinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Trojan.Agent) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
D:\NUOVI PROGRAMMI INTERNET\Live-Player_setup.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\esentutl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc1\Dati applicazioni\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Top
Profilo Invia messaggio privato
lorenaino
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 14/02/09 11:44
Messaggi: 147
Residenza: Sasso Marconi
MessaggioInviato: 30 Set 2009 12:54    Oggetto: Rispondi citando
ciao,metti tutto in quarantena,Superantispyware ha trovato qualcosa?
Per visualizzare il log vai in preferenze/statistiche/registri e trovi i log di tutte le scansioni effettuate.
Nod rileva ancora trojan?
Posta il log di Superantispyware e fai una scasione completa con il tuo antivirus.
Very Happy
Top
Profilo Invia messaggio privato
freddy60
Mortale pio
Mortale pio


Registrato: 29/09/09 00:55
Messaggi: 16
MessaggioInviato: 30 Set 2009 13:13    Oggetto: Rispondi citando
ciao ti invio il log di superanti le prime voci sopra non le ho messe in quarantena o cancellate perchè mi sembrano tutte di windows ..ad esempio ho provato con SPOOLSV.EXE...quando ho riacceso mi dava che non lo aveva trovato come se fosse un errore. l'antivirus rileva ancora la presenza ,ma non disturba più di tanto


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/29/2009 at 08:48 PM

Application Version : 4.29.1002

Core Rules Database Version : 4133
Trace Rules Database Version: 2066

Scan type : Quick Scan
Total Scan Time : 00:29:54

Memory items scanned : 581
Memory threats detected : 1
Registry items scanned : 467
Registry threats detected : 6
File items scanned : 29740
File threats detected : 262

Trojan.Agent/Gen-FraudLoad
C:\DOCUME~1\PC1\DATIAP~1\SPOOLSV.EXE
C:\DOCUME~1\PC1\DATIAP~1\SPOOLSV.EXE
[ClipSrv] C:\WINDOWS\SYSTEM\CLIPSRV.EXE
C:\WINDOWS\SYSTEM\CLIPSRV.EXE
[Spool] C:\DOCUME~1\PC1\DATIAP~1\SPOOLSV.EXE
[Mstsc] C:\WINDOWS\SYSTEM\MSTSC.EXE
C:\WINDOWS\SYSTEM\MSTSC.EXE
[rsvp] C:\WINDOWS\SYSTEM32\DRIVERS\RSVP.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\RSVP.EXE
[Mstsc] C:\WINDOWS\SYSTEM\MSTSC.EXE
[load] C:\DOCUME~1\PC1\DATIAP~1\SPOOLSV.EXE
C:\DOCUMENTS AND SETTINGS\PC1\DATI APPLICAZIONI\SPOOLSV.EXE
C:\WINDOWS\MSTINIT.EXE.VIR
C:\WINDOWS\SYSTEM\ESENTUTL.EXE
C:\WINDOWS\SYSTEM\MSTINIT.EXE
Adware.Tracking Cookie
C:\Documents and Settings\pc1\Cookies\pc1@www.googleadservices[2].txt
C:\Documents and Settings\pc1\Cookies\pc1@77tracking[2].txt
C:\Documents and Settings\pc1\Cookies\pc1@clickpoint[2].txt
C:\Documents and Settings\pc1\Cookies\pc1@adv.bewebmedia[2].txt
C:\Documents and Settings\pc1\Cookies\pc1@doubleclick[2].txt
C:\Documents and Settings\pc1\Cookies\pc1@adultfriendfinder[1].txt
C:\Documents and Settings\pc1\Cookies\pc1@atdmt[1].txt
C:\Documents and Settings\pc1\Cookies\pc1@ad.yieldmanager[1].txt
C:\Documents and Settings\pc1\Cookies\pc1@media.intelia[2].txt
C:\Documents and Settings\pc1\Cookies\pc1@content.yieldmanager[1].txt
C:\Documents and Settings\pc1\Cookies\pc1@clicktorrent[1].txt
C:\Documents and Settings\pc1\Cookies\pc1@ad3.clickhype[1].txt
C:\Documents and Settings\pc1\Cookies\pc1@content.yieldmanager[3].txt
C:\Documents and Settings\pc1\Cookies\pc1@ads.us.e-planning[1].txt
C:\Documents and Settings\pc1\Cookies\pc1@statse.webtrendslive[2].txt
C:\Documents and Settings\pc1\Cookies\pc1@ad.zanox[1].txt
C:\Documents and Settings\pc1\Cookies\pc1@tribalfusion[2].txt
C:\Documents and Settings\pc1\Cookies\pc1@statcounter[1].txt
C:\Documents and Settings\pc1\Cookies\pc1@asteclick[2].txt
C:\Documents and Settings\pc1\Cookies\pc1@xiti[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@flvtools.spacash[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adv.manuali[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ilead.itrack[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@www.topbanner[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@hc2.humanclick[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@cbsdigitalmedia.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@pornoblog[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adv.alice[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@softonic.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@mobilefun.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adstats.cdfreaks[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ads.allbrowsers[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@www.pornoblog[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ad.zanox[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@www.usenext[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ad1.clickhype[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@yadro[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@justsexyvideos[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ad.nextonemedia[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ad2.doublepimp[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@clickblog[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@www.clickport[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ice.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adserver.easyad[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ads.adap[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@toplist[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ads.foolix[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@www.trackback[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@richmedia.yahoo[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@accounts[3].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@accounts[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@opodo.122.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ads.shoppydoo[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@trackback[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@stats.paypal[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@www.netdebit-counter[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@www.pornhub[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@livenation.122.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@krazysexy[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@zbox.zanox[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@snapfish.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@accounts[4].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@interclick[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@pornhub[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@www.sa-sex[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@admanager.trackset[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ads.glispa[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@clickpoint[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adinterax[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@tracking.publicidees[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@paypal.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adv.adpartner[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@77tracking[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@www.comprabanner[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@pro-advertising[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@xiti[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@porn-stream[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@flixbanner.bearshare[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ads.operadormovilsms[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@media-convert[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@wunderloop.zanox[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ad.adnet[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@flixbanner.shareazaweb[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ads1.webranking[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adbrite[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@chitika[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@microsoftwlmessengermkt.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@neocounter2[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@sexyandfunny[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@www.sexyandfunny[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@nextag[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@smartadserver[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@revsci[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adv.cipcipstore[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@tripod[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@www.freestats[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@viamtv-it.112.2o7[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adv.boomer[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@countryweekly[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@spamfighter.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@find_buy[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@zanox[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adv.heyos[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@antactica.ad.adnetwork.com[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ads.veoh[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@count.vivistats[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@eas.apm.emediate[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ad-voice[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ad.c-web[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ad.lookery[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adserver.hwupgrade[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ads.adunanza[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ads.us.e-planning[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@ads.widgetbucks[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adv.ilbanner[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@adv.virgilio[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@atwola[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@divx.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@eroticountry[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@media.intelia[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@mediaservices.myspace[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@metacafe.122.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@msnportal.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@multimedia.quotidianonet.ilsole24ore[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@myaccount.internetcalls[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@servedby.adxpower[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@server.iad.liveperson[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@sitestats.ets[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@sonymediasoftware.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@sonyeurope.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@spreamedia[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@talent.imyoursexpistol.bahu[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@w5.media-convert[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo\Cookies\giancarlo@webmasterplan[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@overture[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adserving.favorit-network[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@realmedia[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@www.monclick[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@tgcom.mediaset[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adstats.cdfreaks[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@tribalfusion[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adv.alice[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@serving-sys[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@yieldmanager[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ad.zanox[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@pornoblog[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@www.pornoblog[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@www.usenext[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.clicksor[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@www.usenext[3].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@media6degrees[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adv.freeonline[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@yadro[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ad.nextonemedia[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@AdDisplayTrackerServlet[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ad2.doublepimp[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@click.superpaysys[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@weborama[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ad3.clickhype[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adopt.euroclick[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adserver.adreactor[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@www.logicamente-advertising[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@accounts[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.foolix[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ad.dragonstar.dmoglobal[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@pornozilla[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@toplist[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@accounts[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.ontecnia[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@opodo.122.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@trackback[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@stats.paypal[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@bs.serving-sys[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adtech[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.shoppydoo[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@www.pornhub[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@zbox.zanox[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@content.yieldmanager[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@www.findomestic[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@a6.adserver01[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@accounts[4].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adv.bewebmedia[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@pornhub[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@interclick[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adv.swzone[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.glispa[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@clickpoint[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@indextools[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adv.adpartner[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@turismopaisvasco.solution.weborama[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@77tracking[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@tracking.publicidees[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@paypal.112.2o7[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adinterax[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@www.comprabanner[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@xiti[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@banner.prestigecasino[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@www.mktrack[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@chitika[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@clicktorrent[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@questionmarket[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@media.creativenetwork[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@neocounter2[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adbrite[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adserver.seedpeer[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ad.isoleweb[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@tracking.novem[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@revsci[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.ad4game[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ad.yieldmanager[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adultfriendfinder[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@www.freestats[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@euroclick[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@myroitracking[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@specificclick[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@rotator.adjuggler[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@zanox[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@flycellcom.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@sales.liveperson[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@web4.realtracker[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@247realmedia[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ad.beepworld[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ad.c-web[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.webdeejay[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.bittorrent[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.freefoto[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.fulldls[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.sun[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.us.e-planning[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@ads.widgetbucks[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adserver.adtechus[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adserver.hwupgrade[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adv.oliviero[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@adv.virgilio[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@bewebmedia[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@dc.tremormedia[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@eas.apm.emediate[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@edmaster.adbureau[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@findmysoft[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@media.intelia[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@monclick[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@msnportal.112.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@myaccount.internetcalls[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@oasn04.247realmedia[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@pornoblog.sexy.easyincontro[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@server.iad.liveperson[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@skype.122.2o7[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@torrent-finder[1].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@trafficmp[2].txt
D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Documents and Settings\giancarlo.A-HXZW2ALJUSJVG\Cookies\giancarlo@www.banneradmin.rai[1].txt

Trojan.Agent/Gen-AppX
D:\C\URANIUMBACKUP-79C948B4FE1B722BD0CD98638CABA1B0\DOCUMENTS AND SETTINGS\GIANCARLO.A-HXZW2ALJUSJVG\IMPOSTAZIONI LOCALI\DATI APPLICAZIONI\OOMQKYI.EXE
D:\C\URANIUMBACKUP-79C948B4FE1B722BD0CD98638CABA1B0\DOCUMENTS AND SETTINGS\GIANCARLO.A-HXZW2ALJUSJVG\IMPOSTAZIONI LOCALI\DATI APPLICAZIONI\WUIGWIA.EXE
Top
Profilo Invia messaggio privato
lorenaino
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 14/02/09 11:44
Messaggi: 147
Residenza: Sasso Marconi
MessaggioInviato: 30 Set 2009 13:19    Oggetto: Rispondi citando
ciao,a questo punto mi fermo,non vorrei farti fare dei danni,aspetta l'aiuto degli esperti Bdoriano,Riverside,Sante....
pc Wink
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 30 Set 2009 18:20    Oggetto: Rispondi citando
Ciao Freddy60 Ciao

Hai il PC parecchio incasinato.....

Non incollare i logs tutti quì ma caricali come di seguito specificato.

  • Pulisci i files temporanei con
    CCleaner
  • Segui le istruzioni di questo topic per rimuovere gli ADS con Hijackthis.
  • Segui le istruzioni di questo topic per eseguire combofix.
  • Segui le istruzioni di questo topic per postare il log di HiJackThis.
  • Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
  • Carica il log di Combofix su WikiSend e posta il Forum Link che ti viene assegnato.
  • Carica il log di HiJackThis su WikiSend e posta il Forum Link che ti viene assegnato.
Top
Profilo Invia messaggio privato
freddy60
Mortale pio
Mortale pio


Registrato: 29/09/09 00:55
Messaggi: 16
MessaggioInviato: 30 Set 2009 21:38    Oggetto: Rispondi citando
Ciao Sante62 ...ho fatto tutto quello che mi hai consigliato.
ti posto i log dei due programmi
Grazie del tuo intervento ...e speriamo di risolvere.

COMBOFIX
http://forum.zeusnews.com/link/49381

combo fixlog.txt


HIJACKTHIS

http://forum.zeusnews.com/link/49382

hijackthis.log
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 30 Set 2009 22:36    Oggetto: Rispondi citando
Allora, è doverosa qualche osservazione;

limitiamo le toolbar allo stretto necessario. Infatti con HJT ti farò togliere un sacco di roba inutile che si carica all'avvio del sistema, portandoti via anche risorse. Antivirus, solo uno in protezione in tempo reale; Spybot va bene; a patto che lo hai immunizzato; Superantispyware anche; se hai la versione pro; la versione free la protezione in tempo reale scade, ma continua a funzionare facendo gli aggiornamenti e le scansioni.

Devi essere più prudente nella navigazione, e fai le scansioni periodiche con i programmi antivirus che possiedi.

Se non già fatto, metti Hijackthis in una cartella tutta sua, cioè non sul desktop o temporanea.

disattiva il ripristino di sistema e tienilo disattivato fino a che non terminiamo.

Adesso avvia Hijackthis, seleziona queste righe e clicca poi su fix Checked:
Citazione:
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P30 "EPSON Stylus Photo R340 Series" /O43 "http://192.168.1.1:1631/printers/My_Printer" /M "Stylus Photo R340"
O4 - HKLM..Run: [EPSON Stylus Photo R340 Series (Copia 2)] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIAJE.EXE /P40 "EPSON Stylus Photo R340 Series (Copia 2)" /O12 "\CGIANGIAN" /M "Stylus Photo R340"
O4 - HKLM..Run: [\http://192.168.1.1:1631My_Printer (Copia 1)] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIAJE.EXE /P46 "\http://192.168.1.1:1631My_Printer (Copia 1)" /O43 "http://192.168.1.1:1631/printers/My_Printer" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system3
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\C\UraniumBackup-79C948B4FE1B722BD0CD98638CABA1B0\Programmi\QuickTime\qttask. exe" -atboottime
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Programmi\BlazeVideo\BlazeDTV 2.5\MediaDetector.exe"

Elimina manualmente questi file:
Citazione:
c:\windows\mstinit.exe.vir
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

Riavvia e rifai il log di HJT.
Top
Profilo Invia messaggio privato
freddy60
Mortale pio
Mortale pio


Registrato: 29/09/09 00:55
Messaggi: 16
MessaggioInviato: 01 Ott 2009 07:03    Oggetto: Rispondi citando
ciao stanotte prima di leggere il tuo ultimo post ho fatto scansione con nod
risultavano infetti questi file:

C:\WINDOWS\mstinit.exe.vir - variante modificata di Win32/TrojanDownloader.Agent.PMB cavallo di troia

C:\WINDOWS\system\smvss.Vexe - variante modificata di Win32/Medbot cavallo di troia

C:\Documents and Settings\pc1\Dati applicazioni\mqtgsvc.Vexe - variante modificata di Win32/TrojanDownloader.Agent.PMB cavallo di troia

STAMATTINA ho fatto quello che mi hai indicato sul tuo ultimo post.
questo è il log risultato dopo il fixed che mi hai indicato...adesso sto ripassando nod ....intanto grazie

30.0hijackthis.log
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 01 Ott 2009 09:36    Oggetto: Rispondi citando
Si, lo so che ancora non abbiamo finito....

Fai eliminare o mettere in quarantena ciò che ha trovato Nod32.

Adesso collegati a Kaspersky online scanner e procedi con la scansione estesa del PC, postando il risultato come indicato.
Top
Profilo Invia messaggio privato
freddy60
Mortale pio
Mortale pio


Registrato: 29/09/09 00:55
Messaggi: 16
MessaggioInviato: 01 Ott 2009 20:10    Oggetto: Rispondi citando
Ciao ...non so come ringraziarti per la pazienza che hai...allora guardando la scansione ti posso dire che i file in
D:\C\UraniumBackup... li posso cancellare tutti senza problema visto che è un vecchio bakup di installazioni che non uso più..anzi potrei eliminare tutta la cartella...ma non muovo niente finchè non mi dici.......ciao e grazie ancora

URL di log KAS


report kasperskY.html
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 01 Ott 2009 21:48    Oggetto: Rispondi citando
Si, elimina tutto ciò che Kasper ha trovato infetto......e occhio ai crack, che riservano sempre brutte sorprese...


Puoi riattivare il ripristino di sistema se disattivato e riferisci se riscontri altri problemi.
Top
Profilo Invia messaggio privato
freddy60
Mortale pio
Mortale pio


Registrato: 29/09/09 00:55
Messaggi: 16
MessaggioInviato: 02 Ott 2009 00:18    Oggetto: Rispondi citando
Ciao Sante62 ho cancellato tutti i file e adesso farò l'ennesima scansione...avrei ancora due domande.

1 premetto che non uso MSN nella partizione c mi trovo dei file con estensione SQM tipo questo:
sqmdata07.sqm

vorrei sapere chi li crea e se li posso eliminare.

2 In questi giorni ho installato
MALAWAREBYTES
HIJACKTHIS
SUPERANTISPYWARE

dimmi quale devo tenere installato e quali programmi potrei tenere installati per manutenzioni ...esempio SPYBOOT CC CLEANER...e poi?

vabbè spero tu capisca che voglio dire
buonanotte
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 02 Ott 2009 09:35    Oggetto: Rispondi citando
freddy60 ha scritto:

1 premetto che non uso MSN nella partizione c mi trovo dei file con estensione SQM tipo questo:
sqmdata07.sqm

I file con estensione .sqm sono dei file prodotti da Windows Live Messenger e servono per il controllo delle prestazioni (acronimo di Service Quality Metrics).
Vengono installati ad ogni apertura, ma soltanto nella versione Beta del programma, cioè non in quella stabile.
Era un problema dello scorso anno, ed ora, con l'ultima versione di Live Messenger, il problema dovrebbe essere risolto.
freddy60 ha scritto:

2 In questi giorni ho installato
MALAWAREBYTES
HIJACKTHIS
SUPERANTISPYWARE
dimmi quale devo tenere installato e quali programmi potrei tenere installati per manutenzioni ...esempio SPYBOOT CC CLEANER...e poi?

Puoi tenere tutti i programmi elencati. Specialmente Malwarbytes, in caso di emergenza può tornare utile. Spybot è efficace se hai immunizzato il sistema.
Top
Profilo Invia messaggio privato
freddy60
Mortale pio
Mortale pio


Registrato: 29/09/09 00:55
Messaggi: 16
MessaggioInviato: 02 Ott 2009 12:58    Oggetto: Rispondi citando
OK grazie di tutto...spero che questi post servano ad altra gente che può incontrare i miei stessi problemi.
Siete stati grandi
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 02 Ott 2009 17:00    Oggetto: Rispondi
Non dimenticare di riattivare il ripristino....
Ciao
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi