Olimpo Informatico

[JOECOOL75]

CIAO HOLIFAY, MI SONO IMBATTUTO ANCHE IO NEL WIN32: SMALL-BTG... MI POTRESTI AIUTARE A RIMUOVERLO?
CON IL MIO ANTIVIRUS (AVAST ver. HOME) MI CONSIGLIA DI SPOSTARLO NEL CESTINO MA AD OGNI RIAVVIO DEL PC ME LO RITROVO.
AIUTAMI

[chemicalbit]

[holifay]

Ho visto che Win32 small/BTG è uno dei nomi con cui viene riconosciuto il trojan gromozon. Prima di tutto quindi è meglio se fai girare questo tool e poi posti il contenuto del file c:/gromozon_removal.log e gli altri log richiesti più sopra.

[JOECOOL75]

ALLORA QUESTO è IL LOG DI HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 9.27.02, on 20/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\iTunes\iTunes.exe
C:\Programmi\iPod\bin\iPodService.exe
M:\Si.exe
C:\Programmi\Alwil Software\Avast4\ashSimpl.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {96F6CD36-B5B8-7CB6-492F-5CB221378714} - C:\WINDOWS\povea1.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4851/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GruppoLaBaia.locale
O17 - HKLM\Software\..\Telephony: DomainName = GruppoLaBaia.locale
O17 - HKLM\System\CCS\Services\Tcpip\..\{A507976F-0E66-412A-893E-795F4FFDEE84}: NameServer = 213.140.2.43,213.140.2.49
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GruppoLaBaia.locale
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = GruppoLaBaia.locale
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = GruppoLaBaia.locale
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe


E QUESTO è IL LOG DI ROOTKITREVEAL:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs 22/08/2006 18.04 66 bytes Windows API length not consistent with raw hive data.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\30\292-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3230-{ 19/09/2006 12.06 73.56 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\30\292-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3230-{ 19/09/2006 12.06 5.07 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\30\292-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3230-{ 19/09/2006 12.06 8.24 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\31\3231-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3231- 19/09/2006 11.50 43.76 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\31\3231-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3231- 19/09/2006 11.50 3.19 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\31\3231-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3231- 19/09/2006 11.50 4.88 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\32\3232-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3232- 19/09/2006 12.09 43.01 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\32\3232-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3232- 19/09/2006 12.09 2.98 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\32\3232-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3232- 19/09/2006 12.09 4.75 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\33\3233-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3233- 19/09/2006 17.18 21.23 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\33\3233-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3233- 19/09/2006 17.18 1.56 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\33\3233-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3233- 19/09/2006 17.18 2.30 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\35\3235-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3235- 19/09/2006 17.19 58.11 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\35\3235-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3235- 19/09/2006 17.19 4.07 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\35\3235-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3235- 19/09/2006 17.19 6.53 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\54\3454-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3454- 19/09/2006 11.00 30.05 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\54\3454-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3454- 19/09/2006 11.00 3.40 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\70\3370-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3370- 01/09/2006 9.28 34.83 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\70\3370-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3370- 01/09/2006 9.28 3.88 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\71\3271-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3271- 01/09/2006 9.28 35.13 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\71\3271-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3271- 01/09/2006 9.28 3.99 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\71\3371-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3371- 01/09/2006 9.28 40.97 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\71\3371-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3371- 01/09/2006 9.28 4.59 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\72\3272-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3272- 01/09/2006 9.28 30.19 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\72\3272-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3272- 01/09/2006 9.28 3.31 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\72\3372-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3372- 01/09/2006 9.28 51.66 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\72\3372-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3372- 01/09/2006 9.28 5.78 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\73\3273-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3273- 01/09/2006 9.28 45.82 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\73\3273-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3273- 01/09/2006 9.28 5.14 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\73\3373-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3373- 01/09/2006 9.28 44.17 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\73\3373-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3373- 01/09/2006 9.28 4.84 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\74\3274-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3274- 01/09/2006 9.28 21.44 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\74\3274-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3274- 01/09/2006 9.28 2.38 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\74\3374-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3374- 01/09/2006 9.28 20.14 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\74\3374-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3374- 01/09/2006 9.28 2.26 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\75\3275-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3275- 01/09/2006 9.28 38.49 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\75\3275-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3275- 01/09/2006 9.28 4.32 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\75\3375-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3375- 01/09/2006 9.28 35.55 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\75\3375-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3375- 01/09/2006 9.28 3.98 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\76\3276-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3276- 01/09/2006 9.28 18.94 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\76\3276-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3276- 01/09/2006 9.28 8.95 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\76\3376-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3376- 01/09/2006 9.28 52.15 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\76\3376-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3376- 01/09/2006 9.28 5.83 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\77\3277-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3277- 01/09/2006 9.28 38.46 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\77\3277-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3277- 01/09/2006 9.28 4.25 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\77\3377-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3377- 01/09/2006 9.28 32.06 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\77\3377-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3377- 01/09/2006 9.28 3.56 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\78\3278-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3278- 01/09/2006 9.28 39.62 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\78\3278-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3278- 01/09/2006 9.28 4.51 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\78\3378-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3378- 01/09/2006 9.28 33.83 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\78\3378-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3378- 01/09/2006 9.28 3.86 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\79\3279-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3279- 01/09/2006 9.28 47.72 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\79\3279-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3279- 01/09/2006 9.28 5.25 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\79\3379-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3379- 01/09/2006 9.28 64.89 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\79\3379-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3379- 01/09/2006 9.28 7.18 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\80\3280-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3280- 01/09/2006 9.28 29.02 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\80\3280-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3280- 01/09/2006 9.28 3.20 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\80\3380-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3380- 01/09/2006 9.28 37.22 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\80\3380-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3380- 01/09/2006 9.28 4.16 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\81\3281-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3281- 01/09/2006 9.28 43.25 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\81\3281-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3281- 01/09/2006 9.28 4.84 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\81\3381-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3381- 01/09/2006 9.28 6.90 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\81\3381-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3381- 01/09/2006 9.28 776 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\82\3282-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3282- 01/09/2006 9.28 46.84 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\82\3282-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3282- 01/09/2006 9.28 5.23 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\82\3382-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3382- 01/09/2006 9.28 32.71 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\82\3382-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3382- 01/09/2006 9.28 3.62 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\83\3283-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3283- 01/09/2006 9.28 22.39 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\83\3283-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3283- 01/09/2006 9.28 2.53 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\83\3383-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3383- 01/09/2006 9.28 15.90 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\83\3383-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3383- 01/09/2006 9.28 1.76 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\84\3284-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3284- 01/09/2006 9.28 35.41 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\84\3284-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3284- 01/09/2006 9.28 3.89 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\84\3384-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3384- 01/09/2006 9.28 41.14 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\84\3384-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3384- 01/09/2006 9.28 4.63 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\85\3285-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3285- 01/09/2006 9.28 44.03 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\85\3285-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3285- 01/09/2006 9.28 4.91 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\85\3385-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3385- 01/09/2006 9.28 39.40 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\85\3385-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3385- 01/09/2006 9.28 4.42 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\86\3286-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3286- 01/09/2006 9.28 36.52 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\86\3286-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3286- 01/09/2006 9.28 4.06 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\86\3386-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3386- 01/09/2006 9.28 35.94 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\86\3386-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3386- 01/09/2006 9.28 4.02 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\87\3287-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3287- 01/09/2006 9.28 45.03 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\87\3287-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3287- 01/09/2006 9.28 5.11 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\87\3387-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3387- 01/09/2006 9.28 26.40 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\87\3387-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3387- 01/09/2006 9.28 2.96 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\88\3288-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3288- 01/09/2006 9.28 33.85 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\88\3288-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3288- 01/09/2006 9.28 3.79 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\88\3388-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3388- 01/09/2006 9.28 50.60 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\88\3388-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3388- 01/09/2006 9.28 5.85 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\89\3289-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3289- 01/09/2006 9.28 46.42 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\89\3289-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3289- 01/09/2006 9.28 5.20 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\89\3389-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3389- 01/09/2006 9.28 48.28 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\89\3389-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3389- 01/09/2006 9.28 5.34 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\90\3290-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3290- 01/09/2006 9.28 59.81 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\90\3290-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3290- 01/09/2006 9.28 6.63 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\90\3390-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3390- 01/09/2006 9.28 74.30 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\90\3390-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3390- 01/09/2006 9.28 8.19 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\91\3291-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3291- 01/09/2006 9.28 61.38 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\91\3291-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3291- 01/09/2006 9.28 6.80 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\91\3391-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3391- 01/09/2006 9.28 74.95 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\91\3391-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3391- 01/09/2006 9.28 8.18 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\92\3292-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3292- 01/09/2006 9.28 49.04 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\92\3292-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3292- 01/09/2006 9.28 5.44 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\92\3392-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3392- 01/09/2006 9.28 72.82 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\92\3392-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3392- 01/09/2006 9.28 8.11 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\93\3293-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3293- 01/09/2006 9.28 40.25 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\93\3293-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3293- 01/09/2006 9.28 4.54 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\93\3393-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3393- 01/09/2006 9.28 90.61 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\93\3393-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3393- 01/09/2006 9.28 9.96 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\94\3294-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3294- 01/09/2006 9.28 37.19 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\94\3294-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3294- 01/09/2006 9.28 4.09 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\94\3394-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3394- 01/09/2006 9.28 61.50 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\94\3394-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3394- 01/09/2006 9.28 6.81 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\95\3295-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3295- 01/09/2006 9.28 29.23 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\95\3295-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3295- 01/09/2006 9.28 3.37 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\95\3395-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3395- 01/09/2006 9.28 91.15 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\95\3395-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3395- 01/09/2006 9.28 10.05 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\96\3296-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3296- 01/09/2006 9.28 57.70 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\96\3296-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3296- 01/09/2006 9.28 6.55 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\96\3396-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3396- 01/09/2006 9.28 76.34 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\96\3396-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3396- 01/09/2006 9.28 8.42 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\97\3297-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3297- 01/09/2006 9.28 33.29 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\97\3297-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3297- 01/09/2006 9.28 3.73 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\97\3397-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3397- 01/09/2006 9.28 21.62 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\97\3397-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3397- 01/09/2006 9.28 3.01 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\98\3298-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3298- 01/09/2006 9.28 34.32 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\98\3298-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3298- 01/09/2006 9.28 3.84 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\98\3398-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3398- 01/09/2006 9.28 46.08 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\98\3398-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3398- 01/09/2006 9.28 5.13 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\99\3299-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3299- 01/09/2006 9.28 39.56 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\99\3299-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3299- 01/09/2006 9.28 4.41 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\99\3399-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3399- 01/09/2006 9.28 34.15 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\joecool75@libero.it\SharingMetadata\assia19@hotmail.it\DFSR\Staging\CS{7F89A4E4-9BA3-3BD7-67D3-99C70AE06CD1}\99\3399-{14C84F54-C83D-4957-ABDD-FAEAC41C7526}-v3399- 01/09/2006 9.28 4.61 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\177O2KHR\icon_biggrin[1].gif 20/09/2006 14.33 172 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\177O2KHR\icon_exclaim[1].gif 20/09/2006 14.33 236 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\177O2KHR\icon_mad[1].gif 20/09/2006 14.33 174 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\177O2KHR\icon_sad[1].gif 20/09/2006 14.33 171 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\177O2KHR\no[1].htm 20/09/2006 14.27 11.97 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\1FJ31YQU\icon_arrow[1].gif 20/09/2006 14.33 170 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\1FJ31YQU\icon_confused[1].gif 20/09/2006 14.33 171 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\1FJ31YQU\icon_cry[1].gif 20/09/2006 14.33 498 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\1FJ31YQU\look[1].jsp 20/09/2006 14.32 1.28 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\4TEV4LQN\door[3].jsp 20/09/2006 14.33 6.09 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\4TEV4LQN\front[1].asp 20/09/2006 14.27 377 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\4TEV4LQN\icon_lol[1].gif 20/09/2006 14.33 336 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\4TEV4LQN\icon_wink[1].gif 20/09/2006 14.33 170 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\4TEV4LQN\no[1].htm 20/09/2006 14.33 11.97 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\4TEV4LQN\viewtopic[1].php 20/09/2006 14.27 8.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\6JM1G7QN\icon_twisted[1].gif 20/09/2006 14.33 238 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\6JM1G7QN\posting[1].htm 20/09/2006 14.33 35.70 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\6JM1G7QN\posting[1].php 20/09/2006 14.33 9.85 KB Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\AHI58PK9\al[1].htm 20/09/2006 14.32 0 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\AHI58PK9\front[1].asp 20/09/2006 14.33 377 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\AHI58PK9\icon_cool[1].gif 20/09/2006 14.33 172 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\AHI58PK9\icon_evil[1].gif 20/09/2006 14.33 236 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\N21BHTWQ\icon_question[1].gif 20/09/2006 14.33 248 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\N21BHTWQ\icon_razz[1].gif 20/09/2006 14.33 176 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\N21BHTWQ\icon_surprised[1].gif 20/09/2006 14.33 174 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\VAJYZNYS\icon_eek[1].gif 20/09/2006 14.33 170 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\VAJYZNYS\icon_idea[1].gif 20/09/2006 14.33 176 bytes Hidden from Windows API.
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\VAJYZNYS\icon_redface[1].gif 20/09/2006 14.33 650 bytes Hidden from Windows API.
C:\WINDOWS\povea1.dll 14/09/2006 10.43 74.16 KB Hidden from Windows API.
C:\WINDOWS\system32\com4.mfb 20/09/2006 14.32 138.97 KB Hidden from Windows API.



HO FATTO QUELLO KE MI DICEVI CHEMICALBIT...ADESSO ILLUMINAMI.!

[holifay]

OK, sei affetto da gromozon / linkoptimizer

Leggi il mio post più sopra: era nell´altro topic che ho unito a questo. Usa il tool della PrevX e poi posta il log c:/gromozon_removal.log

[JOECOOL75]

Removal tool loaded into memory
------------------------------------
Executing rootkit removal engine....
------------------------------------
Disabling rootkit file: \\?\C:\WINDOWS\system32\com4.mfb
\\?\C:\WINDOWS\system32\com4.mfb
Resetting file permissions...
Clearing attributes...
Accesso negato - C:\_cleaned.tmp
Removing file...
C:\_cleaned.tmp
Rootkit removed! Cleaning up...

Removing temp files...
Scanning: C:\WINDOWS
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\povea1.dll
Removed!
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\System\avIwZZ.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\BYKL.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\BYZT.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\CeH.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\DiDscz.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\DPIR.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\dSV.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\EAUxmc.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\Ecf.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\EgN.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\ePx.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\Fvi.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\GFj.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\ggu.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\gjFtPI.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\hLb.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\innet.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\IVksmM.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\JKrOEV.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\JQga.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\jTgf.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\kgcqc.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\kMo.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\lIZ.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\LLo.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\lrFP.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\lrl.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\LSA.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\lxf.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\MSJ.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\NCt.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\odeI.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\ofL.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\ofZW.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\OKX.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\oqpxB.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\otrLlG.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\PmT.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\qoh.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\SMI.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\SVEAVL.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\TKEqK.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\tNm.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\UCdzL.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\uVRbgq.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\VBZ.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\vKE.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\vKX.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\wSL.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\XMb.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\XYqNl.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ
Removing protected file: C:\Programmi\File comuni\System\YMqxB.exe
Removing directory: C:\Documents and Settings\\ghjpjfckrBkJsXZ


Trojan.Gromozon Removed!

E ADESSO ???

[JOECOOL75]

DIMENTICAVO MI CONSIGLIA DI SCARICARE PREVX1 PER PROTEGGERMI DA FUTURI ATTACCHI DI GROMOZON E ALTRI MALWARE, CHE FO ?

[holifay]

PrevX puoi scaricarlo a tua scelta. Tra 30 giorni dovrai comperarlo.

Adesso finiamo il lavoro:

1) dimmi quali cartelle hai in c:/documents and settings
2) scarica GMER da www.gmer.net
Avvialo, clicca sul tab Rootkit >> Scan. Quando ha finito copia il log premendo Copy. Allo stesso modo fai il log dal tab Autostart.
Copia e incolla qui i due log

[JOECOOL75]

in c/documentsandsettings ho le seguenti cartelle:

ADMINISTRATOR
ADMINISTRATOR.PCARETTI
caretti
pcaretti
All users
Default User

[holifay]

mi dici per favre anche la loro data di creazione? Queste due le hai impostate tu?

ADMINISTRATOR
ADMINISTRATOR.PCARETTI


Poi posta anche le altre info fatte da GMER

[JOECOOL75]

ECCO IL RESTO DEI LOG.
FAMMI SAPERE


GMER 1.0.11.11349 - http://www.gmer.net
Rootkit 2006-09-21 15:33:04
Windows 5.1.2600 Service Pack 2


---- Processes - GMER 1.0.11 ----

Process services.exe (*** hidden *** ) [720] 81E19DA0
Process svchost.exe (*** hidden *** ) [1052] 81E32A20
Process svchost.exe (*** hidden *** ) [892] 81E01880
Process ashMaiSv.exe (*** hidden *** ) [248] 81EAA418
Process ashWebSv.exe (*** hidden *** ) [264] 81E9A6C8
Process alg.exe (*** hidden *** ) [500] 81B339E0
Process lsass.exe (*** hidden *** ) [732] 81F19DA0
Process winlogon.exe (*** hidden *** ) [676] 81E1E460
Process svchost.exe (*** hidden *** ) [1100] 81E1C950
Process CDAC11BA.EXE (*** hidden *** ) [1592] 81DBB4A8
Process System (*** hidden *** ) [4] 823CAA00
Process svchost.exe (*** hidden *** ) [1232] 81E39768
Process ashServ.exe (*** hidden *** ) [1560] 81CA4B28
Process svchost.exe (*** hidden *** ) [968] 81DE54E8
Process svchost.exe (*** hidden *** ) [4040] 81A812F0
Process CAPPSWK.EXE (*** hidden *** ) [1316] 81EDBDA0
Process svchost.exe (*** hidden *** ) [1732] 81E21C08
Process csrss.exe (*** hidden *** ) [652] 81E18460
Process MDM.EXE (*** hidden *** ) [1644] 81FD32C8
Process spoolsv.exe (*** hidden *** ) [1384] 81E48A50
Process iPodService.exe (*** hidden *** ) [3716] 81AB3410

---- Files - GMER 1.0.11 ----

ADS ...

---- EOF - GMER 1.0.11 ----
GMER 1.0.11.11349 - http://www.gmer.net
Autostart 2006-09-21 16:03:13
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
C-DillaCdaC11BA /*C-DillaCdaC11BA*/@ = C:\WINDOWS\system32\drivers\CDAC11BA.EXE
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
WinNii /*WinNii*/@ = "C:\Programmi\File comuni\System\BYKL.exe" /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{C0C4375A-5B72-4efe-929D-3B848C3A1E91} /*Message View*/C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
FineReader@{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F} = C:\Programmi\ABBYY\FineReader 6.0\FECMenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
@{96F6CD36-B5B8-7CB6-492F-5CB221378714}C:\WINDOWS\povea1.dll /*file not found*/ = C:\WINDOWS\povea1.dll /*file not found*/
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll = C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = GruppoLaBaia.locale

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A507976F-0E66-412A-893E-795F4FFDEE84} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.9 192.168.112.2 = 192.168.1.9 192.168.112.2
@NameServer213.140.2.43,213.140.2.49 = 213.140.2.43,213.140.2.49
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

---- EOF - GMER 1.0.11 ----

[JOECOOL75]

SI QUELLE DUE CARTELLE LE HO CREATE IO PER POTER ENTRARE IN RETE.

ADMINISTRATOR è stata creata il 11/10/2005
ADMINISTRATOR.PCARETTI il 28/02/2006

[holifay]

Scarica The Avenger ed estrai l´eseguibile sul desktop.

Seleziona con il mouse il contenuto del riquadro qui sotto e copialo negli appunti (premi CTRL+C).

[JOECOOL75]

Logfile of HijackThis v1.99.1
Scan saved at 16.53.47, on 21/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\userinit.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4851/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GruppoLaBaia.locale
O17 - HKLM\Software\..\Telephony: DomainName = GruppoLaBaia.locale
O17 - HKLM\System\CCS\Services\Tcpip\..\{A507976F-0E66-412A-893E-795F4FFDEE84}: NameServer = 213.140.2.43,213.140.2.49
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GruppoLaBaia.locale
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = GruppoLaBaia.locale
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = GruppoLaBaia.locale
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe


e

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\biokhcxa

*******************

Script file located at: \??\C:\leottiwo.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\WinNii deleted successfully.


File C:\Programmi\File comuni\System\BYKL.exe not found!
Deletion of file C:\Programmi\File comuni\System\BYKL.exe failed!

Could not process line:
C:\Programmi\File comuni\System\BYKL.exe
Status: 0xc0000034



File C:\WINDOWS\povea1.dll not found!
Deletion of file C:\WINDOWS\povea1.dll failed!

Could not process line:
C:\WINDOWS\povea1.dll
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96F6CD36-B5B8-7CB6-492F-5CB221378714} deleted successfully.

Completed script processing.

*******************

Finished! Terminate

[holifay]

tranquillo, è tutto a posto: i file non dovevano esserci, te li avevo messi per sicurezza


Avvia HijackThis, poi chiudi tutte le finestre lasciando aperto solo HijackThis. Clicca Do a System Scan only, metti un segno di spunta sulla casella accanto a queste voci e al temine premi Fix checked

[JOECOOL75]

ecco il risultato della mia scanzione con kaspersky....

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, September 22, 2006 10:11:40 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/09/2006
Kaspersky Anti-Virus database records: 212327
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
M:\

Scan Statistics:
Total number of scanned objects: 51146
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:45:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\pcaretti\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\pcaretti\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\pcaretti\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\pcaretti\Impostazioni locali\Temp\PXR2.tmp Object is locked skipped
C:\Documents and Settings\pcaretti\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pcaretti\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\pcaretti\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped
C:\Programmi\Microsoft Office\OFFICE11\Libreria\EUROTOOL.XLA Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CD65A871-1097-4005-AB0C-681F9B5CA737}\RP18\A0017147.exe Object is locked skipped
C:\System Volume Information\_restore{CD65A871-1097-4005-AB0C-681F9B5CA737}\RP18\change.log Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F682FAB3-BEE8-4252-B84F-A66B64D8A1B8}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_610.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_cleaned.tmp Object is locked skipped
M:\Ditte\LABAIA\PRIVATE.DBC Object is locked skipped
M:\Ditte\LABAIA\private.dct Object is locked skipped
M:\Ditte\LABAIA\PRIVATE.DCX Object is locked skipped
M:\Sysdata\SYSTEM.DBC Object is locked skipped
M:\Sysdata\System.dct Object is locked skipped
M:\Sysdata\System.dcx Object is locked skipped
M:\Sysdata\users.CDX Object is locked skipped
M:\Sysdata\users.DBF Object is locked skipped
M:\Sysdata\users.FPT Object is locked skipped

Scan process completed.


adesso sono a posto ?

[holifay]

Quasi

Disattiva il ripristino di sistema, riavvia e poi riabilitalo. Questo cancellerà gli eventuali file infetti presenti nella cartella di sistema C:/System Volume Information. Per sapere come fare, leggi qui

Poi apri JAVA dal pannello di controllo, elimina i suoi file temporanei ed esegui gli aggiornamenti.

Ciao!

[JOECOOL75]

adesso sono pulito ? :d
ciao

[holifay]

Per quanto posso vedere sì, almeno fino alla prossima infezione

Ciao!

[JOECOOL75]

ok... almeno so che posso contare su di voi..
ciao e grazie....