Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

un nuovo dialer

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

un nuovo dialer

Postdi essed » 19/02/07 16:24

buongiorno a tutti
nel mio computer c'è una nuova presenza ben nascosta, che ogni tanto tenta di collegarsi a internet tramite modem 56k.
il software tra i processi si chiama 0005, dopo di che si collega all'utilissimo sito:
h ttp:// http://www.andromedical.com/?ID_AFFILIATE=41380
sotto ho copiato il file log
mi aiutereste per favore??

Logfile of HijackThis v1.99.1
Scan saved at 16:19:24, on 19/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\windows\system32\svchost.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Software Bluetooth\bin\btwdins.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Winamp\winamp.exe
C:\Program Files\Caffe\Server.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\regedit.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
E:\download\virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\system32\toshiba-word.exe",
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Programmi\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Caffe-Server] C:\Program Files\Caffe\Server.exe
O4 - Startup: NOD32.lnk = C:\Programmi\Eset\nod32.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - https://bdsbusinessweb.bancodisicilia.i ... J2kQrc.cab
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} (BLZPlayerAxCtrl Class) - http://visualizzamms.net.vodafone.it/mm ... tiveXs.cab
O16 - DPF: {13083D70-37BD-11D4-B315-00508B6D3B87} (/Quercia TLQJ 2000-QF24) - https://bdsbusinessweb.bancodisicilia.i ... qJ2kQF.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - https://bdsbusinessweb.bancodisicilia.i ... J2kOth.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://bdsbusinessweb.bancodisicilia.i ... J2kImg.cab
O16 - DPF: {572A663E-9756-4DAA-8F65-D97CEF308D64} (/Quercia TLQJ 2000-BDR) - https://bdsbusinessweb.bancodisicilia.i ... J2kBDR.cab
O16 - DPF: {59E6401A-A851-4E94-8DBA-40BD28BF4AA0} (/TlqJ 2000 LiberoBDR) - https://bdsbusinessweb.bancodisicilia.i ... Libero.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5486412833
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9389EFC0-3B78-482E-9974-6A365C571126} (/Quercia TLQJ 2000-TabF24) - https://bdsbusinessweb.bancodisicilia.i ... 2kTabF.cab
O16 - DPF: {A8680DA2-873A-11D4-928C-0050DAC7E112} (CTI_RECORDER) - http://fwbox.fastwebnet.it/webmail/comp ... plorer.cab
O16 - DPF: {AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4} (CamImage Class) - http://192.168.1.100/Comm/IPCamControl.cab
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://bdsbusinessweb.bancodisicilia.i ... J2kQCb.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://bdsbusinessweb.bancodisicilia.i ... J2kQDt.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFA27DF-3492-4A06-9733-C61E4D66A21D}: NameServer = 62.211.69.150,212.48.4.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2C1FB77-9963-47C0-80CD-99D286902C78}: NameServer = 62.211.69.150,212.48.4.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Software Bluetooth\bin\btwdins.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
essed
Utente Junior
 
Post: 66
Iscritto il: 01/08/05 12:54

Sponsor
 

Postdi Luke57 » 20/02/07 08:49

Ciao, scarica Avgpfix da qui:
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP
e tienilo da parte.
Apri hiajckthis, premi "do a system scan only", cerca e spunta le seguenti voci:
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\system32\toshiba-word.exe",
O20 - AppInit_DLLs:
premi fix checked.

Rendi visibili file e cartelle nascosti:
da risorse del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK

Con AVgpfix, elimina il seguente file:
c:\windows\system32\toshiba-word.exe

(basta lanciarlo, premere Start, individuare il file nel percorso ad albero e premere OK)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi essed » 20/02/07 12:48

perfetto...fatto tutto, solo non mi convince che:
con il security task manager mi rileva un processo che si chiama winhp32.exe in C:\windows che determina con il 100% del rischio (sarà particolarmente apprensivo???), mentre nel task manager normale personalmente non mi convince un processo che si chiama updduufx.exe che non ho mai visto prima, ma che non escludo si tratti di un programma installato recentemente.
qui c'è anche il file log mi dite se comunque è tutto a posto finalmente?

Logfile of HijackThis v1.99.1
Scan saved at 12:46:24, on 20/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\services.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Caffe\Server.exe
C:\Programmi\Software Bluetooth\bin\btwdins.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\PROGRA~1\WinFax\WFXMOD32.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Winamp\winamp.exe
E:\download\virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Programmi\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Caffe-Server] C:\Program Files\Caffe\Server.exe
O4 - Startup: NOD32.lnk = C:\Programmi\Eset\nod32.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - https://bdsbusinessweb.bancodisicilia.i ... J2kQrc.cab
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} (BLZPlayerAxCtrl Class) - http://visualizzamms.net.vodafone.it/mm ... tiveXs.cab
O16 - DPF: {13083D70-37BD-11D4-B315-00508B6D3B87} (/Quercia TLQJ 2000-QF24) - https://bdsbusinessweb.bancodisicilia.i ... qJ2kQF.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - https://bdsbusinessweb.bancodisicilia.i ... J2kOth.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://bdsbusinessweb.bancodisicilia.i ... J2kImg.cab
O16 - DPF: {572A663E-9756-4DAA-8F65-D97CEF308D64} (/Quercia TLQJ 2000-BDR) - https://bdsbusinessweb.bancodisicilia.i ... J2kBDR.cab
O16 - DPF: {59E6401A-A851-4E94-8DBA-40BD28BF4AA0} (/TlqJ 2000 LiberoBDR) - https://bdsbusinessweb.bancodisicilia.i ... Libero.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5486412833
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9389EFC0-3B78-482E-9974-6A365C571126} (/Quercia TLQJ 2000-TabF24) - https://bdsbusinessweb.bancodisicilia.i ... 2kTabF.cab
O16 - DPF: {A8680DA2-873A-11D4-928C-0050DAC7E112} (CTI_RECORDER) - http://fwbox.fastwebnet.it/webmail/comp ... plorer.cab
O16 - DPF: {AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4} (CamImage Class) - http://192.168.1.100/Comm/IPCamControl.cab
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://bdsbusinessweb.bancodisicilia.i ... J2kQCb.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://bdsbusinessweb.bancodisicilia.i ... J2kQDt.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFA27DF-3492-4A06-9733-C61E4D66A21D}: NameServer = 62.211.69.150,212.48.4.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2C1FB77-9963-47C0-80CD-99D286902C78}: NameServer = 62.211.69.150,212.48.4.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Software Bluetooth\bin\btwdins.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

grazie sempre...
essed
Utente Junior
 
Post: 66
Iscritto il: 01/08/05 12:54

Postdi Luke57 » 20/02/07 13:10

Ciao, co il log di hiajckthis questo malwarenon si vede bene.
Scarica
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verrà rilasciato in C:\suspectfile il file report.txt.
Vai su
http://www.easy-share.com
carica il file suddetto con sfoglia e premendo upload e nella tua prossima risposta scrivi l'URL per scaricarlo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi essed » 20/02/07 20:04

ho fatto tutto...siccome non ho capito a quale url ti riferivi esattamente te li mando tutti.
eccoteli!

url dellapagina del programma:
http://w12.easy-share.com/cgi-bin/upload.cgi

Your download url:
file url:
http://w12.easy-share.com/891362.html
html code
<a target="_blank" href="http://w12.easy-share.com/891362.html">download</a>
bb code
download
Use this url to delete this file:
http://w12.easy-share.com/891362/del_pwe6nlr1c6qxs3it
essed
Utente Junior
 
Post: 66
Iscritto il: 01/08/05 12:54

Postdi Luke57 » 21/02/07 08:05

Ciao, è stato cancellato il linkper scaicare il file. Ci va rimesso.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi essed » 21/02/07 17:02

ciao,
rieccoti i link, credo che basti questo..

file url:
http://w12.easy-share.com/892073.html

bb code
download
essed
Utente Junior
 
Post: 66
Iscritto il: 01/08/05 12:54

Postdi Luke57 » 21/02/07 17:52

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | egagma.exe

Files to delete:
C:\WINDOWS\winhp32.exe
C:\WINDOWS\50254173121.exe
C:\WINDOWS\msnhp32.dll
C:\WINDOWS\TEMP\egagma.exe
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR10.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR11.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR12.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR13.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR14.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR15.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR16.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR17.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR18.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR19.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1A.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1B.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1C.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1D.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1E.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1F.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR20.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR21.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR22.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR23.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR24.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR25.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR26.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR27.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR28.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR29.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2A.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2B.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2C.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2D.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2E.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2F.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR30.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR31.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR32.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR33.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR34.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR35.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR36.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR37.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR38.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR39.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3A.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3B.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3C.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3D.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3E.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3F.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR40.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR41.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR42.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR43.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR44.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR45.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR46.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR47.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR48.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR49.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4A.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4B.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4C.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4D.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4E.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4F.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR50.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR51.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR52.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR53.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR54.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR55.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR56.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR57.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR58.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR59.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5A.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5B.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5C.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5D.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5E.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5F.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR60.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR61.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR62.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR63.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR64.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR65.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR66.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR67.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR68.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR69.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6A.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6B.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6C.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6D.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6E.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6F.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR7.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR70.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR71.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR72.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR73.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR74.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR75.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR76.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR8.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR9.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRA.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRB.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRC.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRD.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRE.tmp
C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRF.tmp



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi essed » 22/02/07 14:59

ciao, come va? avete avuto problemi oggi??

qui c'è il file log, ma credo di avere ancora problemi....

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wlojytff

*******************

Script file located at: \??\C:\cflbjooy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\winhp32.exe deleted successfully.
File C:\WINDOWS\50254173121.exe deleted successfully.
File C:\WINDOWS\msnhp32.dll deleted successfully.


File C:\WINDOWS\TEMP\egagma.exe not found!
Deletion of file C:\WINDOWS\TEMP\egagma.exe failed!

Could not process line:
C:\WINDOWS\TEMP\egagma.exe
Status: 0xc0000034

File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR10.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR11.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR12.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR13.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR14.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR15.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR16.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR17.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR18.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR19.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1A.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1B.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1C.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1D.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1E.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR1F.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR20.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR21.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR22.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR23.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR24.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR25.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR26.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR27.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR28.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR29.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2A.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2B.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2C.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2D.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2E.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR2F.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR30.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR31.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR32.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR33.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR34.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR35.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR36.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR37.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR38.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR39.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3A.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3B.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3C.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3D.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3E.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR3F.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR40.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR41.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR42.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR43.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR44.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR45.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR46.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR47.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR48.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR49.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4A.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4B.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4C.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4D.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4E.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR4F.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR50.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR51.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR52.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR53.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR54.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR55.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR56.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR57.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR58.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR59.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5A.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5B.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5C.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5D.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5E.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR5F.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR60.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR61.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR62.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR63.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR64.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR65.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR66.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR67.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR68.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR69.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6A.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6B.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6C.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6D.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6E.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR6F.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR7.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR70.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR71.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR72.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR73.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR74.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR75.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR76.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR8.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXR9.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRA.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRB.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRC.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRD.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRE.tmp deleted successfully.
File C:\Documents and Settings\internetteria\Impostazioni locali\Temp\PXRF.tmp deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|1 deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|egagma.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
essed
Utente Junior
 
Post: 66
Iscritto il: 01/08/05 12:54

Postdi Luke57 » 22/02/07 15:35

Ciao, scarica Gmer da qui:
http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe, con tutte le altre applicazioni chiuse.
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, spunta anche la casella ADS , fai uno Scan completo. Al termine clicca Copy e incolla il report in un file di testo.
Ritorna su Gmer, premi il tab Autostart (non spuntare la casella show all) e premi Scan. Al termine click su Copy e incolla il report nel medesimo foglio di testo.
Poi, copia e incolla i due report in un post nel forum.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi essed » 22/02/07 17:19

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-22 17:13:38
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.12 ----

SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys











ZwOpenProcess
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys











ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 44D











804DF0CC 2 Bytes [ 12, 18 ]
.text ntoskrnl.exe!_abnormal_termination + 450











804DF0CF 1 Byte [ F8 ]
.text ntdll.dll!NtClose











77F658AA 5 Bytes JMP

7203407A
.text ntdll.dll!NtCreateProcess











77F659F4 5 Bytes JMP

72034205
.text ntdll.dll!NtCreateProcessEx











77F65A03 5 Bytes JMP

720340E9
.text ntdll.dll!NtCreateSection











77F65A21 5 Bytes JMP

72034098

---- User code sections - GMER 1.0.12 ----

.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

kernel32.dll!SizeofResource









77E4D2CF 7 Bytes JMP

27001C20 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

kernel32.dll!FindResourceW









77E4D339 7 Bytes JMP

27001A60 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

kernel32.dll!CreateEventA









77E54DE5 5 Bytes JMP

27001840 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

kernel32.dll!LoadResource









77E5638B 7 Bytes JMP

27001B70 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

kernel32.dll!FindResourceExW









77E563D4 7 Bytes JMP

27001AE0 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

kernel32.dll!LockResource









77E5E351 7 Bytes JMP

27001CD0 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

kernel32.dll!SetUnhandledExceptionFilter









77E5E5A1 9 Bytes JMP

004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

ADVAPI32.dll!CryptDecrypt









77DAE737 7 Bytes JMP

27001050 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

ADVAPI32.dll!CryptDeriveKey









77DAE7E7 7 Bytes JMP

27001000 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

USER32.dll!PeekMessageW









77D18BDE 5 Bytes JMP

27003760 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

USER32.dll!CreateWindowExW









77D1DADF 5 Bytes JMP

27003270 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

USER32.dll!SetWindowPlacement









77D1F678 5 Bytes JMP

270049D0 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

USER32.dll!SetWindowRgn









77D22319 7 Bytes JMP

27004AB0 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

USER32.dll!CreateDialogParamW









77D2A3FA 5 Bytes JMP

27004E30 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

USER32.dll!MessageBoxIndirectW









77D426D2 5 Bytes JMP

27004F90 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

USER32.dll!TrackPopupMenuEx









77D4D934 5 Bytes JMP

27003F30 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

USER32.dll!FlashWindow









77D5E54A 5 Bytes JMP

27004B50 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

WS2_32.dll!WSARecv









71A319A0 5 Bytes JMP

27009390 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

WS2_32.dll!closesocket









71A31A6D 14 Bytes JMP

27009930 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

WS2_32.dll!send









71A31AF4 6 Bytes JMP

270095A0 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

WS2_32.dll!recv









71A35690 6 Bytes JMP

27009200 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

WS2_32.dll!WSASend









71A35722 5 Bytes JMP

27009720 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

SHELL32.dll!Shell_NotifyIconW









7CD1E128 5 Bytes JMP

27002BA0 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

ole32.dll!CoInitializeEx









4FEDDC81 5 Bytes JMP

27001D30 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

ole32.dll!CoRegisterClassObject









4FF014E4 5 Bytes JMP

27001E30 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

WININET.dll!HttpOpenRequestA









6300B019 6 Bytes JMP

27008180 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

WININET.dll!HttpSendRequestA









6300BF64 5 Bytes JMP

270083B0 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

WININET.dll!InternetCloseHandle









6300EF54 5 Bytes JMP

27008460 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2224]

WININET.dll!InternetReadFile









630124CF 6 Bytes JMP

270082E0 C:\Programmi\Messenger Plus!

Live\MsgPlusLive.dll

---- Files - GMER 1.0.12 ----

ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\alof_99@yahoo.com\Sharin

gMetadata\jelelangel@hotmail.com\DFSR\Staging\CS{EADFE093

-CB22-CC0E-984F-8F1643250115}\01\10-{EADFE093-CB22-CC0E-9

84F-8F1643250115}-v1-{40C1D072-9DB1-4294-8303-332080E1038

0}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5

d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\danila.arcifa@hotmail.it\DFSR\Staging\CS{8

D994C37-2C1D-0D6D-DDCB-8407762DBE74}\01\19-{8D994C37-2C1D

-0D6D-DDCB-8407762DBE74}-v1-{250CF285-61EC-414C-9AD7-78AC

928176E5}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51

ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\jelelangel@hotmail.com\DFSR\Staging\CS{F12

04FEC-1C4A-4208-69D0-67B1439C28FC}\01\32-{F1204FEC-1C4A-4

208-69D0-67B1439C28FC}-v1-{250CF285-61EC-414C-9AD7-78AC92

8176E5}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad

66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\ma_lu_78@hotmail.com\DFSR\Staging\CS{FDB55

60F-193E-4DCC-06B8-363368176D14}\01\29-{FDB5560F-193E-4DC

C-06B8-363368176D14}-v1-{250CF285-61EC-414C-9AD7-78AC9281

76E5}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66

eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\ma_lu_78@hotmail.com\DFSR\Staging\CS{FDB55

60F-193E-4DCC-06B8-363368176D14}\30\30-{250CF285-61EC-414

C-9AD7-78AC928176E5}-v30-{250CF285-61EC-414C-9AD7-78AC928

176E5}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad6

6eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\01\21-{254C6B5C-68FE-0

BE1-410A-15E19F48F160}-v1-{250CF285-61EC-414C-9AD7-78AC92

8176E5}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad

66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\11\149-{DB20375C-A951-

4653-9FCE-322A691F3456}-v11-{DB20375C-A951-4653-9FCE-322A

691F3456}-v149-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\12\26-{DB20375C-A951-4

653-9FCE-322A691F3456}-v12-{250CF285-61EC-414C-9AD7-78AC9

28176E5}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.rdc.1
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\12\26-{DB20375C-A951-4

653-9FCE-322A691F3456}-v12-{250CF285-61EC-414C-9AD7-78AC9

28176E5}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\13\61-{DB20375C-A951-4

653-9FCE-322A691F3456}-v13-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\14\63-{DB20375C-A951-4

653-9FCE-322A691F3456}-v14-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\15\65-{DB20375C-A951-4

653-9FCE-322A691F3456}-v15-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\16\67-{DB20375C-A951-4

653-9FCE-322A691F3456}-v16-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\17\69-{DB20375C-A951-4

653-9FCE-322A691F3456}-v17-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v69-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\18\71-{DB20375C-A951-4

653-9FCE-322A691F3456}-v18-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v71-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\19\73-{DB20375C-A951-4

653-9FCE-322A691F3456}-v19-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v73-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\20\75-{DB20375C-A951-4

653-9FCE-322A691F3456}-v20-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v75-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\21\77-{DB20375C-A951-4

653-9FCE-322A691F3456}-v21-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v77-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\22\79-{DB20375C-A951-4

653-9FCE-322A691F3456}-v22-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v79-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\23\81-{DB20375C-A951-4

653-9FCE-322A691F3456}-v23-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v81-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\24\83-{DB20375C-A951-4

653-9FCE-322A691F3456}-v24-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\25\85-{DB20375C-A951-4

653-9FCE-322A691F3456}-v25-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v85-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\26\87-{DB20375C-A951-4

653-9FCE-322A691F3456}-v26-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\27\89-{DB20375C-A951-4

653-9FCE-322A691F3456}-v27-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v89-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\28\91-{DB20375C-A951-4

653-9FCE-322A691F3456}-v28-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v91-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.rdc.1
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\28\91-{DB20375C-A951-4

653-9FCE-322A691F3456}-v28-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v91-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\29\93-{DB20375C-A951-4

653-9FCE-322A691F3456}-v29-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v93-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\30\95-{DB20375C-A951-4

653-9FCE-322A691F3456}-v30-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\31\97-{DB20375C-A951-4

653-9FCE-322A691F3456}-v31-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\32\99-{DB20375C-A951-4

653-9FCE-322A691F3456}-v32-{DB20375C-A951-4653-9FCE-322A6

91F3456}-v99-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51a

d66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\33\101-{DB20375C-A951-

4653-9FCE-322A691F3456}-v33-{DB20375C-A951-4653-9FCE-322A

691F3456}-v101-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\34\103-{DB20375C-A951-

4653-9FCE-322A691F3456}-v34-{DB20375C-A951-4653-9FCE-322A

691F3456}-v103-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\35\105-{DB20375C-A951-

4653-9FCE-322A691F3456}-v35-{DB20375C-A951-4653-9FCE-322A

691F3456}-v105-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\36\107-{DB20375C-A951-

4653-9FCE-322A691F3456}-v36-{DB20375C-A951-4653-9FCE-322A

691F3456}-v107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\37\109-{DB20375C-A951-

4653-9FCE-322A691F3456}-v37-{DB20375C-A951-4653-9FCE-322A

691F3456}-v109-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\38\111-{DB20375C-A951-

4653-9FCE-322A691F3456}-v38-{DB20375C-A951-4653-9FCE-322A

691F3456}-v111-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\39\113-{DB20375C-A951-

4653-9FCE-322A691F3456}-v39-{DB20375C-A951-4653-9FCE-322A

691F3456}-v113-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\40\115-{DB20375C-A951-

4653-9FCE-322A691F3456}-v40-{DB20375C-A951-4653-9FCE-322A

691F3456}-v115-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\41\117-{DB20375C-A951-

4653-9FCE-322A691F3456}-v41-{DB20375C-A951-4653-9FCE-322A

691F3456}-v117-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\42\119-{DB20375C-A951-

4653-9FCE-322A691F3456}-v42-{DB20375C-A951-4653-9FCE-322A

691F3456}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\43\121-{DB20375C-A951-

4653-9FCE-322A691F3456}-v43-{DB20375C-A951-4653-9FCE-322A

691F3456}-v121-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\44\123-{DB20375C-A951-

4653-9FCE-322A691F3456}-v44-{DB20375C-A951-4653-9FCE-322A

691F3456}-v123-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\45\125-{DB20375C-A951-

4653-9FCE-322A691F3456}-v45-{DB20375C-A951-4653-9FCE-322A

691F3456}-v125-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\46\127-{DB20375C-A951-

4653-9FCE-322A691F3456}-v46-{DB20375C-A951-4653-9FCE-322A

691F3456}-v127-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\47\129-{DB20375C-A951-

4653-9FCE-322A691F3456}-v47-{DB20375C-A951-4653-9FCE-322A

691F3456}-v129-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\48\131-{DB20375C-A951-

4653-9FCE-322A691F3456}-v48-{DB20375C-A951-4653-9FCE-322A

691F3456}-v131-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.rdc.1
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\48\131-{DB20375C-A951-

4653-9FCE-322A691F3456}-v48-{DB20375C-A951-4653-9FCE-322A

691F3456}-v131-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\49\141-{DB20375C-A951-

4653-9FCE-322A691F3456}-v49-{DB20375C-A951-4653-9FCE-322A

691F3456}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\50\143-{DB20375C-A951-

4653-9FCE-322A691F3456}-v50-{DB20375C-A951-4653-9FCE-322A

691F3456}-v143-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\51\145-{DB20375C-A951-

4653-9FCE-322A691F3456}-v51-{DB20375C-A951-4653-9FCE-322A

691F3456}-v145-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.rdc.1
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\51\145-{DB20375C-A951-

4653-9FCE-322A691F3456}-v51-{DB20375C-A951-4653-9FCE-322A

691F3456}-v145-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\52\147-{DB20375C-A951-

4653-9FCE-322A691F3456}-v52-{DB20375C-A951-4653-9FCE-322A

691F3456}-v147-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\53\133-{DB20375C-A951-

4653-9FCE-322A691F3456}-v53-{DB20375C-A951-4653-9FCE-322A

691F3456}-v133-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\54\135-{DB20375C-A951-

4653-9FCE-322A691F3456}-v54-{DB20375C-A951-4653-9FCE-322A

691F3456}-v135-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\55\137-{DB20375C-A951-

4653-9FCE-322A691F3456}-v55-{DB20375C-A951-4653-9FCE-322A

691F3456}-v137-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\eioneanche@hotmail.com\S

haringMetadata\sopravento@hotmail.com\DFSR\Staging\CS{254

C6B5C-68FE-0BE1-410A-15E19F48F160}\56\139-{DB20375C-A951-

4653-9FCE-322A691F3456}-v56-{DB20375C-A951-4653-9FCE-322A

691F3456}-v139-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b5

1ad66eb5d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\essed0n@hotmail.com\Shar

ingMetadata\sostanza@hotmail.com\DFSR\Staging\CS{0531D599

-D454-4B10-CDA8-478E52B722BA}\01\10-{0531D599-D454-4B10-C

DA8-478E52B722BA}-v1-{2E533371-7093-43F3-8310-41EC52F220F

A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5

d3}.XPRESS
ADS C:\Documents and

Settings\internetteria\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\ma_lu_78@hotmail.com\Sha

ringMetadata\eioneanche@hotmail.com\DFSR\Staging\CS{FDB55

60F-193E-4DCC-06B8-363368176D14}\01\10-{FDB5560F-193E-4DC

C-06B8-363368176D14}-v1-{BAA93EEC-CA21-4C88-A035-9D6C21CA

E0D4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66

eb5d3}.XPRESS
ADS E:\Preferiti\Dagospia.com - 29-04-2003 - COME TI

SLOGANIZZO LE ELEZIONI AMMINISTRATIVE DA VIVIANA

BECCALOSSI (:KAVICHS








ADS E:\Preferiti\Maporama.com :KAVICHS












ADS

E:\RECYCLER\S-1-5-21-839522115-920026266-854245398-1003\D

e4\Preferiti\Dagospia.com - 29-04-2003 - COME TI

SLOGANIZZO LE ELEZIONI AMMINISTRATIVE DA VIVIANA

BECCALOSSI (:KAVICHS






ADS

E:\RECYCLER\S-1-5-21-839522115-920026266-854245398-1003\D

e4\Preferiti\Maporama.com :KAVICHS











---- EOF - GMER 1.0.12 ----

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-22 17:18:18
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\SYSTEM32\Userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SASWinLogon@DLLName = C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Brother XP spl Service /*BrSplService*/@ = C:\WINDOWS\System32\brsvc01a.exe
btwdins /*Bluetooth Service*/@ = C:\Programmi\Software Bluetooth\bin\btwdins.exe
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
InCDsrvR /*InCD Helper (read only)*/@ = C:\Programmi\Ahead\InCD\InCDsrv.exe -r
LexBceS /*LexBce Server*/@ = C:\WINDOWS\system32\LEXBCES.EXE
NOD32krn /*NOD32 Kernel Service*/@ = "C:\Programmi\Eset\nod32krn.exe"
SimpTcp /*Servizi semplici TCP/IP*/@ = %SystemRoot%\System32\tcpsvcs.exe
SNMP /*Servizio SNMP*/@ = %SystemRoot%\System32\snmp.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
wfxsvc /*WinFax PRO*/@ = C:\WINDOWS\System32\WFXSVC.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@Lexmark X5100 Series"C:\Programmi\Lexmark X5100 Series\lxbabmgr.exe" = "C:\Programmi\Lexmark X5100 Series\lxbabmgr.exe"
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
@Samsung PanelMgrC:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun = C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
@WFXSwtchC:\PROGRA~1\WinFax\WFXSWTCH.exe = C:\PROGRA~1\WinFax\WFXSWTCH.exe
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\System32\ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
@Caffe-ServerC:\Program Files\Caffe\Server.exe = C:\Program Files\Caffe\Server.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\System32\upnpui.dll

HKLM\Software\Classes\.scr@ = C:\WINDOWS\NOTEPAD.EXE "%1"

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{A213B520-C6C2-11d0-AF9D-008029E1027E}C:\Programmi\WinFax\WfxSeh32.Dll = C:\Programmi\WinFax\WfxSeh32.Dll
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll
@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}C:\Programmi\SUPERAntiSpyware\SASSEH.DLL = C:\Programmi\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\System32\upnpui.dll = C:\WINDOWS\System32\upnpui.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/(null) =
@{950FF917-7A57-46BC-8017-59D9BF474000} /*Shell Extension for CDRW*/C:\Programmi\Ahead\InCD\incdshx.dll = C:\Programmi\Ahead\InCD\incdshx.dll
@CorelDRAW Shell Extension Component /*CorelDRAW Shell Extension Component*/(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\System32\BTNEIG~1.DLL = C:\WINDOWS\System32\BTNEIG~1.DLL
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{B089FE88-FB52-11d3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} /*ShellPlusContextMenu*/C:\WINDOWS\system32\b4fm.dll /*file not found*/ = C:\WINDOWS\system32\b4fm.dll /*file not found*/
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll /*file not found*/ = C:\Programmi\iTunes\iTunesMiniPlayer.dll /*file not found*/

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programmi\ICQLite\ICQLiteShell.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programmi\ICQLite\ICQLiteShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com/ = http://www.google.com/
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FFA27DF-3492-4A06-9733-C61E4D66A21D} /*Connessione alla rete locale (LAN) 3*/ >>>
@IPAddress192.168.1.150 = 192.168.1.150
@NameServer62.211.69.150,212.48.4.15 = 62.211.69.150,212.48.4.15
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A2C1FB77-9963-47C0-80CD-99D286902C78} /*Connessione alla rete locale (LAN) 2*/ >>>
@IPAddress192.168.1.150 = 192.168.1.150
@NameServer62.211.69.150,212.48.4.15 = 62.211.69.150,212.48.4.15
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = imon.dll
000000000002@PackedCatalogItem = imon.dll
000000000003@PackedCatalogItem = imon.dll
000000000004@PackedCatalogItem = imon.dll
000000000005@PackedCatalogItem = imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012@PackedCatalogItem = imon.dll

C:\Documents and Settings\internetteria\Menu Avvio\Programmi\Esecuzione automatica = NOD32.lnk

---- EOF - GMER 1.0.12 ----
essed
Utente Junior
 
Post: 66
Iscritto il: 01/08/05 12:54

Postdi Luke57 » 23/02/07 08:31

Ciao, nel log non vdedo niente di minaccioso.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi essed » 23/02/07 20:46

ciao luke, sei stato gentilissimo, e grazie per esserti interessato.
essed
Utente Junior
 
Post: 66
Iscritto il: 01/08/05 12:54


Torna a Sicurezza e Privacy


Topic correlati a "un nuovo dialer":

Nuovo user
Autore: djbrake1977
Forum: Forum off-topic
Risposte: 0
Nuovo Pc
Autore: Kamui
Forum: Assistenza Hardware
Risposte: 28
Nuovo iscritto
Autore: briscola
Forum: Forum off-topic
Risposte: 0
PC Nuovo
Autore: nikola9099
Forum: Consigli per gli acquisti
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti