Condividi:        

win32.agent e sgrunt?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

win32.agent e sgrunt?

Postdi rirù » 20/01/07 01:02

Ciao a tutti..
qualche giorno fa ho fatto una scansione con spybot e ha trovato nel mio pc 3 voci nel registro di sistema che attribuisce a win32.agent.xv.. premetto che avg nn mi rileva nulla, soltanto un cambamento nel file hosts che ho provveduto a cambiare.
Bene, ho provato a trovare altre tracce con vari programmi che mi sono stati consilgiati, come hijackthis, virit, antivir, avg anti-spyware.. ho fatto anche alcune scansioni on-line con kaspersky, bitdefender, ma nessuno di questi mi ha trovato niente..
solo una scansione on-line con panda ha trovato un certo "sgrunt" ma ho scaricato un tool per rimuoverlo..e questo mi ha detto che nn ha trovato sgrunt nel pc... :-?

ora.. nn avevo vistosi problemi al pc, se nn il fatto che era un pò lentino.. ma dopo qualche giorno che provavo queste varie soluzioni.. è successa un'altra cosa, anche se nn sono sicurissima che sia causata da virus o simili:
ho una connessione adsl dial up che funziona correttamente.. posso connettermi e visitare tutti i siti tranquillamente, ma nn riesco più a visualizzare lo stato della connessione (andando in risorse di rete->visualizza connessioni di rete->tasto destro sulla connessione->"stato") nè appare più l'icona nell'area di norifica che mi avvisi dell'avvenuta connessione...

nn capisco a questo punto da cosa siano provocati questi problemi e come mandar via win32.agen.xv e sgrunt.. se effettivamente sono nel pc
spero che possiate aiutarmi.. :cry:

grazie in anticipo
rirù
Newbie
 
Post: 5
Iscritto il: 20/01/07 00:37

Sponsor
 

Postdi Luke57 » 21/01/07 10:57

Ciao, prova a verificare il tuo sistema con hijackthis, da qui
http://www.majorgeeks.com/download3155.html

Estrai il contenuto del file .zip n una cartella permanente appositamente creata, per esempio C:\HJT, non cartelle temporanee come Desktop oppure C:\Windows\temp. Nella cartella permanente il programma crea una cartella di backup delle voci eventualmente rimosse.
Chiudi tutte le applicazioni aperte
Avvia HiJackThis con doppio click sull'eseguibile (hijackthis.exe)
Clicca su DO A SYSTEM SCAN AND SAVE LOGFILE
Attendi che finisca la scansione e che si apra in automatico un foglio di blocco note scritto
di blocco note:
Incollate il contenuto in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi rirù » 21/01/07 14:59

Ciao, grazie per avermi risposto,
questo è il log di hijackthis:


Logfile of HijackThis v1.99.1
Scan saved at 14.53.52, on 21/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\PC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IPPDetect] IPP4Detect.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [E06IXLRD_2115828] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9315910203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B84487E0-7E53-4658-BDF1-265859A673E3}: NameServer = 85.37.17.39 151.99.125.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe


la situazione tra l'altro è peggiorata perchè dal desktop sono sparite le icone e la barra delle applicazioni, praticamente devo fare tutto da esegui di task manager, il virus deve aver attaccato explorer.

forse la soluzione è formattare?
rirù
Newbie
 
Post: 5
Iscritto il: 20/01/07 00:37

Postdi Luke57 » 21/01/07 15:12

Ciao, nel log di hiajckthis non appare niente.
Se qualcosa ha modificato il desktop, proviamo con smitfraudfix da qui:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Clicca con il tasto dx del mouse sulla cartella Smitfraudfix.io e nel menu che compare su Estrai tutto. Indica una cartella permanente su cui estrarre i file. >Avanti>Visualizza i file estratti>Fine.
Clicca due volte sulla cartella Smitfraudfix e poi su Smitfraud.cmd (o Smitfraudfix se le estensioni dei file non sono visibili) nella cartella successiva.Premi un tasto per continuare e nella schermata successiva scrivi 1 per indicare il comando Search e poi premi il tasto Invio.Al temine delle operazioni ti appare un messaggio di riepilogo in cui potrai vedere se ha trovato qualcosa.

Riparti in modalità provvisoria:
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Apri di nuovo il programma Smitfraudfix, clicchi su un pulsante per continuare e nella seconda schermata selezioni l’opzione 2 Clean<safe mode raccomanded> e poi Invio per iniziare le operazioni.Il programma chiede se intendiamo ripulire il registro: rispondi di sì premendo la lettera Y (yes) e poi Invio.Al termine salva il rapporto di scansione e allegalo nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi rirù » 21/01/07 18:27

rieccomi..
con un pò di fatica ho fatto quello che mi hai consigliato, spero di aver fatto tutto correttamente, ma cmq le cose nn sono cambiate.. i problemi rimangono uguali :-?

Posto ugualmente il risultato di smitfraudfix:

SmitFraudFix v2.133

Scan done at 18.12.25,96, 21/01/2007
Run from C:\Documents and Settings\PC\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


grazie, a presto
rirù
Newbie
 
Post: 5
Iscritto il: 20/01/07 00:37

Postdi Luke57 » 21/01/07 19:41

Ciao, proviamo a fare un controllo in più:
scarica Gmer da qui:
http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe, con tutte le altre applicazioni chiuse.
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, spunta la casella ADS e la casella files , fai uno Scan completo. Al termine clicca Copy e incolla il report in un file di testo.
Ritorna su Gmer, premi il tab Autostart (non spuntare la casella show all) e premi Scan. Al termine click su Copy e incolla il report nel medesimo foglio di testo.
Poi, copia e incolla i due report in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi rirù » 22/01/07 19:52

Ciao, ecco qui i log di gmer...


GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-22 19:46:25
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
CCALib8 /*Canon Camera Access Library 8*/@ = C:\Programmi\Canon\CAL\CALMAIN.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@DAEMON Tools-1033"C:\Programmi\D-Tools\daemon.exe" -lang 1033 = "C:\Programmi\D-Tools\daemon.exe" -lang 1033
@CnxDslTaskBar"C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe" = "C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe"
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@SoundMAXPnPC:\Programmi\Analog Devices\Core\smax4pnp.exe = C:\Programmi\Analog Devices\Core\smax4pnp.exe
@SoundMAX"C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray = "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
@nwiznwiz.exe /install = nwiz.exe /install
@NWEReboot /*file not found*/ = /*file not found*/
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@IPPDetectIPP4Detect.exe /*file not found*/ = IPP4Detect.exe /*file not found*/
@High Definition Audio Property Page ShortcutHDAShCut.exe = HDAShCut.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@EPSON Stylus DX3800 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MessengerPlus3"C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart = "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
@E06IXLRD_2115828"C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m = "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/(null) =
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/D:\WINZIP\WZSHLSTB.DLL = D:\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/D:\WINZIP\WZSHLSTB.DLL = D:\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/D:\WINZIP\WZSHLSTB.DLL = D:\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/D:\WINZIP\WZSHLSTB.DLL = D:\WINZIP\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
EPPShellEx@{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78} = C:\Programmi\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\WINZIP\WZSHLSTB.DLL
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\ssflwbox.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

---- EOF - GMER 1.0.12 ----



ma io nn ci capisco nulla :-?
dimmi tu...
grazie mille ;)
rirù
Newbie
 
Post: 5
Iscritto il: 20/01/07 00:37

Postdi rirù » 22/01/07 19:54

scusa mi sono accorta di aver postato solo il risultato dell'autostart..
ecco qui l'altro:


GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-22 19:42:55
Windows 5.1.2600 Service Pack 2


---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:DFC5A2B2
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\lagatta74@libero.it\SharingMetadata\liliana.latona@hotmail.it\DFSR\Staging\CS{64C63D0B-86E5-28C4-A85A-EBD923075686}\01\10-{64C63D0B-86E5-28C4-A85A-EBD923075686}-v1-{538E03AC-9072-48C3-85F3-E4F27C451002}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\liliana.latona@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{64C63D0B-86E5-28C4-A85A-EBD923075686}\01\16-{64C63D0B-86E5-28C4-A85A-EBD923075686}-v1-{E0899F5B-B5C6-4094-A236-C3F7762A662C}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\liliana.latona@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{64C63D0B-86E5-28C4-A85A-EBD923075686}\48\48-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v48-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\liliana.latona@hotmail.it\SharingMetadata\mad.mike@hotmail.it\DFSR\Staging\CS{E934031E-3710-43DD-2285-6EA24F6947CE}\01\17-{E934031E-3710-43DD-2285-6EA24F6947CE}-v1-{E0899F5B-B5C6-4094-A236-C3F7762A662C}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\liliana.latona@hotmail.it\SharingMetadata\rita.vizz@hotmail.it\DFSR\Staging\CS{EB48E0A8-BBF4-B115-7D24-00C14EEF135D}\01\14-{EB48E0A8-BBF4-B115-7D24-00C14EEF135D}-v1-{E0899F5B-B5C6-4094-A236-C3F7762A662C}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\liliana.latona@hotmail.it\SharingMetadata\rita.vizz@hotmail.it\DFSR\Staging\CS{EB48E0A8-BBF4-B115-7D24-00C14EEF135D}\11\11-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v11-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\01\18-{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}-v1-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\12\12-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v12-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\13\13-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v13-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\14\14-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v14-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\15\15-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v15-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\16\16-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v16-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\17\17-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v17-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\18\18-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v18-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\19\19-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v19-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\19\19-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v19-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\19\19-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v19-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\20\20-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v20-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\20\20-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v20-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\20\20-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v20-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\20\20-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v20-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\21\21-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v21-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\21\21-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v21-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\21\21-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v21-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\22\22-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v22-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\22\22-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v22-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\22\22-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v22-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\23\23-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v23-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\23\23-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v23-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\23\23-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v23-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\24\24-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v24-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\24\24-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v24-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\25\25-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v25-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\25\25-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v25-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\26\26-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v26-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\26\26-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v26-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\29\29-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v29-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\29\29-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v29-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\32\32-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v32-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\32\32-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v32-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\35\35-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v35-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\35\35-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v35-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\36\38-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v36-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\38\38-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v38-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\38\38-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v38-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\40\42-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v40-{5E4D2947-B527-4F36-89B4-109A7EA27501}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\41\41-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v41-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\41\41-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v41-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\44\44-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v44-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\44\44-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v44-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\49\49-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v49-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\49\49-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v49-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\67\67-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v67-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\67\67-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v67-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\75\75-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v75-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v75-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\PC\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\rita.vizz@hotmail.it\SharingMetadata\lagatta74@libero.it\DFSR\Staging\CS{24E7E00B-AE46-E946-8E29-2A444CE5B9F7}\75\75-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v75-{20A631A4-C6B2-480E-A13E-1A27181F146F}-v75-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.12 ----
rirù
Newbie
 
Post: 5
Iscritto il: 20/01/07 00:37


Torna a Sicurezza e Privacy


Topic correlati a "win32.agent e sgrunt?":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27
Trojan Agent e Zbot
Autore: polly76
Forum: Sicurezza e Privacy
Risposte: 39
win32/sinowal.gen!y
Autore: diego78
Forum: Sicurezza e Privacy
Risposte: 15

Chi c’è in linea

Visitano il forum: Nessuno e 40 ospiti