aiutoooooooooooooooooooo

di **maci** » 17/02/14 20:21

AIUTOOOOOOOOO ciao a tutti scusate l'urlo purtroppo ieri mio figlio nel accedere ad un sito per guardare una partita non so cosa abbia fatto ma sta di fatto che si e' spento il pc poi nel riaccenderlo mi ha detto che dei file dell accensione erano rovinati mi ha fatto avviare con una modalita che ha riparato le cose e cosi si e' riacceso poi oggi si e' spento dasolo e non ripartiva neanche con quella modalita di riparazione file ho provato a fare F4 e ho dato ok per ripristino totale convinto che si sistemasse tutto invece mi ha tolto completamente windows 7 (il pc e' stato aquistato con vista e poi lo ho aggiornato trasformandolo in 7) mi ha tolto la possibilita' di fatto di accedere a windows 7 e a tutte le mie cose come cartelle programmi etc si accende solo con vista e non so piu' dove e' finito tutto il resto,PS non sono molto pratico cmq mi avete gia aiutato a risolvere problemi di virus e seguendo le indicazioni il piu chiare possibili spero che mi aiutaiate ad uscire da questo incubo. grazie PACE E BENE.maci
Utente Junior

Post: 24
Iscritto il: 14/01/14 10:00
Messaggio privato

di **FDACCC** » 17/02/14 20:49

"si accende solo con vista"

entra in vista e:
ComboFix: rimuovere le infezioni presenti nel sistema

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
link alternativo: http://www.combofix.org/downloadlink.php
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● clicca due volte sul file ComboFix per avviare l'applicazione
● clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:

"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"

● nel caso di Windows XP, verrà richiesta l' installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer; inoltre potrebbe impostarlo come browser predefinito

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
● se non trovi il Report del programma, clicca Start, Esegui e inserisci questa stringa (infine clicca il pulsante Invio):
cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt

Note - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, prima di avviarlo, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso
● esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette USB, Hard Disk Esterni, Lettori MP3, Schedine SD..) per prevenire future minacce e aumentare la sicurezza del Computer: quando inserisci un dispositivo esterno, dovrai avviarlo "manualmente" dalle Risorse del computer. Se vuoi che il PC torni come prima, comunicalo nel tuo prossimo post
● se ComboFix rileva Bootkit/Rootkit in attività sul tuo sistema, dopo un avviso ti verrà richiesto di riavviare la macchina: acconsenti (al riavvio la macchina potrebbe mostrare una finestra nera per alcuni minuti, è normale)
● se dopo aver eseguito il programma ricevi un qualunque tipo di messaggio riguardo chiavi di registro cancellate, riavvia la macchina e il problema scomparirà (le chiavi di registro non verranno cancellate, tranquillo)

di **maci** » 18/02/14 08:07

ma dopo questo passaggio posso recuperare il pc come era prima con windows 7 e tutti i miei file certelle etc?

di **FDACCC** » 18/02/14 13:48

E' quello che vedremo alla fine di questo topic, se metterai in pratica quanto ti dico.
Prima dobbiamo eliminare l'infezione.
Altrimenti siamo punto e a capo.

di **maci** » 18/02/14 21:20

scusami l'attesa ho trovato il cd per installare windows 7 perche vista mi complica troppo la vita domani mattina vedo di seguire le tue istruzioni se trovo difficolta ti faccio sapere e poi aspetto ulteriori consegne ti chiedo solo molta chiarezza perche non sono un fenomeno visto cio' che ho combinato lo avrai capito , intanto grazie

di **maci** » 19/02/14 18:38

ho dovuto disinstallare avira e malware bittes perche' non sapevo come disattivarli per non dare fastidio al programma che mi hai fatto aprire ora ti allego il report abbi tComboFix 14-02-19.01 - colors 19/02/2014 17:55:15.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.2009.1048 [GMT 1:00]
Eseguito da: c:\users\colors\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJ7TKW1D\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp\2.1\DisVUn.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco\2.1\n6P.js
c:\users\colors\AppData\Local\lollipop
c:\users\colors\AppData\Local\Microsoft\Windows\Temporary Internet Files\crimsolite_iels
c:\users\colors\AppData\Roaming\okitspace
c:\users\colors\AppData\Roaming\okitspace\Chrome\OKitSpace.crx
c:\users\colors\AppData\Roaming\okitspace\Chrome\OKitSpace.pem
c:\users\colors\AppData\Roaming\okitspace\Chrome\tempCRX\background.js
c:\users\colors\AppData\Roaming\okitspace\Chrome\tempCRX\images\okitspace-19x19.png
c:\users\colors\AppData\Roaming\okitspace\Chrome\tempCRX\images\okitspace-48x48.png
c:\users\colors\AppData\Roaming\okitspace\Chrome\tempCRX\manifest.json
c:\users\colors\AppData\Roaming\okitspace\IE\config
c:\users\colors\AppData\Roaming\okitspace\IE\OkitSpace.dll
c:\users\colors\AppData\Roaming\okitspace\protect\config.xml
c:\users\colors\AppData\Roaming\okitspace\protect\files\crxID
c:\users\colors\AppData\Roaming\okitspace\protect\files\OKitSpace.crx
c:\users\colors\AppData\Roaming\okitspace\protect\files\OKitSpace.crx.zip
c:\users\colors\AppData\Roaming\okitspace\protect\files\OKitSpace.dll
c:\users\colors\AppData\Roaming\okitspace\protect\files\OKitSpace.pem
c:\users\colors\AppData\Roaming\okitspace\protect\files\OKitSpace.xpi
c:\users\colors\AppData\Roaming\okitspace\protect\files\version
c:\users\colors\AppData\Roaming\okitspace\protect\Interop.Shell32.dll
c:\users\colors\AppData\Roaming\okitspace\protect\Newtonsoft.Json.dll
c:\users\colors\AppData\Roaming\okitspace\protect\PluginProtect.exe
c:\users\colors\AppData\Roaming\okitspace\protect\sqlite3.exe
c:\users\colors\AppData\Roaming\okitspace\protect\utilsDll.dll
c:\users\colors\AppData\Roaming\okitspace\uninstallkit.exe
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp\2.1\DisVUn.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldccefpmmdbpfinbkekhfeeolblkekp\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgpnapbkhgghccokiecnilpoedcigco\2.1\n6P.js
c:\windows\Tasks\couponsupport-S-649636217.job
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srvPlgProtect
-------\Service_SrvUpdater
.
.
((((((((((((((((((((((((( Files Creati Da 2014-01-19 al 2014-02-19 )))))))))))))))))))))))))))))))))))
.
.
2014-02-19 14:02 . 2014-02-19 14:02 -------- d-----w- c:\programdata\Malwarebytes
2014-02-19 12:07 . 2014-02-19 12:07 -------- d-----w- c:\programdata\APN
2014-02-19 11:19 . 2014-02-19 11:19 -------- d-----w- c:\program files\Microsoft.NET
2014-02-19 11:18 . 2014-02-19 11:37 -------- d-----w- c:\programdata\Package Cache
2014-02-19 11:17 . 2014-02-19 11:17 -------- d-----w- c:\program files\SoftwareUpdater
2014-02-19 10:52 . 2014-02-19 10:53 -------- d-----w- c:\program files\Google
2014-02-19 10:36 . 2014-02-19 10:36 -------- d-----w- c:\windows\system32\wbem\en-US
2014-02-19 10:36 . 2014-02-19 10:36 -------- d-----w- c:\windows\system32\Wat
2014-02-19 08:07 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll
2014-02-19 08:07 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-02-19 08:04 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2014-02-19 07:54 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-02-19 07:54 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2014-02-19 07:54 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2014-02-19 07:54 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2014-02-19 07:54 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-02-19 07:23 . 2014-02-19 07:25 -------- d-----w- c:\windows\system32\MRT
2014-02-19 07:22 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-02-19 07:22 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-02-19 07:22 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-02-19 07:21 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-02-19 07:21 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-02-19 07:21 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-02-19 07:21 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-02-19 07:21 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-02-19 07:21 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-02-19 07:21 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-02-19 07:19 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-02-19 07:19 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2014-02-19 07:19 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2014-02-19 07:16 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2014-02-19 07:11 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2014-02-19 07:11 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2014-02-19 07:10 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2014-02-19 07:08 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2014-02-19 07:08 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2014-02-19 07:08 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2014-02-19 07:08 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2014-02-19 07:08 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2014-02-19 07:06 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll
2014-02-19 07:05 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2014-02-19 07:01 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2014-02-19 07:01 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2014-02-19 07:01 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2014-02-19 07:01 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
2014-02-19 07:01 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2014-02-19 07:01 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
2014-02-19 07:00 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\system32\DWrite.dll
2014-02-19 07:00 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-19 07:00 . 2012-03-03 05:40 739840 ----a-w- c:\windows\system32\d2d1.dll
2014-02-19 07:00 . 2012-03-03 05:40 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-02-19 07:00 . 2012-03-03 05:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-02-19 06:58 . 2010-11-02 04:36 801792 ----a-w- c:\windows\system32\FntCache.dll
2014-02-19 06:58 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2014-02-19 06:58 . 2010-11-02 04:41 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2014-02-19 06:58 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2014-02-19 06:58 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-02-19 06:58 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2014-02-19 06:58 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-02-19 06:56 . 2012-11-20 05:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2014-02-19 06:55 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2014-02-19 06:55 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2014-02-19 06:55 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2014-02-19 06:55 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
2014-02-19 06:55 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
2014-02-19 06:55 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2014-02-19 06:55 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2014-02-19 06:55 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
2014-02-19 06:55 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2014-02-19 06:53 . 2012-03-17 07:20 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2014-02-19 06:53 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-02-18 20:14 . 2014-02-18 20:14 -------- d-----w- c:\programdata\UDL
2014-02-18 20:10 . 2014-02-18 20:10 -------- d-----w- c:\program files\Common Files\EPSON
2014-02-18 20:07 . 2014-02-18 20:13 -------- d-----w- c:\program files\Epson Software
2014-02-18 20:06 . 2012-11-12 19:41 458310 ----a-w- c:\windows\system32\ensppui.dll
2014-02-18 20:06 . 2012-11-12 19:41 458310 ----a-w- c:\windows\system32\enppui.dll
2014-02-18 20:06 . 2012-11-12 14:15 476027 ----a-w- c:\windows\system32\ensppmon.dll
2014-02-18 20:06 . 2012-11-12 14:15 476027 ----a-w- c:\windows\system32\enppmon.dll
2014-02-18 20:06 . 2012-10-22 16:19 218112 ----a-w- c:\windows\system32\enspres.dll
2014-02-18 20:06 . 2012-10-22 16:19 218112 ----a-w- c:\windows\system32\enpres.dll
2014-02-18 20:06 . 2014-02-18 20:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-02-18 20:06 . 2014-02-18 20:06 -------- d-----w- c:\program files\EpsonNet
2014-02-18 20:06 . 2012-07-23 23:00 342016 ----a-w- c:\windows\system32\esw2ud.dll
2014-02-18 20:06 . 2011-12-11 23:00 122000 ----a-w- c:\windows\system32\escsvc.exe
2014-02-18 20:06 . 2014-02-18 20:08 -------- d-----w- c:\program files\epson
2014-02-18 20:05 . 2007-04-10 00:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2014-02-18 20:05 . 2011-04-19 02:03 95232 ----a-w- c:\windows\system32\E_TLBIWE.DLL
2014-02-18 20:05 . 2011-03-14 02:03 81408 ----a-w- c:\windows\system32\E_TD4BIWE.DLL
2014-02-18 20:04 . 2014-02-18 20:14 -------- d-----w- c:\programdata\EPSON
2014-02-18 19:55 . 2014-02-18 19:55 -------- d-----w- c:\program files\OpenOffice 4
2014-02-18 19:42 . 2014-02-18 19:44 -------- d-----w- c:\programdata\IePluginService
2014-02-18 19:42 . 2014-02-18 19:42 -------- d-----w- c:\program files\SupTab
2014-02-18 19:42 . 2014-02-18 19:44 -------- d-----w- c:\programdata\WPM
2014-02-18 19:41 . 2014-02-18 19:43 -------- d-----w- c:\program files\HiDefMedia
2014-02-18 19:38 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2014-02-18 19:38 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-02-18 19:37 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2014-02-18 19:33 . 2014-02-19 12:20 -------- d-----w- C:\Support
2014-02-18 19:33 . 2014-02-19 16:50 -------- d-----w- c:\program files\Supporter
2014-02-18 19:33 . 2014-02-18 19:57 -------- d-----w- c:\programdata\SaveClicker
2014-02-18 19:33 . 2014-02-18 19:46 -------- d-----w- c:\programdata\1adde57018183b33
2014-02-18 19:33 . 2014-02-18 19:46 -------- d-----w- c:\program files\SaveClicker
2014-02-18 19:33 . 2014-02-18 19:33 -------- d-----w- c:\users\Administrator
2014-02-18 17:02 . 2014-02-18 08:21 -------- d-----w- c:\windows\Panther
2014-02-18 16:54 . 2014-02-18 16:54 -------- d-----w- C:\Windows.old
2014-02-18 12:30 . 2014-02-18 12:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-18 12:30 . 2014-02-18 12:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-18 12:30 . 2014-02-18 12:30 -------- d-----w- c:\windows\system32\Macromed
2014-02-18 09:08 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3535E3F6-2534-4529-8A78-78A55C673A29}\mpengine.dll
2014-02-18 09:07 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-02-18 09:07 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-02-18 09:07 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-02-18 09:07 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-02-18 09:07 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-02-18 09:07 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-02-18 09:07 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-02-18 09:06 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-02-18 09:06 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-02-18 09:02 . 2014-02-18 09:02 -------- d-----w- c:\programdata\Vodafone
2014-02-18 09:02 . 2014-02-18 09:02 -------- d-----w- c:\programdata\FLEXnet
2014-02-18 09:02 . 2014-02-18 09:02 -------- d-----w- c:\program files\Vodafone
2014-02-18 09:01 . 2014-02-19 16:51 -------- d-sh--w- c:\windows\Installer
2014-02-18 08:31 . 2014-02-18 18:11 -------- d-----w- c:\programdata\WinClon
2014-02-18 08:31 . 2014-02-18 08:31 -------- d-----w- c:\programdata\SiteAdvisor
2014-02-18 08:31 . 2014-02-18 08:31 -------- d-----w- c:\programdata\McAfee
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIIWE.EXE" [2012-02-27 249440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-04-03 502912]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-04-03 863360]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 40030ae4;Supporter;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 Update crimsolite;Update crimsolite;c:\program files\crimsolite\updatecrimsolite.exe [x]
R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [2010-09-01 67584]
R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [2010-09-01 79360]
R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys [2010-09-01 9728]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 61952]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2014-02-19 1343400]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [2012-02-27 142432]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-11 122000]
S2 VmbService;Servizio Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216]
S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-19 10:53 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-18 12:30]
.
2014-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-19 10:52]
.
2014-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-19 10:52]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://msn.it/
mStart Page = hxxp://www.awesomehp.com/?type=hp&ts=13 ... XX5VC95GFK
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8AB96269-4154-4286-8A24-8AC111F6F354}: NameServer = 83.224.66.138 83.224.70.94
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
AddRemove-S-649636217 - c:\support\couponsupport.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4} - c:\progra~1\SUPPOR~1\SUPPOR~1.DLL
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Ora fine scansione: 2014-02-19 18:07:45 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-02-19 17:07
.
Pre-Run: 84.611.477.504 byte disponibili
Post-Run: 84.859.428.864 byte disponibili
.
- - End Of File - - C27DD365F559690E241FEE8DC321A048
61A349592C4728853F4A90FF78F7628E
anta pazienza e grazie per ora

di **maci** » 19/02/14 19:04

intanto che aspetto risposta ho scaricato dinuovo avitra perche mi diceva che navigavo a rischio resto in attesa delle tue istruzioni per proseguire oggi la scansione di avira mi ha segnalato 2 virus e malwere bittes mi continuava a segnalare poput a ripetizione ora lo ho disinstallato e poi mi si e' messo un browser predefinito che non riesco a toglire e mi sta dando fastidio abbi pazienza e se riesci aiutami ad uscire da tutto questo casino grazie mille .PACE E BENE.

di **maci** » 19/02/14 19:07

eazel search

di **maci** » 20/02/14 12:46

scusami il disturbo avendo reinstallato windows7 ho seguito i suggerimenti di pulizia che mi hanno dato i tuoi colleghi seguendo il post messo su virus, ti rinrazio del tempo che mi hai dedicato se puoi fammi sapere come recuperare i file e le certelle che non trovo piu' ,alcune sono tornate altre no ciao e grazie.

di **FDACCC** » 20/02/14 14:24

Non prendere iniziative personali, altrimenti prolunghiamo solo la bonifica.

ComboFix: Script personalizzato

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:

Driver::
40030ae4
Update crimsolite

File::
c:\program files\crimsolite\updatecrimsolite.exe

● chiama questo file CFScript.txt, e posizionalo sul Desktop, affianco a ComboFix - se ComboFix non fosse sul Desktop provvedi a spostarlo li-

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

Immagine

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi
N.B :
● se viene visualizzato l'errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione, dovrai semplicemente riavviare il sistema e ripetere lo Script

Quindi;
Scarica AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/
● salva il file sul Desktop
● clicca sull'icona di AdwCleaner
● clicca sul pulsante Cerca
● attendi pazientemente il termine della scansione
● clicca sul pulsante Elimina e conferma cliccando OK
● prosegui cliccando OK per altre due volte: il sistema si riavvierà automaticamente
● allega il log che compare al riavvio

Scarica Junkware Removal Tool: http://www.bleepingcomputer.com/downloa ... oval-tool/
● salva il file sul Desktop
● clicca sull'icona di JRT e attendi pazientemente la fine della scansione
● se rileva minacce, verrà richiesto un riavvio: premi Y
● una volta riavviato, dovrebbe aprirsi il log sul desktop come JRT.txt
● allega il log che compare al riavvio

Non navigare su Internet a parte su questa pagina, anzi, se puoi naviga da un altro PC per visualizzare questa pagina.

di **maci** » 20/02/14 19:22

ti invio il report di cobofix mi e' partito dasolo
ComboFix 14-02-20.01 - colors 20/02/2014 18:46:54.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.2009.1159 [GMT 1:00]
Eseguito da: c:\users\colors\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L701VQEW\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2014-01-20 al 2014-02-20 )))))))))))))))))))))))))))))))))))
.
.
2014-02-20 17:53 . 2014-02-20 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-20 11:22 . 2014-02-20 11:22 -------- d-----w- c:\program files\CCleaner
2014-02-20 09:59 . 2014-02-20 10:01 -------- d-----w- C:\AdwCleaner
2014-02-20 09:48 . 2014-02-20 09:48 -------- d-----w- C:\_OTL
2014-02-20 09:32 . 2014-02-20 09:32 -------- d-----w- c:\program files\PDF24
2014-02-20 09:26 . 2014-02-20 09:26 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-02-20 09:26 . 2014-02-20 09:26 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-02-19 22:23 . 2014-02-19 22:23 -------- d-----w- c:\windows\system32\SPReview
2014-02-19 22:22 . 2014-02-19 22:22 -------- d-----w- c:\windows\system32\EventProviders
2014-02-19 19:05 . 2014-02-19 19:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 19:05 . 2014-02-19 19:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-19 19:03 . 2014-02-19 19:03 -------- d-----w- c:\program files\Common Files\Adobe
2014-02-19 17:57 . 2014-02-19 17:57 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-02-19 17:57 . 2014-02-19 17:57 -------- d-----w- c:\program files\VNT
2014-02-19 17:57 . 2014-02-19 17:57 -------- d-----w- c:\program files\AskPartnerNetwork
2014-02-19 17:54 . 2013-12-13 14:04 69240 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-02-19 17:54 . 2013-12-13 14:04 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-19 17:54 . 2013-12-13 14:04 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-19 17:54 . 2013-12-13 14:04 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-19 17:54 . 2014-02-19 17:54 -------- d-----w- c:\programdata\Avira
2014-02-19 17:54 . 2014-02-19 17:54 -------- d-----w- c:\program files\Avira
2014-02-19 17:44 . 2014-02-19 17:44 -------- d-----w- C:\OETemp
2014-02-19 17:00 . 2014-02-19 17:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3535E3F6-2534-4529-8A78-78A55C673A29}\offreg.dll
2014-02-19 15:35 . 2010-11-20 12:24 508904 ----a-w- c:\windows\system32\winload.exe
2014-02-19 15:34 . 2010-11-20 12:21 11264 ----a-w- c:\windows\system32\wshirda.dll
2014-02-19 14:02 . 2014-02-19 14:02 -------- d-----w- c:\programdata\Malwarebytes
2014-02-19 12:07 . 2014-02-19 12:07 -------- d-----w- c:\programdata\APN
2014-02-19 11:19 . 2014-02-19 11:19 -------- d-----w- c:\program files\Microsoft.NET
2014-02-19 11:18 . 2014-02-19 11:37 -------- d-----w- c:\programdata\Package Cache
2014-02-19 10:52 . 2014-02-19 19:38 -------- d-----w- c:\program files\Google
2014-02-19 10:36 . 2014-02-19 10:36 -------- d-----w- c:\windows\system32\wbem\en-US
2014-02-19 10:36 . 2014-02-19 10:36 -------- d-----w- c:\windows\system32\Wat
2014-02-19 08:07 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2014-02-19 08:07 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-02-19 08:07 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2014-02-19 07:23 . 2014-02-19 07:25 -------- d-----w- c:\windows\system32\MRT
2014-02-19 07:22 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-02-19 07:22 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-02-19 07:22 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-02-19 07:21 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-02-19 07:21 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-02-19 07:21 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-02-19 07:21 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-02-19 07:21 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-02-19 07:21 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-02-19 07:21 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-02-19 07:19 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-02-19 07:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-02-19 07:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2014-02-19 07:16 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2014-02-19 07:06 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2014-02-19 07:05 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-02-19 07:01 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2014-02-19 07:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2014-02-19 06:58 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-02-19 06:56 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-02-19 06:55 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2014-02-19 06:53 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2014-02-19 06:53 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-02-19 06:53 . 2010-11-20 12:18 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-02-19 06:53 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-02-18 20:14 . 2014-02-18 20:14 -------- d-----w- c:\programdata\UDL
2014-02-18 20:10 . 2014-02-18 20:10 -------- d-----w- c:\program files\Common Files\EPSON
2014-02-18 20:07 . 2014-02-18 20:13 -------- d-----w- c:\program files\Epson Software
2014-02-18 20:06 . 2012-11-12 19:41 458310 ----a-w- c:\windows\system32\ensppui.dll
2014-02-18 20:06 . 2012-11-12 19:41 458310 ----a-w- c:\windows\system32\enppui.dll
2014-02-18 20:06 . 2012-11-12 14:15 476027 ----a-w- c:\windows\system32\ensppmon.dll
2014-02-18 20:06 . 2012-11-12 14:15 476027 ----a-w- c:\windows\system32\enppmon.dll
2014-02-18 20:06 . 2012-10-22 16:19 218112 ----a-w- c:\windows\system32\enspres.dll
2014-02-18 20:06 . 2012-10-22 16:19 218112 ----a-w- c:\windows\system32\enpres.dll
2014-02-18 20:06 . 2014-02-18 20:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-02-18 20:06 . 2014-02-18 20:06 -------- d-----w- c:\program files\EpsonNet
2014-02-18 20:06 . 2012-07-23 23:00 342016 ----a-w- c:\windows\system32\esw2ud.dll
2014-02-18 20:06 . 2011-12-11 23:00 122000 ----a-w- c:\windows\system32\escsvc.exe
2014-02-18 20:06 . 2014-02-18 20:08 -------- d-----w- c:\program files\epson
2014-02-18 20:05 . 2007-04-10 00:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2014-02-18 20:05 . 2011-04-19 02:03 95232 ----a-w- c:\windows\system32\E_TLBIWE.DLL
2014-02-18 20:05 . 2011-03-14 02:03 81408 ----a-w- c:\windows\system32\E_TD4BIWE.DLL
2014-02-18 20:04 . 2014-02-18 20:14 -------- d-----w- c:\programdata\EPSON
2014-02-18 19:55 . 2014-02-18 19:55 -------- d-----w- c:\program files\OpenOffice 4
2014-02-18 19:41 . 2014-02-18 19:43 -------- d-----w- c:\program files\HiDefMedia
2014-02-18 19:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-02-18 19:38 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-02-18 19:38 . 2010-11-20 10:21 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2014-02-18 19:33 . 2014-02-19 12:20 -------- d-----w- C:\Support
2014-02-18 19:33 . 2014-02-19 16:50 -------- d-----w- c:\program files\Supporter
2014-02-18 19:33 . 2014-02-18 19:46 -------- d-----w- c:\programdata\1adde57018183b33
2014-02-18 19:33 . 2014-02-18 19:33 -------- d-----w- c:\users\Administrator
2014-02-18 17:02 . 2014-02-20 11:24 -------- d-----w- c:\windows\Panther
2014-02-18 16:54 . 2014-02-18 16:54 -------- d-----w- C:\Windows.old
2014-02-18 12:30 . 2014-02-18 12:30 -------- d-----w- c:\windows\system32\Macromed
2014-02-18 09:08 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3535E3F6-2534-4529-8A78-78A55C673A29}\mpengine.dll
2014-02-18 09:07 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-02-18 09:07 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-02-18 09:07 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-02-18 09:07 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-02-18 09:07 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-02-18 09:07 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-02-18 09:07 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-02-18 09:06 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-02-18 09:06 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-02-18 09:02 . 2014-02-18 09:02 -------- d-----w- c:\programdata\Vodafone
2014-02-18 09:02 . 2014-02-18 09:02 -------- d-----w- c:\programdata\FLEXnet
2014-02-18 09:02 . 2014-02-18 09:02 -------- d-----w- c:\program files\Vodafone
2014-02-18 09:01 . 2014-02-19 22:36 -------- d-sh--w- c:\windows\Installer
2014-02-18 08:31 . 2014-02-18 18:11 -------- d-----w- c:\programdata\WinClon
2014-02-18 08:31 . 2014-02-18 08:31 -------- d-----w- c:\programdata\SiteAdvisor
2014-02-18 08:31 . 2014-02-18 08:31 -------- d-----w- c:\programdata\McAfee
2014-02-18 08:30 . 2014-02-20 11:33 -------- d-----w- c:\windows\system32\wbem\Performance
2014-02-18 08:25 . 2014-02-18 08:25 -------- d-----w- c:\users\Guest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 06:31 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2013-12-20 21:02 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIIWE.EXE" [2012-02-27 249440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-04-03 502912]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-04-03 863360]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-13 684600]
"VNT"="c:\program files\VNT\vntldr.exe" [2013-12-20 202192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2014-02-06 189480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-02-19 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 40030ae4;Supporter;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [2010-09-01 67584]
R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [2010-09-01 79360]
R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys [2010-09-01 9728]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 61952]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2014-02-19 1343400]
R4 APNMCP;Servizio di aggiornamento Ask;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-12-20 166352]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-13 37352]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-12-13 440376]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2013-12-13 1011768]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-12-13 69240]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [2012-02-27 142432]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-11 122000]
S2 VmbService;Servizio Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216]
S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-19 19:05]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://msn.it/
mStart Page =
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8AB96269-4154-4286-8A24-8AC111F6F354}: NameServer = 83.224.66.138 83.224.70.94
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-02-20 18:55:30
ComboFix-quarantined-files.txt 2014-02-20 17:55
ComboFix2.txt 2014-02-19 17:07
.
Pre-Run: 106.000.486.400 byte disponibili
Post-Run: 105.969.766.400 byte disponibili
.
- - End Of File - - 5B1B3429CF8CCCCAAA62A69F64F5D7B0
61A349592C4728853F4A90FF78F7628E

di **maci** » 20/02/14 19:29

no scusa ora ho capito bene la procedura la faccio e ti invio il nuovo report perdonami ma faccio fatica ok.

di **maci** » 20/02/14 19:49

ecco il report eseguito con le tue indicazioni
ComboFix 14-02-20.01 - colors 20/02/2014 19:31:26.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.2009.1033 [GMT 1:00]
Eseguito da: c:\users\colors\Downloads\ComboFix.exe
Opzioni usate :: c:\users\colors\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\crimsolite\updatecrimsolite.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_40030ae4
.
.
((((((((((((((((((((((((( Files Creati Da 2014-01-20 al 2014-02-20 )))))))))))))))))))))))))))))))))))
.
.
2014-02-20 18:37 . 2014-02-20 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-20 11:22 . 2014-02-20 11:22 -------- d-----w- c:\program files\CCleaner
2014-02-20 09:59 . 2014-02-20 10:01 -------- d-----w- C:\AdwCleaner
2014-02-20 09:48 . 2014-02-20 09:48 -------- d-----w- C:\_OTL
2014-02-20 09:32 . 2014-02-20 09:32 -------- d-----w- c:\program files\PDF24
2014-02-20 09:26 . 2014-02-20 09:26 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-02-20 09:26 . 2014-02-20 09:26 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-02-19 22:23 . 2014-02-19 22:23 -------- d-----w- c:\windows\system32\SPReview
2014-02-19 22:22 . 2014-02-19 22:22 -------- d-----w- c:\windows\system32\EventProviders
2014-02-19 19:05 . 2014-02-19 19:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 19:05 . 2014-02-19 19:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-19 19:03 . 2014-02-19 19:03 -------- d-----w- c:\program files\Common Files\Adobe
2014-02-19 17:57 . 2014-02-19 17:57 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-02-19 17:57 . 2014-02-19 17:57 -------- d-----w- c:\program files\VNT
2014-02-19 17:57 . 2014-02-19 17:57 -------- d-----w- c:\program files\AskPartnerNetwork
2014-02-19 17:54 . 2013-12-13 14:04 69240 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-02-19 17:54 . 2013-12-13 14:04 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-19 17:54 . 2013-12-13 14:04 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-19 17:54 . 2013-12-13 14:04 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-19 17:54 . 2014-02-19 17:54 -------- d-----w- c:\programdata\Avira
2014-02-19 17:54 . 2014-02-19 17:54 -------- d-----w- c:\program files\Avira
2014-02-19 17:44 . 2014-02-19 17:44 -------- d-----w- C:\OETemp
2014-02-19 17:00 . 2014-02-19 17:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3535E3F6-2534-4529-8A78-78A55C673A29}\offreg.dll
2014-02-19 15:35 . 2010-11-20 12:24 508904 ----a-w- c:\windows\system32\winload.exe
2014-02-19 15:34 . 2010-11-20 12:21 11264 ----a-w- c:\windows\system32\wshirda.dll
2014-02-19 14:02 . 2014-02-19 14:02 -------- d-----w- c:\programdata\Malwarebytes
2014-02-19 12:07 . 2014-02-19 12:07 -------- d-----w- c:\programdata\APN
2014-02-19 11:19 . 2014-02-19 11:19 -------- d-----w- c:\program files\Microsoft.NET
2014-02-19 11:18 . 2014-02-19 11:37 -------- d-----w- c:\programdata\Package Cache
2014-02-19 10:52 . 2014-02-19 19:38 -------- d-----w- c:\program files\Google
2014-02-19 10:36 . 2014-02-19 10:36 -------- d-----w- c:\windows\system32\wbem\en-US
2014-02-19 10:36 . 2014-02-19 10:36 -------- d-----w- c:\windows\system32\Wat
2014-02-19 08:07 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2014-02-19 08:07 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-02-19 08:07 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2014-02-19 07:23 . 2014-02-19 07:25 -------- d-----w- c:\windows\system32\MRT
2014-02-19 07:22 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-02-19 07:22 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-02-19 07:22 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-02-19 07:21 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-02-19 07:21 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-02-19 07:21 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-02-19 07:21 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-02-19 07:21 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-02-19 07:21 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-02-19 07:21 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-02-19 07:19 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-02-19 07:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-02-19 07:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2014-02-19 07:16 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2014-02-19 07:06 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2014-02-19 07:05 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-02-19 07:01 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2014-02-19 07:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2014-02-19 06:58 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-02-19 06:56 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-02-19 06:55 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2014-02-19 06:53 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2014-02-19 06:53 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-02-19 06:53 . 2010-11-20 12:18 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-02-19 06:53 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-02-18 20:14 . 2014-02-18 20:14 -------- d-----w- c:\programdata\UDL
2014-02-18 20:10 . 2014-02-18 20:10 -------- d-----w- c:\program files\Common Files\EPSON
2014-02-18 20:07 . 2014-02-18 20:13 -------- d-----w- c:\program files\Epson Software
2014-02-18 20:06 . 2012-11-12 19:41 458310 ----a-w- c:\windows\system32\ensppui.dll
2014-02-18 20:06 . 2012-11-12 19:41 458310 ----a-w- c:\windows\system32\enppui.dll
2014-02-18 20:06 . 2012-11-12 14:15 476027 ----a-w- c:\windows\system32\ensppmon.dll
2014-02-18 20:06 . 2012-11-12 14:15 476027 ----a-w- c:\windows\system32\enppmon.dll
2014-02-18 20:06 . 2012-10-22 16:19 218112 ----a-w- c:\windows\system32\enspres.dll
2014-02-18 20:06 . 2012-10-22 16:19 218112 ----a-w- c:\windows\system32\enpres.dll
2014-02-18 20:06 . 2014-02-18 20:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-02-18 20:06 . 2014-02-18 20:06 -------- d-----w- c:\program files\EpsonNet
2014-02-18 20:06 . 2012-07-23 23:00 342016 ----a-w- c:\windows\system32\esw2ud.dll
2014-02-18 20:06 . 2011-12-11 23:00 122000 ----a-w- c:\windows\system32\escsvc.exe
2014-02-18 20:06 . 2014-02-18 20:08 -------- d-----w- c:\program files\epson
2014-02-18 20:05 . 2007-04-10 00:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2014-02-18 20:05 . 2011-04-19 02:03 95232 ----a-w- c:\windows\system32\E_TLBIWE.DLL
2014-02-18 20:05 . 2011-03-14 02:03 81408 ----a-w- c:\windows\system32\E_TD4BIWE.DLL
2014-02-18 20:04 . 2014-02-18 20:14 -------- d-----w- c:\programdata\EPSON
2014-02-18 19:55 . 2014-02-18 19:55 -------- d-----w- c:\program files\OpenOffice 4
2014-02-18 19:41 . 2014-02-18 19:43 -------- d-----w- c:\program files\HiDefMedia
2014-02-18 19:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-02-18 19:38 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-02-18 19:38 . 2010-11-20 10:21 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2014-02-18 19:33 . 2014-02-19 12:20 -------- d-----w- C:\Support
2014-02-18 19:33 . 2014-02-19 16:50 -------- d-----w- c:\program files\Supporter
2014-02-18 19:33 . 2014-02-18 19:46 -------- d-----w- c:\programdata\1adde57018183b33
2014-02-18 19:33 . 2014-02-18 19:33 -------- d-----w- c:\users\Administrator
2014-02-18 17:02 . 2014-02-20 11:24 -------- d-----w- c:\windows\Panther
2014-02-18 16:54 . 2014-02-18 16:54 -------- d-----w- C:\Windows.old
2014-02-18 12:30 . 2014-02-18 12:30 -------- d-----w- c:\windows\system32\Macromed
2014-02-18 09:08 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3535E3F6-2534-4529-8A78-78A55C673A29}\mpengine.dll
2014-02-18 09:07 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-02-18 09:07 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-02-18 09:07 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-02-18 09:07 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-02-18 09:07 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-02-18 09:07 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-02-18 09:07 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-02-18 09:06 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-02-18 09:06 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-02-18 09:02 . 2014-02-18 09:02 -------- d-----w- c:\programdata\Vodafone
2014-02-18 09:02 . 2014-02-18 09:02 -------- d-----w- c:\programdata\FLEXnet
2014-02-18 09:02 . 2014-02-18 09:02 -------- d-----w- c:\program files\Vodafone
2014-02-18 09:01 . 2014-02-19 22:36 -------- d-sh--w- c:\windows\Installer
2014-02-18 08:31 . 2014-02-18 18:11 -------- d-----w- c:\programdata\WinClon
2014-02-18 08:31 . 2014-02-18 08:31 -------- d-----w- c:\programdata\SiteAdvisor
2014-02-18 08:31 . 2014-02-18 08:31 -------- d-----w- c:\programdata\McAfee
2014-02-18 08:30 . 2014-02-20 11:33 -------- d-----w- c:\windows\system32\wbem\Performance
2014-02-18 08:25 . 2014-02-18 08:25 -------- d-----w- c:\users\Guest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 06:31 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2013-12-20 21:02 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIIWE.EXE" [2012-02-27 249440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-04-03 502912]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-04-03 863360]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-13 684600]
"VNT"="c:\program files\VNT\vntldr.exe" [2013-12-20 202192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2014-02-06 189480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-02-19 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [2010-09-01 67584]
R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [2010-09-01 79360]
R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys [2010-09-01 9728]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 61952]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2014-02-19 1343400]
R4 APNMCP;Servizio di aggiornamento Ask;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-12-20 166352]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-13 37352]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-12-13 440376]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2013-12-13 1011768]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-12-13 69240]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [2012-02-27 142432]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-11 122000]
S2 VmbService;Servizio Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216]
S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-19 19:05]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://msn.it/
mStart Page =
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8AB96269-4154-4286-8A24-8AC111F6F354}: NameServer = 83.224.66.138 83.224.70.94
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Ora fine scansione: 2014-02-20 19:44:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-02-20 18:44
ComboFix2.txt 2014-02-20 17:55
ComboFix3.txt 2014-02-19 17:07
.
Pre-Run: 106.001.256.448 byte disponibili
Post-Run: 105.605.365.760 byte disponibili
.
- - End Of File - - 28ECD8F4CC67084A312BCE0A0BCCE07E
61A349592C4728853F4A90FF78F7628E

di **maci** » 20/02/14 20:00

# AdwCleaner v3.019 - Report created 20/02/2014 at 19:55:32
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : colors - ALFA
# Running from : C:\Users\colors\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNMD9S6A\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533

-\\ Google Chrome v

[ File : C:\Users\colors\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4093 octets] - [20/02/2014 10:59:38]
AdwCleaner[R1].txt - [936 octets] - [20/02/2014 19:53:18]
AdwCleaner[S0].txt - [3945 octets] - [20/02/2014 11:01:45]
AdwCleaner[S1].txt - [858 octets] - [20/02/2014 19:55:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [917 octets] ##########

di **maci** » 20/02/14 20:05

Sponsored Advertisement

Downloading Junkware Removal Tool ...

Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer. A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue. This tool will help you remove these types of programs.

Thank you for choosing BleepingComputer.com as your download destination. Your download will begin momentarily.

If the download process does not begin automatically, please click here.

Sponsored Products

di **maci** » 20/02/14 20:15

cosa faccio con la procedura Junkware Removal Tool che mi segnala cio che ti ho mandato ma non si scarica?

di **FDACCC** » 21/02/14 14:21

Ok, ComboFix l'hai eseguito bene la seconda volta.
Ti prego di leggere bene prima di mettere in pratica.

Ora esegui Junkware Removal Tool, scaricalo da qui; http://thisisudax.org/downloads/JRT.exe

di **maci** » 21/02/14 14:33

hai ragione scusa ma sono poco esperto,ecco il report
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x86
Ran by colors on 21/02/2014 at 14:25:50,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/02/2014 at 14:31:08,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

di **FDACCC** » 21/02/14 14:47

Ok.
Ora il PC come funziona?
Hai ancora il problema di dover recuperare quelle cartelle e file?

di **maci** » 21/02/14 14:50

il pc mi sembra tutto ok, si se possibile mi piacerebbe vedere di recuperare il piu' possibile,ti ricordo che quando ho riaggiornato da vista a 7 poi qualche cartella e' tornata altre no,se ti va di aiutarmi mi farebbe piacere provarci,grazie di tutto l'aiuto che mi hai dato aspetto tue istruzioni.

aiutoooooooooooooooooooo

aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Re: aiutoooooooooooooooooooo

Topic correlati a "aiutoooooooooooooooooooo":

Chi c’è in linea