virus - non riesco più a connetermi a internet

[kk80]

ciao

devo aver preso un virsu o qualcosa del genere aprendo un programmino da p2p...

prima non riuscivo neache a vedere Task Manager (mi diceva bloccato da amministratore)

poi ho fatto girare un po' di software e adesso almeno quello si vede

vi posto i log di alcuni programmi, penso vi siano utili per capire cosa fare.


Grazie dell'aiuto

----------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/21/2009 at 02:33 PM

Application Version : 4.25.1012

Core Rules Database Version : 3768
Trace Rules Database Version: 1728

Scan type : Quick Scan
Total Scan Time : 00:06:29

Memory items scanned : 411
Memory threats detected : 0
Registry items scanned : 432
Registry threats detected : 0
File items scanned : 6989
File threats detected : 46

Adware.Tracking Cookie
C:\Documents and Settings\casa\Cookies\casa@admanager.trackset[1].txt
C:\Documents and Settings\casa\Cookies\casa@ad.zanox[2].txt
C:\Documents and Settings\casa\Cookies\casa@cgm.adbureau[1].txt
C:\Documents and Settings\casa\Cookies\casa@www.mediaworld[1].txt
C:\Documents and Settings\casa\Cookies\casa@server.cpmstar[1].txt
C:\Documents and Settings\casa\Cookies\casa@arcus.adbureau[2].txt
C:\Documents and Settings\casa\Cookies\casa@tracker.shop[1].txt
C:\Documents and Settings\casa\Cookies\casa@adv.virgilio[1].txt
C:\Documents and Settings\casa\Cookies\casa@trvlnet.adbureau[1].txt
C:\Documents and Settings\casa\Cookies\casa@adrevolver[3].txt
C:\Documents and Settings\casa\Cookies\casa@apmebf[1].txt
C:\Documents and Settings\casa\Cookies\casa@ehg-jigsaw.hitbox[1].txt
C:\Documents and Settings\casa\Cookies\casa@www.burstbeacon[2].txt
C:\Documents and Settings\casa\Cookies\casa@www.burstnet[2].txt
C:\Documents and Settings\casa\Cookies\casa@stat.onestat[2].txt
C:\Documents and Settings\casa\Cookies\casa@media.intelia[1].txt
C:\Documents and Settings\casa\Cookies\casa@www.comprabanner[1].txt
C:\Documents and Settings\casa\Cookies\casa@eas.apm.emediate[2].txt
C:\Documents and Settings\casa\Cookies\casa@tripod.lycos[1].txt
C:\Documents and Settings\casa\Cookies\casa@ads.tripod.lycos.co[2].txt
C:\Documents and Settings\casa\Cookies\casa@stats.adbrite[1].txt
C:\Documents and Settings\casa\Cookies\casa@ads.bitage[2].txt
C:\Documents and Settings\casa\Cookies\casa@content.yieldmanager[1].txt
C:\Documents and Settings\casa\Cookies\casa@dynamic.media.adrevolve r[1].txt
C:\Documents and Settings\casa\Cookies\casa@compraonline.mediaworld[1].txt
C:\Documents and Settings\casa\Cookies\casa@adlegend[1].txt
C:\Documents and Settings\casa\Cookies\casa@sonyeurope.112.2o7[1].txt
C:\Documents and Settings\casa\Cookies\casa@adv.freeonline[2].txt
C:\Documents and Settings\casa\Cookies\casa@ads.tripod.lycos[1].txt
C:\Documents and Settings\casa\Cookies\casa@adserver.aol[1].txt
C:\Documents and Settings\casa\Cookies\casa@adv.alice[1].txt
C:\Documents and Settings\casa\Cookies\casa@gjacket.adbureau[2].txt
C:\Documents and Settings\casa\Cookies\casa@ads.gamesbannernet[1].txt
C:\Documents and Settings\casa\Cookies\casa@server.iad.liveperson[2].txt
C:\Documents and Settings\casa\Cookies\casa@invitemedia[1].txt
C:\Documents and Settings\casa\Cookies\casa@ads.lunaweb[1].txt
C:\Documents and Settings\casa\Cookies\casa@adv.adpartner[1].txt
C:\Documents and Settings\casa\Cookies\casa@bravenet[1].txt
C:\Documents and Settings\casa\Cookies\casa@kontera[2].txt
C:\Documents and Settings\casa\Cookies\casa@toplist[1].txt
C:\Documents and Settings\casa\Cookies\casa@videoegg.adbureau[2].txt
C:\Documents and Settings\casa\Cookies\casa@xiti[1].txt
C:\Documents and Settings\casa\Cookies\casa@zbox.zanox[1].txt

Trojan.Dropper/Multi-CN
C:\DOCUMENTS AND SETTINGS\CASA\IMPOSTAZIONI LOCALI\TEMP\MOUSEHOOK.DLL
C:\DOCUMENTS AND SETTINGS\IO\IMPOSTAZIONI LOCALI\TEMP\MOUSEHOOK.DLL

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\VGHD.SCR


-------------------------------------------------------

Malwarebytes' Anti-Malware 1.34
Versione del database: 1778
Windows 5.1.2600 Service Pack 3

21/02/2009 14.45.19
mbam-log-2009-02-21 (14-45-19).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 62841
Tempo trascorso: 2 minute(s), 30 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Elementi dato del registro infetti: 7
Cartelle infette: 2
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallpap er (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\activedesktop\NoChangingWallpa per (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
C:\Documents and Settings\io\Dati applicazioni\cogad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Files: 671 -> Quarantined and deleted successfully.

File infetti:
C:\AUTORUN.INF (Trojan.Agent) -> Quarantined and deleted successfully.
C:\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

[kk80]

ultimo log

--------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.50.13, on 21/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Creative\Software Update 3\SoftAuto.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926. 3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
O4 - HKLM\..\Run: [combofix] cmd /c "C:\DOCUME~1\io\IMPOST~1\Temp\RarSFX0\8agle.cm d"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Programmi\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\docume~1\io\impost~1\temp\ntdll64.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1224272696309
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe (file missing)
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programmi\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Programmi\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

--
End of file - 7662 bytes

[Deifobe]

che connessione hai?

scarica SystemScan - disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus

carica il rapporto che trovi sul desktop su Freefilehosting e posta sul forum il link ottenuto.

nota: systemscan viene riconosciuto come infetto per il tipo di scansione effettuata (è un falso positivo). La procedura postata è sicura.

[kk80]

ho connessione alice adsl...
la linea fisicamente la prende, ma nessuna applicazione (explorer, msn, emule, firefox..) riesce poi a connettersi

adesso ti posto il log

[kk80]

http://freefilehosting.net/download/45b6g

[kk80]

report_1235243257147_3336.txt

[Deifobe]

crea una nuova cartella e copiaci dentro i file:

C:\WINDOWS\system32\drivers\secdrvex.sys
C:\WINDOWS\system32\drivers\psched2k.sys
C:\WINDOWS\system32\drivers\amdnt.sys
C:\WINDOWS\system32\wiacache.dll
C:\WINDOWS\system32\con32.dll
C:\WINDOWS\system32\pdfx86.dll
C:\WINDOWS\system32\eudcesvr.exe

Zippa la cartella, carica il file.zip su Freefilehosting e inviami il link con un messaggio privato (non postare il link sl forum, mi raccomando)



scarica e trasferisci al pc: 1) tool disinst. Norton, 2) lspfix

Esegui il primo tool per ripulire i residui di norton.

Da hjt fixa:

O4 - HKLM\..\Run: [combofix] cmd /c "C:\DOCUME~1\io\IMPOST~1\Temp\RarSFX0\8agle.cm d"
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\docume~1\io\impost~1\temp\ntdll64.dll' missing

Esegui systemscan, clicca sul pulsante "Removal Script" nella finestra principale di Systemscan e, nella finestra che si apre, copia/incolla questo script:

files to delete:
C:\DOCUME~1\io\IMPOST~1\Temp\illus02.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\illus08.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\illus06.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\illus05.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\illus03.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\illus07.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\illus04.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\illus09.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\illus10.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\illus11.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\illus01.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\dat5.tmp
C:\DOCUME~1\io\IMPOST~1\Temp\dat4.tmp
C:\DOCUME~1\io\IMPOST~1\Temp\bgd3.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\bgd.bmp
C:\DOCUME~1\io\IMPOST~1\Temp\bgd2.bmp
C:\WINDOWS\mia5.tmp
C:\WINDOWS\mia4.tmp
C:\WINDOWS\mia3.tmp
C:\WINDOWS\temp\Upd2.tmp
C:\WINDOWS\temp\avg8info.id
C:\WINDOWS\temp\yb0odsew.TMP

folders to delete:
C:\DOCUME~1\io\IMPOST~1\Temp\RarSFX0

Clicca su "Proceed with removal" e il pc si riavviera' per eseguire lo script.
Al riavvio troverai la finestra di SystemScan con un messaggio (blu se lo script e' stato eseguito correttamente - rossa in caso contrario): controlla l'esito e rieseguilo se necessario.


-------
ora.... Prova a connetterti. Se non ci riesci esegui LSPFix.
Ti si aprirà una schermata con due pannelli.
Spunta "I know what I’m doing".
Premettendo che devi lasciar stare a sinistra (keep) mswsock.dll, winrnr.dll e rsvpsp.dll, devi spostare a destra (remove) solo il file missing ntdll64.dll utilizzando freccia >>.
Fatto questo, premi "finish".

NB: dovessero comparire sin dall'inizio il file nella schermata di destra (remove), premi direttamente "finish".
Riavvia il pc e riprova a collegarti.

Esegui questa procedura con attenzione e non rimuovere altri file!

[kk80]

dei file che mi avevi chiesto non ne ho trovato neanche uno col nome esattamente uguale.

In compenso, ho scaricato i due software e fatto come mi hai detto; dopo il secondo sono finalmente riuscito a riconnettermi a internet.

GRAZIE MILLE E COMPLIMENTI DAVVERO PER LA COMPETENZA

[Deifobe]

mi fa piacere.

ciao