Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 7 su 7
  1. 20-05-2005, 17:58 #1
    projectz
    projectz non è in linea
    Utente di HTML.it
    Registrato dal
    Jun 2003
    Messaggi
    10

    Help

    Mi sono beccato un bel trojan... e non riesco in alcun modo ad eliminarlo. Ho effettuato più e più volte scansioni con anti-virus, ad-aware, spybot e ogni volta trovo dei file infetti, li cancello ma si rigenerano... Il browser di ie c mette mezzo minuto per aprirsi e la stessa cosa vale x risorse del computer e qualsiasi altra directory, e ad ognuna di queste azioni è associata l'esecuzione di un processo che cambia continuamente nome ("apija32.exe, netes.exe, ecc."). Durante la navigazione in internet sono sommerso di pop-up (ho dovuto installare la google toolbar che in un due mesi ha bloccato 1995 pop-up!!!) e a volte compaiono messaggi del tipo "il tuo computer non è sicuro, per scoprire come fare ad eliminare gli spyware clicka qui".

    Qualcuno mi sa dire come risovere il problema?

    Questo è il logfile di hijackthis:

    Logfile of HijackThis v1.98.2
    Scan saved at 17.51.17, on 20/05/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
    C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\Programmi\StopDialers\StopDialers.exe
    C:\Programmi\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\netes.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://delspysoft.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://delspysoft.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://delspysoft.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://delspysoft.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
    O2 - BHO: Class - {DD794C88-5656-CD9D-4006-4B1319B5B981} - C:\WINDOWS\ntrc32.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [syssf.exe] C:\WINDOWS\syssf.exe
    O4 - HKLM\..\Run: [ntrk32.exe] C:\WINDOWS\system32\ntrk32.exe
    O4 - HKLM\..\Run: [iput32.exe] C:\WINDOWS\system32\iput32.exe
    O4 - HKLM\..\Run: [ieku32.exe] C:\WINDOWS\ieku32.exe
    O4 - HKLM\..\Run: [d3ca32.exe] C:\WINDOWS\system32\d3ca32.exe
    O4 - HKLM\..\Run: [netes.exe] C:\WINDOWS\system32\netes.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Collegamenti a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab
    O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
    O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
    O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
    O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
    O16 - DPF: {83B67220-025C-416C-8049-398E12764B36} (Flo2_L2 Control) - http://www.nokiagame.com/games/2K1E4...as/flo2_l2.cab
    O16 - DPF: {8BC4B4C3-2CA2-44B0-9A36-495EF3946E22} (Flo2_L1 Control) - http://www.nokiagame.com/games/1fpO9...fl/flo2_l1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
    O16 - DPF: {970D1F38-542B-471C-9574-72E1AE852EA1} (Flo2_L4 Control) - http://www.nokiagame.com/games/4eQo0...h3/flo2_l4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {B47CD421-1AA8-4FE6-A25A-5824BDADC307} (Flo2_L3 Control) - http://www.nokiagame.com/games/3Uyti...HI/flo2_l3.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...94/mcfscan.cab
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
    Rispondi quotando Rispondi quotando
  2. 20-05-2005, 18:43 #2
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    - sei sicuro che AVG sia in esecuzione, dal log non si direbbe visto che in nessuna chiave c'è un suo riferimento
    - hai una versione obsoleta di HijakcThis
    - leggiti il punto 4 a questo URL
    http://forum.html.it/forum/showthrea...hreadid=811189
    e segui tutte le procedure.
    - posta un nuovo log di HijackThis
    - la prossima volta dai un titolo al 3d che abbia un senso
    - infine crea una nuova cartella sul desktop e chiamala SR, scarica questo file
    http://digilander.libero.it/klaclo/Silent%20Runners.vbs
    e mettilo all'interno della stessa, non (!) eseguire il file nel caso ti dirò io come procedere
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  3. 21-05-2005, 11:30 #3
    projectz
    projectz non è in linea
    Utente di HTML.it
    Registrato dal
    Jun 2003
    Messaggi
    10
    Avevi ragione, avg non so perchè non era più tra i prog in esecuzione automatica...
    Cmq sono stati creati moltissimi esecutivi in C:\windows\sistem e sistem32 con nomi simili a processi realmente esistenti e ad ogni apertura di ie se ne apre uno che puntualmente avg blocca ed elimina ma ad una nuova apertura si apre un processo con un nome diverso. Scandendo la cartella avg non trova niente ...

    Questo è il nuovo log di hijackthis.

    Logfile of HijackThis v1.99.1
    Scan saved at 11.22.23, on 21/05/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\netes.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
    C:\WINDOWS\system32\ntwh32.exe
    C:\Programmi\Grisoft\AVG Free\avgcc.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://delspysoft.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://delspysoft.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://delspysoft.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://delspysoft.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
    O2 - BHO: Class - {DD794C88-5656-CD9D-4006-4B1319B5B981} - C:\WINDOWS\ntrc32.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [syssf.exe] C:\WINDOWS\syssf.exe
    O4 - HKLM\..\Run: [ntrk32.exe] C:\WINDOWS\system32\ntrk32.exe
    O4 - HKLM\..\Run: [iput32.exe] C:\WINDOWS\system32\iput32.exe
    O4 - HKLM\..\Run: [ieku32.exe] C:\WINDOWS\ieku32.exe
    O4 - HKLM\..\Run: [d3ca32.exe] C:\WINDOWS\system32\d3ca32.exe
    O4 - HKLM\..\Run: [netes.exe] C:\WINDOWS\system32\netes.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [ntwh32.exe] C:\WINDOWS\system32\ntwh32.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Collegamenti a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.topconverting.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted IP range: 67.19.185.246 (HKLM)
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab
    O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
    O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
    O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
    O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
    O16 - DPF: {83B67220-025C-416C-8049-398E12764B36} (Flo2_L2 Control) - http://www.nokiagame.com/games/2K1E4...as/flo2_l2.cab
    O16 - DPF: {8BC4B4C3-2CA2-44B0-9A36-495EF3946E22} (Flo2_L1 Control) - http://www.nokiagame.com/games/1fpO9...fl/flo2_l1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
    O16 - DPF: {970D1F38-542B-471C-9574-72E1AE852EA1} (Flo2_L4 Control) - http://www.nokiagame.com/games/4eQo0...h3/flo2_l4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {B47CD421-1AA8-4FE6-A25A-5824BDADC307} (Flo2_L3 Control) - http://www.nokiagame.com/games/3Uyti...HI/flo2_l3.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...94/mcfscan.cab
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crhj32.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Rispondi quotando Rispondi quotando
  4. 21-05-2005, 12:40 #4
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    inizia ad aggiornare sia AdAware che SpyBot, ricordati una volta aggiornato quest'ultimo che per far sì che le impronte virali vengano effettivamente caricate nel db devi, dalla finestra principale, cliccare su "Immunizza", finito il caricamente, dura alcuni secondi, clicca in alto a sx su immunizza (è il bottone a forma di croce verde).

    Dammi un attimo di tempo e ti posto le procedure.
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  5. 21-05-2005, 12:52 #5
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    Vai a questo URL
    http://virusscan.jotti.org/
    e controlla questo file, se infetto (ma credo di sì) elimini con HijackThis questo valore
    O4 - HKLM\..\RunOnce: [ntwh32.exe] C:\WINDOWS\system32\ntwh32.exe
    e dalla mod. provvisoria il file
    C:\WINDOWS\system32\ntwh32.exe


    apri HijackThis metti la spunta al fianco dei valori, chiudi tutti i programmi, browser compreso (!!!) clicca su Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://delspysoft.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://delspysoft.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xqnjg.dll/sp.html#83556
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://delspysoft.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://delspysoft.com
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [syssf.exe] C:\WINDOWS\syssf.exe
    O4 - HKLM\..\Run: [ntrk32.exe] C:\WINDOWS\system32\ntrk32.exe
    O4 - HKLM\..\Run: [iput32.exe] C:\WINDOWS\system32\iput32.exe
    O4 - HKLM\..\Run: [ieku32.exe] C:\WINDOWS\ieku32.exe
    O4 - HKLM\..\Run: [d3ca32.exe] C:\WINDOWS\system32\d3ca32.exe
    O4 - HKLM\..\Run: [netes.exe] C:\WINDOWS\system32\netes.exe
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.topconverting.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted IP range: 67.19.185.246 (HKLM)
    O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
    O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
    O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
    O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crhj32.exe (file missing)


    Riavvia in modalità provvisoria (!!!) ed elimina

    C:\WINDOWS\syssf.exe
    C:\WINDOWS\system32\ntrk32.exe
    C:\WINDOWS\system32\iput32.exe
    C:\WINDOWS\ieku32.exe
    C:\WINDOWS\system32\d3ca32.exe
    C:\WINDOWS\system32\netes.exe


    sempre dalla provvisoria fai una scansione con AdAware, elimina i valori infetti.
    Riavvia ancora in provvisoria ed effettua la scansione con SpyBot.
    Riavvia posta un nuovo log
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  6. 21-05-2005, 14:35 #6
    projectz
    projectz non è in linea
    Utente di HTML.it
    Registrato dal
    Jun 2003
    Messaggi
    10
    Ho eseguito alla lettera le tue istruzioni.
    Parte dei problemi sembrerebbe risolta ma:
    - non riesco a cambiare l'homepage che ad ogni avvio di ie rimane una pagina vuota about:blank
    - alcuni pop up ancora si aprono

    Comunque ora il browser di ie ci mette molto meno ad aprirsi e lo stesso vale per le altre cartelle.

    Questo è il nuovo log:

    Logfile of HijackThis v1.99.1
    Scan saved at 14.28.41, on 21/05/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
    C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\Programmi\Grisoft\AVG Free\avgcc.exe
    C:\Programmi\StopDialers\StopDialers.exe
    C:\WINDOWS\system32\msdz.exe
    C:\WINDOWS\system32\apptm.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
    O2 - BHO: Class - {DD794C88-5656-CD9D-4006-4B1319B5B981} - C:\WINDOWS\ntrc32.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [apptm.exe] C:\WINDOWS\system32\apptm.exe
    O4 - HKLM\..\RunOnce: [msdz.exe] C:\WINDOWS\system32\msdz.exe
    O4 - Startup: AVG Free Control Center.lnk = C:\Programmi\Grisoft\AVG Free\avgcc.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Collegamenti a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
    O15 - Trusted IP range: 67.19.185.246 (HKLM)
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
    O16 - DPF: {83B67220-025C-416C-8049-398E12764B36} (Flo2_L2 Control) - http://www.nokiagame.com/games/2K1E4...as/flo2_l2.cab
    O16 - DPF: {8BC4B4C3-2CA2-44B0-9A36-495EF3946E22} (Flo2_L1 Control) - http://www.nokiagame.com/games/1fpO9...fl/flo2_l1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
    O16 - DPF: {970D1F38-542B-471C-9574-72E1AE852EA1} (Flo2_L4 Control) - http://www.nokiagame.com/games/4eQo0...h3/flo2_l4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {B47CD421-1AA8-4FE6-A25A-5824BDADC307} (Flo2_L3 Control) - http://www.nokiagame.com/games/3Uyti...HI/flo2_l3.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...94/mcfscan.cab
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crhj32.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Rispondi quotando Rispondi quotando
  7. 23-05-2005, 01:22 #7
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    aggiorna AdAware e AVG
    scaricati
    http://www.trojaner-info.de/cgi-bin/...i?file=sphjfix
    metti il file all'interno di una cartella.
    Scaricati
    http://www.majorgeeks.com/download4289.html
    metti il file all'interno di una cartella, aggiornalo.
    Crea una nuova cartella sul desktop (chiamala ad es. SR) e salva al suo interno questo file
    http://digilander.libero.it/klaclo/Silent%20Runners.vbs


    apri HJT ed elimina (tutti i programmi, browser compreso devono essere chiusi)


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ihxna.dll/sp.html#83556
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [apptm.exe] C:\WINDOWS\system32\apptm.exe
    O4 - HKLM\..\RunOnce: [msdz.exe] C:\WINDOWS\system32\msdz.exe
    O15 - Trusted IP range: 67.19.185.246 (HKLM)
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crhj32.exe (file missing)


    riavvia in modalità provvisoria (è importante che tu riesca fin dalla prima volta, diversamente i valori si ricreerebbero) ed elimina

    C:\WINDOWS\system32\apptm.exe
    O4 - HKLM\..\RunOnce: [msdz.exe] C:\WINDOWS\system32\msdz.exe

    Apri il file sphjfix e clicca su "Desinfektion starten"
    Apri AboutBuster clicca successivamente su Start, la scansione va ripetuta due volte.

    Apri AdAware fai la scansione elimina i valori infetti (ti ricordo che per eliminare i valori, gli stessi devono essere "spuntati")

    Riavvia.

    esegui una scnsione con AVG. riavvia.

    Apri SilentRunners.
    N.B.
    ora, prima di lanciare il file, devo avvisarti del fatto che, essendo uno script, potrebbe essere scambiato per un file dannoso dal tuo antivirus, il file l'ho provato su due macchine differenti che montavano Kaspersky e AVG, nessuna delle due mi ha dato problemi, con Norton avresti sicuramente una finestra di alert, nel caso disabilita momentaneamente l'antivirus.

    Non connesso e con tutte le applicazioni chiuse, apri il file la scansione durerà alcuni secondi. Si aprirà una finestra di dialogo che ti avvisa del percorso dove è stato salvato il file.
    Clicca su Ok
    Apri il file di testo che dovrebbe chiamarsi "Startup Programs_nome della tua macchina_data" e copia qui il risultato.

    Copia qnche un nuovo log di HijackThis
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.