Condividi:        

Grave problema all'accensione

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: m.paolo, antoo69, -> EleKtrA <-

Grave problema all'accensione

Postdi ciccio16 » 22/03/10 19:27

Ciao a tutti ragazzi...Sono un nuovo arrivato... Vi scrivo perchè spero possiate aiutarmi con il mio problema...
Qualche settimana mi sn entrati 2 virus nel pc che ho rimosso con avast... Ho fatto la scansione cn avast con spybot con asquared con malwarebyte's antimalware e sembrava tuto ok... Adesso però ogni volta che avvio il pc la barra applicazioni impiega circa 6 minuti per avviarsi... E non mi funzionano nemmeno tutte le varie cartelle del pc... L'unico progr. che funziona è internet ma non mi fa utilizzare tutte le applicazioni... Dopo circa sei minuti la barra si sblocca, il pc fa il suono tipico di windows, avast parte e compare l'icona dell'aggiornamento e tutto funziona correttamente....
Quale può essere il problema???

io ho un intel pentium dual core 2.80 GHz, 1Gb ram con windows xp professional Sp2

Per favore aiutatemi perchè è fastidiosissimo qst problema e non vorrei dover portare il pc in assistenza...
ciccio16
Newbie
 
Post: 7
Iscritto il: 22/03/10 16:42

Sponsor
 

Re: Grave problema all'accensione

Postdi gahan » 22/03/10 19:55

Ciao,

sei sicuro che il tuo PC non si ancora infetto?
Effettuiamo un controllo:

scarica ed installa HijackThis
http://www.hijackthis.de/downloads/HJTInstall.exe

- apri il software
- accetta i termini di licenza
- clicca su "do a system scan and save a logfile"
- posta qui sul forum il log risultante
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: Grave problema all'accensione

Postdi ciccio16 » 22/03/10 21:29

Codice: Seleziona tutto
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\windows\system32\spoolsv.exe
C:\PROGRAMMI\A-SQUARED FREE\a2service.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\windows\System32\StkASv2K.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\Programmi\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\SAMSUNG\Samsung PC Studio 7\PCSuite.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
D:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {31bd81d7-ccb3-4301-886d-2d19e1c8e748} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5843c44b-8ec7-453d-8572-d995ed824695} - (no file)
O2 - BHO: (no name) - {7dd858bd-66c9-457f-8eff-27206f7e1574} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86329a90-fa88-489f-8c2d-d0f7323e9176} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {e2e17264-8723-4019-975a-f8cbafa554df} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {f50b3f5e-856e-4757-9bb1-b35d46ca7719} - (no file)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\system32\config\SYSTEM~1\IMPOST~1\Temp\E_SAAE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [S60 PC Suite Tray] "C:\Programmi\SAMSUNG\Samsung PC Studio 7\PCSuite.exe" -onlytray
O4 - HKLM\..\Policies\Explorer\Run: [YF65J4R49V] C:\WINDOWS\wininst.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: iifdvvlj - iifDvVlj.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAMMI\A-SQUARED FREE\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\windows\System32\StkASv2K.exe
O23 - Service: VundoFix Service (vundofixsvc) - Atribune.org - C:\windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11951 bytes
Ultima modifica di -> EleKtrA <- su 23/03/10 09:16, modificato 1 volte in totale.
Motivazione: inserito tag code
ciccio16
Newbie
 
Post: 7
Iscritto il: 22/03/10 16:42

Re: Grave problema all'accensione

Postdi antoo69 » 22/03/10 22:27

Riavvia il pc in modalità provvisoria (premendo ripetutamente F8 al riavvio)
Riesegui la scansione con Hijacthis e fixa queste voci

O2 - BHO: (no name) - {31bd81d7-ccb3-4301-886d-2d19e1c8e748} - (no file)
(Description: A hidden or missing adware entry.)

O2 - BHO: (no name) - {5843c44b-8ec7-453d-8572-d995ed824695} - (no file)
(Description: A hidden or missing adware entry.)

O2 - BHO: (no name) - {7dd858bd-66c9-457f-8eff-27206f7e1574} - (no file)
(Description: A hidden or missing adware entry.)

O2 - BHO: (no name) - {86329a90-fa88-489f-8c2d-d0f7323e9176} - (no file)
(Description: A hidden or missing adware entry.)

O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
(Description: A hidden or missing adware entry.)

O2 - BHO: (no name) - {e2e17264-8723-4019-975a-f8cbafa554df} - (no file)
(Description: A hidden or missing adware entry.)

O2 - BHO: (no name) - {f50b3f5e-856e-4757-9bb1-b35d46ca7719} - (no file)
(Description: A hidden or missing adware entry.)

O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU \"C:\WINDOWS\system32\config\SYSTEM~1\IMPOST~1\Temp\E_SAAE.tmp\" /EF \"HKCU\"
(Description: Program running on startup from a temporary folder.)


Poi queste

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Programmi\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
(Description: The WinAmp Agent. This puts a WinAmp icon is your system tray. It is completely unnecessary, and some viruses may hide in this file. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
(Description: Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs. If you don't use WinAmp constantly, removing this entry will free up some system resources. )

Poi rimuovi i file come descritto qui

Remove all files from your C:\WINDOWS\TEMP folder and your C:\DOCUMENTS AND SETTINGS\(your username)\LOCAL SETTINGS\Temp\ folder. (Do NOT delete the folders themselves). PLEASE NOTE: The local settings folder is a hidden folder.

Successivamente svuota il cestino e riavvia.
dai un pesce ad un uomo e lo sfamerai per un giorno.
insegna ad un uomo a pescare e lo sfamerai per tutta la vita.

Dell Alienware M17x
Avatar utente
antoo69
Moderatore
 
Post: 2112
Iscritto il: 28/04/09 16:40
Località: PARMA

Re: Grave problema all'accensione

Postdi gahan » 22/03/10 23:32

Ciao,

- apri hijackthis
- clicca su "do a system scan only"
- seleziona anche le seguenti voci, oltre a quelle elencate da antoo69, e premi su fix checked

O4 - HKLM\..\Policies\Explorer\Run: [YF65J4R49V] C:\WINDOWS\wininst.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O20 - Winlogon Notify: iifdvvlj - iifDvVlj.dll (file missing)


- Apri Malwarebytes
- aggiornalo
- esegui una scansione completa
- rimuovi le eventuali minacce rilevate premendo il pulsante "rimuovi elementi selezionati..."
- posta il report risultante dalla scansione di quest'ultimo.
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: Grave problema all'accensione

Postdi ciccio16 » 23/03/10 13:15

Allora ragazzi... Ho fatto tutti i passaggi che mi avete detto di fare... Il risultato non cambia... Stesso problema.... Antimalware mi ha cmq trovato un trojan vundo nella cartella windows ke ho eliminato... Ma è rimasto tutto uguale... Questo è il report...
Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.44
Versione del database: 3902
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

23/03/2010 13.03.59
mbam-log-2010-03-23 (13-03-59).txt

Tipo di scansione: Scansione completa (C:\|D:\|I:\|J:\|K:\|L:\|)
Elementi scansionati: 257945
Tempo trascorso: 33 minute(s), 25 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f50b3f5e-856e-4757-9bb1-b35d46ca7719} (Trojan.Vundo) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)



Cmq il problema potrebbe essere dovuto ad avast?? perchè in pratica quando accendo il pc appena appare nella barra app l'icona di avast la barra si blocca e dopo una decina di minuti il pc si sblocca e mi appare la finestrella dove parla dell'icona d avast e la finestralla in cui mi dice ke il database è stato aggiornato...
Ultima modifica di -> EleKtrA <- su 23/03/10 14:28, modificato 1 volte in totale.
Motivazione: inserito tag code
ciccio16
Newbie
 
Post: 7
Iscritto il: 22/03/10 16:42

Re: Grave problema all'accensione

Postdi ciccio16 » 23/03/10 14:45

No avast non c'entra... Ho provato a disinstallarlo ma il risultato è sempre lo stesso...:( :( :cry:
ciccio16
Newbie
 
Post: 7
Iscritto il: 22/03/10 16:42

Re: Grave problema all'accensione

Postdi -> EleKtrA <- » 23/03/10 14:50

Ciao ciccio16, disattiva il teatimer di Spybot, che potrebbe interferire con le modifiche del registro.
Apri SpyBot > menù modalità > avanzata > utilità > resident e togli la spunta a TeaTimer.

Disattiva momentaneamente l'antivirus
Scarica Combofix | Tutorial
Tasto destro sull'exe, esegui come amministratore
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.
Nota: Postarlo nel Topic inserendo il log nel tag "code". (CLICCA)
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Grave problema all'accensione

Postdi ciccio16 » 24/03/10 18:13

Codice: Seleziona tutto
ComboFix 10-03-23.04 - Administrator 24/03/2010  17.56.40.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.39.1040.18.1022.594 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dati applicazioni\Desktopicon
c:\windows\system32\drivers\Changer.sys
c:\windows\system32\kernel1.exe
c:\windows\system32\SIntf16.dll
c:\windows\system32\web.dat

.
(((((((((((((((((((((((((   Files Creati Da 2010-02-24 al 2010-03-24  )))))))))))))))))))))))))))))))))))
.

2010-03-23 13:46 . 2007-01-12 11:21   23352   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-03-23 13:46 . 2007-01-12 11:20   43176   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-03-23 13:46 . 2006-12-20 23:51   31560   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-03-23 13:46 . 2006-12-20 23:56   85952   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-03-23 13:46 . 2006-12-20 23:56   94424   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-03-23 13:46 . 2007-01-12 11:27   689280   ----a-w-   c:\windows\system32\aswBoot.exe
2010-03-23 13:46 . 2007-01-12 11:18   90112   ----a-w-   c:\windows\system32\AVASTSS.scr
2010-03-22 20:28 . 2010-03-22 20:28   --------   d-----w-   c:\programmi\Trend Micro
2010-03-18 19:37 . 2010-03-18 19:39   --------   d-----w-   c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Temp
2010-03-02 18:12 . 2010-03-02 18:12   20672   ----a-w-   c:\windows\system32\mv2.dll
2010-03-02 18:12 . 2010-03-02 18:12   10688   ----a-w-   c:\windows\system32\drivers\mv2.sys
2010-03-02 18:12 . 2010-03-02 18:32   --------   d-----w-   c:\programmi\UltraVNC
2010-02-27 10:57 . 2010-02-27 10:57   --------   d-----w-   c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Temp
2010-02-27 10:57 . 2010-02-27 10:57   --------   d-----w-   c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-02-26 15:56 . 2010-02-26 15:56   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-02-26 15:56 . 2010-01-07 15:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 15:55 . 2010-02-26 15:55   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-26 15:55 . 2010-02-26 15:56   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2010-02-26 15:55 . 2010-01-07 15:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-26 15:55 . 2004-08-03 21:59   34688   -c--a-w-   c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-26 15:55 . 2004-08-03 21:59   34688   ----a-w-   c:\windows\system32\drivers\lbrtfdc.sys
2010-02-26 15:53 . 2004-08-03 22:00   8192   -c--a-w-   c:\windows\system32\dllcache\i2omgmt.sys
2010-02-26 15:53 . 2004-08-03 22:00   8192   ----a-w-   c:\windows\system32\drivers\i2omgmt.sys
2010-02-26 15:48 . 2004-08-03 22:00   8192   -c--a-w-   c:\windows\system32\dllcache\changer.sys
2010-02-25 22:38 . 2010-02-25 22:43   --------   d-----w-   c:\documents and settings\Administrator\dwhelper
2010-02-25 22:25 . 2010-02-25 22:25   --------   d-----w-   C:\Downloads
2010-02-25 22:25 . 2010-02-25 22:43   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\Orbit

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 16:24 . 2007-09-15 15:18   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-23 11:00 . 2007-07-11 09:07   --------   d-----w-   c:\programmi\File comuni\PCSuite
2010-03-23 10:56 . 2009-08-29 15:48   --------   d-----w-   c:\programmi\Easy Video Downloader
2010-03-04 13:35 . 2001-08-31 15:00   87026   ----a-w-   c:\windows\system32\perfc010.dat
2010-03-04 13:35 . 2001-08-31 15:00   493032   ----a-w-   c:\windows\system32\perfh010.dat
2010-02-27 10:57 . 2007-06-07 14:23   --------   d-----w-   c:\programmi\Google
2010-02-27 10:54 . 2009-09-22 18:50   --------   d-----w-   c:\programmi\Winamp
2010-02-26 15:56 . 2007-02-21 19:28   --------   d-----w-   c:\programmi\a-squared Free
2010-02-26 15:46 . 2010-02-26 15:46   8   ----a-w-   c:\documents and settings\Administrator\Dati applicazioni\rbuwzv.dat
2010-02-09 12:26 . 2009-02-09 17:41   --------   d-----w-   c:\programmi\SAMSUNG
2010-02-09 12:26 . 2007-02-21 10:36   --------   d--h--w-   c:\programmi\InstallShield Installation Information
2010-02-09 12:12 . 2008-05-17 09:13   --------   d-----w-   c:\programmi\Azureus
2010-02-09 12:11 . 2007-02-21 19:27   --------   d-----w-   c:\programmi\Yahoo!
2008-08-23 08:34 . 2008-08-23 08:34   848   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------



[-] 2006-07-20 . 7FD213C5E09CE982759DA7D3CE6BDE88 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

c:\windows\System32\wuauclt.exe ... è mancante !!
c:\windows\System32\wscntfy.exe ... è mancante !!
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-19 143872]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk.disabled [2009-5-15 715]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"S60 PC Suite Tray"="c:\programmi\SAMSUNG\Samsung PC Studio 7\PCSuite.exe" -onlytray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\Programmi\\UltraVNC\\vncviewer.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:ciccio porte emule 2
"4662:TCP"= 4662:TCP:ciccio porte emule
"63615:TCP"= 63615:TCP:63615
"6346:TCP"= 6346:TCP:6346
"6346:UDP"= 6346:UDP:6346.
"18086:TCP"= 18086:TCP:18086 azureus
"18086:UDP"= 18086:UDP:18086 UDP azureus
"3257:TCP"= 3257:TCP:WWW
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [01/10/2007 13.16.33 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [01/10/2007 13.16.33 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/06/2007 14.59.28 642560]
R2 a2free;a-squared Free Service;c:\programmi\a-squared Free\a2service.exe [21/08/2008 11.55.50 1858144]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [02/03/2010 19.12.59 10688]
S1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys --> c:\windows\system32\drivers\oreans32.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [27/02/2010 11.57.04 135664]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [09/02/2010 13.20.03 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [09/02/2010 13.20.04 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [09/02/2010 13.20.03 12288]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\Rar$EX24.766\iSroBot\NtProcDrv.sys --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\Rar$EX24.766\iSroBot\NtProcDrv.sys [?]
S3 vundofixsvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
uuwof
bdxcy
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6d2cb4eaf26.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-27 10:57]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\xlgmlhl9.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\xlgmlhl9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{31bd81d7-ccb3-4301-886d-2d19e1c8e748} - (no file)
BHO-{5843c44b-8ec7-453d-8572-d995ed824695} - (no file)
BHO-{7dd858bd-66c9-457f-8eff-27206f7e1574} - (no file)
BHO-{86329a90-fa88-489f-8c2d-d0f7323e9176} - (no file)
BHO-{e2e17264-8723-4019-975a-f8cbafa554df} - (no file)
Notify-iifdvvlj - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 18:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x86F940E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x86f940e8
\Driver\ACPI -> ACPI.sys @ 0xf740ecb8
\Driver\atapi -> atapi.sys @ 0xf73a52f0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
 ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
 ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS:  -> SendCompleteHandler -> 0x0
 PacketIndicateHandler -> 0x0
 SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1177238915-436374069-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{414529FF-AE21-05FD-3F34-D326D0D4AE45}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paolnkmaclplpcombhkngiimhfcfenkd"=hex:6a,61,6e,6d,66,6f,68,65,6d,6c,6d,6b,62,
   62,62,62,69,6f,6d,65,00,41
"oaamplljgfokgekpocongigigcbcfp"=hex:69,61,69,61,6e,61,62,68,69,6a,61,66,6c,6b,
   68,64,65,6d,00,00
"paolnkmaclplpcombhkngiimhfcfonej"=hex:6a,61,6e,6d,69,6f,6d,66,62,65,66,69,62,
   65,6d,6b,6e,6a,61,69,00,80
"oaamplljgfokgekpocongigigcdcpn"=hex:6a,61,6e,6d,69,6f,6d,66,62,65,66,69,62,65,
   6d,6b,6e,6a,61,69,00,80
"abolnkmaclplpcombhkngiimhfcfknakff"=hex:6a,61,63,6e,6f,6f,6b,69,68,6a,6f,68,
   63,6e,64,70,6a,6e,6c,66,00,00
"paamplljgfokgekpocongigigcpblaaa"=hex:6a,61,6e,6d,69,6f,6d,66,6b,64,65,6b,70,
   67,6a,67,62,69,66,65,00,00

[HKEY_USERS\S-1-5-21-1177238915-436374069-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,9f,6f,4c,0b,78,90,5d,5e,6e,41,eb,de,df,1f,86,d3,1c,7c,6a,ae,35,c6,
   ff,35,90,83,0a,65,a5,c5,3c,5d,5b,b4,bb,cf,e2,9f,68,d4,0e,d8,7c,22,3b,71,38,\
"??"=hex:d3,be,05,c8,a7,c3,b1,d4,99,ee,75,fa,0e,1b,8d,1a

[HKEY_USERS\S-1-5-21-1177238915-436374069-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:42,c2,92,c8,f2,7c,81,29,b7,25,86,84,9f,88,3d,e0,78,bd,ba,a2,7e,
   6d,05,a2,1b,63,75,48,f2,d9,d6,f3,33,b8,26,b8,af,60,75,3b,42,98,e9,8f,0f,50,\
"rkeysecu"=hex:20,bd,0c,9f,95,14,21,52,e5,26,29,bb,62,c9,35,fc

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Hardware Profiles\Current]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5843c44b-8ec7-453d-8572-d995ed824695}\inprocserver32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\qoMcdExX.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{86329a90-fa88-489f-8c2d-d0f7323e9176}\inprocserver32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\qoMcdExX.dll"
"ThreadingModel"="Both"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'Explorer.EXE'(3372)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\StkASv2K.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\programmi\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-24  18:09:11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-03-24 17:09

Pre-Run: 25.208.459.264 byte disponibili
Post-Run: 25.083.006.976 byte disponibili

- - End Of File - - 5B23D1FFFA289ADB2B6BB7FB59B67995
ciccio16
Newbie
 
Post: 7
Iscritto il: 22/03/10 16:42

Re: Grave problema all'accensione

Postdi -> EleKtrA <- » 29/03/10 21:26

Apri un file di testo sul Desktop
Start > esegui, digita: notepad.exe e poi clicca Ok
Incolla il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente
con il nome CFScript
Codice: Seleziona tutto
Killall:: 
MBR::
NetSvcs::
uuwof
bdxcy
Driver::
uuwof
bdxcy
Folder::
C:\WINDOWS\temp
C:\WINDOWS\Tasks

Con il mouse trascina il file CFScript.txt sull'icona rossa di Combofix
Immagine
Lascia lavorare il programma
Verrà creato un nuovo log combofix.txt
Allega il rapporto per un controllo.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Grave problema all'accensione

Postdi ciccio16 » 02/04/10 14:58

Codice: Seleziona tutto
ComboFix 10-03-29.04 - Administrator 02/04/2010  14.16.41.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.39.1040.18.1022.677 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
 * Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BDXCY
-------\Legacy_UUWOF


(((((((((((((((((((((((((   Files Creati Da 2010-03-02 al 2010-04-02  )))))))))))))))))))))))))))))))))))
.

2010-03-25 19:30 . 2008-05-16 00:20   78416   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-03-25 19:30 . 2008-05-16 00:18   94416   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-03-25 19:30 . 2008-05-16 00:16   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-03-25 19:30 . 2008-05-16 00:15   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-03-25 19:30 . 2008-05-16 00:14   42912   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-03-25 19:30 . 2008-05-16 00:13   26944   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-03-25 19:30 . 2008-05-16 00:12   95608   ----a-w-   c:\windows\system32\AvastSS.scr
2010-03-25 19:30 . 2008-01-17 17:34   93264   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-03-25 19:30 . 2008-05-16 00:24   1152888   ----a-w-   c:\windows\system32\aswBoot.exe
2010-03-22 20:28 . 2010-03-22 20:28   --------   d-----w-   c:\programmi\Trend Micro
2010-03-18 19:37 . 2010-03-18 19:39   --------   d-----w-   c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Temp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 22:48 . 2007-09-15 15:18   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-23 11:00 . 2007-07-11 09:07   --------   d-----w-   c:\programmi\File comuni\PCSuite
2010-03-23 10:56 . 2009-08-29 15:48   --------   d-----w-   c:\programmi\Easy Video Downloader
2010-03-04 13:35 . 2001-08-31 15:00   87026   ----a-w-   c:\windows\system32\perfc010.dat
2010-03-04 13:35 . 2001-08-31 15:00   493032   ----a-w-   c:\windows\system32\perfh010.dat
2010-03-02 18:32 . 2010-03-02 18:12   --------   d-----w-   c:\programmi\UltraVNC
2010-03-02 18:12 . 2010-03-02 18:12   20672   ----a-w-   c:\windows\system32\mv2.dll
2010-03-02 18:12 . 2010-03-02 18:12   10688   ----a-w-   c:\windows\system32\drivers\mv2.sys
2010-02-27 10:57 . 2007-06-07 14:23   --------   d-----w-   c:\programmi\Google
2010-02-27 10:54 . 2009-09-22 18:50   --------   d-----w-   c:\programmi\Winamp
2010-02-26 15:56 . 2007-02-21 19:28   --------   d-----w-   c:\programmi\a-squared Free
2010-02-26 15:56 . 2010-02-26 15:56   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-02-26 15:56 . 2010-02-26 15:55   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2010-02-26 15:55 . 2010-02-26 15:55   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-26 15:46 . 2010-02-26 15:46   8   ----a-w-   c:\documents and settings\Administrator\Dati applicazioni\rbuwzv.dat
2010-02-25 22:43 . 2010-02-25 22:25   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\Orbit
2010-02-09 12:26 . 2009-02-09 17:41   --------   d-----w-   c:\programmi\SAMSUNG
2010-02-09 12:26 . 2007-02-21 10:36   --------   d--h--w-   c:\programmi\InstallShield Installation Information
2010-02-09 12:12 . 2008-05-17 09:13   --------   d-----w-   c:\programmi\Azureus
2010-02-09 12:11 . 2007-02-21 19:27   --------   d-----w-   c:\programmi\Yahoo!
2010-01-07 15:07 . 2010-02-26 15:56   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-02-26 15:55   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2008-08-23 08:34 . 2008-08-23 08:34   848   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------



[-] 2006-07-20 . 7FD213C5E09CE982759DA7D3CE6BDE88 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

c:\windows\System32\wuauclt.exe ... è mancante !!
c:\windows\System32\wscntfy.exe ... è mancante !!
.
(((((((((((((((((((((((((((((   SnapShot@2010-03-24_17.05.23   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-02 12:22 . 2010-04-02 12:22   16384              c:\windows\system32\config\systemprofile\Impostazioni locali\Temp\Perflib_Perfdata_6e4.dat
+ 2010-04-02 11:59 . 2010-04-02 11:59   16384              c:\windows\system32\config\systemprofile\Impostazioni locali\Temp\Perflib_Perfdata_6a8.dat
+ 2010-04-02 12:22 . 2010-04-02 12:22   16384              c:\windows\system32\config\systemprofile\Impostazioni locali\Temp\Perflib_Perfdata_2ac.dat
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-19 143872]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk.disabled [2009-5-15 715]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"S60 PC Suite Tray"="c:\programmi\SAMSUNG\Samsung PC Studio 7\PCSuite.exe" -onlytray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\Programmi\\UltraVNC\\vncviewer.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:ciccio porte emule 2
"4662:TCP"= 4662:TCP:ciccio porte emule
"63615:TCP"= 63615:TCP:63615
"6346:TCP"= 6346:TCP:6346
"6346:UDP"= 6346:UDP:6346.
"18086:TCP"= 18086:TCP:18086 azureus
"18086:UDP"= 18086:UDP:18086 UDP azureus
"3257:TCP"= 3257:TCP:WWW
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [01/10/2007 14.16.33 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [01/10/2007 14.16.33 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/06/2007 15.59.28 642560]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/03/2010 21.30.51 78416]
R2 a2free;a-squared Free Service;c:\programmi\a-squared Free\a2service.exe [21/08/2008 12.55.50 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/03/2010 21.30.51 20560]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [02/03/2010 20.12.59 10688]
S1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys --> c:\windows\system32\drivers\oreans32.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [27/02/2010 12.57.04 135664]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [09/02/2010 14.20.03 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [09/02/2010 14.20.04 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [09/02/2010 14.20.03 12288]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\Rar$EX24.766\iSroBot\NtProcDrv.sys --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\Rar$EX24.766\iSroBot\NtProcDrv.sys [?]
S3 vundofixsvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6d2cb4eaf26.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-27 10:57]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\xlgmlhl9.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\xlgmlhl9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 14:22
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x86FD3EB0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x86fd3eb0
\Driver\ACPI -> ACPI.sys @ 0xf740ecb8
\Driver\atapi -> atapi.sys @ 0xf73a52f0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
 ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
 ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS:  -> SendCompleteHandler -> 0x0
 PacketIndicateHandler -> 0x0
 SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1177238915-436374069-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{414529FF-AE21-05FD-3F34-D326D0D4AE45}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paolnkmaclplpcombhkngiimhfcfenkd"=hex:6a,61,6e,6d,66,6f,68,65,6d,6c,6d,6b,62,
   62,62,62,69,6f,6d,65,00,41
"oaamplljgfokgekpocongigigcbcfp"=hex:69,61,69,61,6e,61,62,68,69,6a,61,66,6c,6b,
   68,64,65,6d,00,00
"paolnkmaclplpcombhkngiimhfcfonej"=hex:6a,61,6e,6d,69,6f,6d,66,62,65,66,69,62,
   65,6d,6b,6e,6a,61,69,00,80
"oaamplljgfokgekpocongigigcdcpn"=hex:6a,61,6e,6d,69,6f,6d,66,62,65,66,69,62,65,
   6d,6b,6e,6a,61,69,00,80
"abolnkmaclplpcombhkngiimhfcfknakff"=hex:6a,61,63,6e,6f,6f,6b,69,68,6a,6f,68,
   63,6e,64,70,6a,6e,6c,66,00,00
"paamplljgfokgekpocongigigcpblaaa"=hex:6a,61,6e,6d,69,6f,6d,66,6b,64,65,6b,70,
   67,6a,67,62,69,66,65,00,00

[HKEY_USERS\S-1-5-21-1177238915-436374069-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,9f,6f,4c,0b,78,90,5d,5e,6e,41,eb,de,df,1f,86,d3,1c,7c,6a,ae,35,c6,
   ff,35,90,83,0a,65,a5,c5,3c,5d,5b,b4,bb,cf,e2,9f,68,d4,0e,d8,7c,22,3b,71,38,\
"??"=hex:d3,be,05,c8,a7,c3,b1,d4,99,ee,75,fa,0e,1b,8d,1a

[HKEY_USERS\S-1-5-21-1177238915-436374069-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:42,c2,92,c8,f2,7c,81,29,b7,25,86,84,9f,88,3d,e0,78,bd,ba,a2,7e,
   6d,05,a2,1b,63,75,48,f2,d9,d6,f3,33,b8,26,b8,af,60,75,3b,42,98,e9,8f,0f,50,\
"rkeysecu"=hex:20,bd,0c,9f,95,14,21,52,e5,26,29,bb,62,c9,35,fc

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Hardware Profiles\Current]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5843c44b-8ec7-453d-8572-d995ed824695}\inprocserver32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\qoMcdExX.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{86329a90-fa88-489f-8c2d-d0f7323e9176}\inprocserver32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\qoMcdExX.dll"
"ThreadingModel"="Both"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programmi\Samsung\Samsung PC Studio 7\phonebrowser.dll
c:\programmi\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
c:\programmi\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\StkASv2K.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\programmi\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-02  14:26:47 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-04-02 12:26
ComboFix2.txt  2010-03-24 17:09

Pre-Run: 24.426.274.816 byte disponibili
Post-Run: 24.378.634.240 byte disponibili

- - End Of File - - FEC709291719C566A43BC8BE67AE28C7
ciccio16
Newbie
 
Post: 7
Iscritto il: 22/03/10 16:42

Re: Grave problema all'accensione

Postdi ciccio16 » 13/04/10 19:25

Allora???? Adesso che faccio?
ciccio16
Newbie
 
Post: 7
Iscritto il: 22/03/10 16:42

Re: Grave problema all'accensione

Postdi -> EleKtrA <- » 16/04/10 16:38

Non è migliorato nulla?
Dal log di combofix risultano mancati dei file di sistema, se ci sono ancora problemi dotresti ricorrere alla recovery console.
Installazione e utilizzo della Console di ripristino di emergenza in Windows XP
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50


Torna a Sistemi Operativi Windows


Topic correlati a "Grave problema all'accensione":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 60 ospiti