Aiuto per SpyWare

notu2002it · 22-06-2004, 12:35

Ciao a tutti
Allora..... Mi sono beccato uno SpyWare che mi carica sempre una pagina Html chiamata secure.html presente sotto la cartella Winnt ( win 2000 ).
Se cancello il file si rigenera.
Ho provato con SpyBot, Ad Aware, NoAdware, Xoftspy.
Non rilevano nulla. Nel registro non ho trovato nulla.
Se provo a modificare l'indirizzo di apertura pagina nel registro si rigenera.
Consigli?
Grazie

axxaxxa3 · 22-06-2004, 12:46

Quote:

Originariamente inviato da notu2002it
Ciao a tutti
Allora..... Mi sono beccato uno SpyWare che mi carica sempre una pagina Html chiamata secure.html presente sotto la cartella Winnt ( win 2000 ).
Se cancello il file si rigenera.
Ho provato con SpyBot, Ad Aware, NoAdware, Xoftspy.
Non rilevano nulla. Nel registro non ho trovato nulla.
Se provo a modificare l'indirizzo di apertura pagina nel registro si rigenera.
Consigli?
Grazie

Spy Sweeper e copia/incolla un log di hijack this!
CiaO!

notu2002it · 22-06-2004, 13:26

Innanzitutto ecco il log

Logfile of HijackThis v1.97.7
Scan saved at 14.25.03, on 22/06/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PC-CILLIN NT\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\PC-CILLIN NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PC-CILLIN NT\ofcdog.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\PC-CILLIN NT\pccntmon.exe
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\u053886\Dati applicazioni\raws.exe
C:\Programmi\Microsoft Office\Office\OSA.EXE
C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
D:\SEZIONE B\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINNT\system32\NDrv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.its.it/pac/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts file is located at: C:\WINNT\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74E0E2C4-7197-7439-449C-C9E51FA43647} - C:\WINNT\system32\wlsxoymh.dll (file missing)
O2 - BHO: (no name) - {7B9777D0-74EB-347F-71AB-E3FA44955A5C} - C:\WINNT\system32\hxscyovs.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINNT\system32\NDrv.dll
O2 - BHO: (no name) - {B58306B4-D82A-6993-1BF0-552FA4B02F69} - C:\WINNT\system32\ajbxdvgx.dll (file missing)
O2 - BHO: (no name) - {B742BE77-6E59-56F0-4784-B3B8E507C688} - C:\WINNT\system32\agykbqzv.dll (file missing)
O2 - BHO: (no name) - {BB463F1B-522D-AC83-2140-2955B2F4516C} - C:\WINNT\system32\hamqvfyz.dll (file missing)
O2 - BHO: (no name) - {BC1DC324-3AFE-D576-2247-3C58CAB51AF8} - C:\WINNT\system32\bvbmnbel.dll (file missing)
O2 - BHO: (no name) - {CF388B49-81F1-C9B5-22FB-C28C36BE7EB9} - C:\WINNT\system32\pzcyyjtl.dll
O2 - BHO: (no name) - {FFEA84AB-13CC-74DB-2A97-63ADB7459B49} - C:\WINNT\system32\ymvqqsmi.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\PC-CILLIN NT\pccntmon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Acer] C:\Documents and Settings\u053886\Dati applicazioni\raws.exe
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://tv1mirnts0001/officescan/Clie...l/WinNTChk.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://tv1mirnts0001/officescan/clie...l/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://tv1mirnts0001/officescan/clientinstall/setup.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://tv1mirnts0001/officescan/clie...RemoveCtrl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.0_02) - http://www.presenza02.hrss.it/esiper...0_02-win-i.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - http://codep.fiat.com/forms90/jinitiator/jinit.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab

PixXelite · 22-06-2004, 13:32

credo di precedere axxaxxa3 nel dire che prima fai la scansione con Spy Sweeper e poi posti il log di hijackthis

CIAUX

axxaxxa3 · 22-06-2004, 13:34

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html

Queste sembrano essere riconducubili al tuo problema....

axxaxxa3 · 22-06-2004, 13:35

Quote:

Originariamente inviato da PixXelite
credo di precedere axxaxxa3 nel dire che prima fai la scansione con Spy Sweeper e poi posti il log di hijackthis

CIAUX

Si

anzi sarebbe meglio un log prima...e uno dopo!

notu2002it · 22-06-2004, 13:51

Ok il problema è esattamente quello
come posso eliminarlo?

ps. il log dopo spy sweeper è questo

Logfile of HijackThis v1.97.7
Scan saved at 14.52.07, on 22/06/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PC-CILLIN NT\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\PC-CILLIN NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PC-CILLIN NT\ofcdog.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\PC-CILLIN NT\pccntmon.exe
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\u053886\Dati applicazioni\raws.exe
C:\Programmi\Microsoft Office\Office\OSA.EXE
C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINNT\system32\NDrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\SEZIONE B\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.its.it/pac/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts file is located at: C:\WINNT\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74E0E2C4-7197-7439-449C-C9E51FA43647} - C:\WINNT\system32\wlsxoymh.dll (file missing)
O2 - BHO: (no name) - {7B9777D0-74EB-347F-71AB-E3FA44955A5C} - C:\WINNT\system32\hxscyovs.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINNT\system32\NDrv.dll
O2 - BHO: (no name) - {B58306B4-D82A-6993-1BF0-552FA4B02F69} - C:\WINNT\system32\ajbxdvgx.dll (file missing)
O2 - BHO: (no name) - {B742BE77-6E59-56F0-4784-B3B8E507C688} - C:\WINNT\system32\agykbqzv.dll (file missing)
O2 - BHO: (no name) - {BB463F1B-522D-AC83-2140-2955B2F4516C} - C:\WINNT\system32\hamqvfyz.dll (file missing)
O2 - BHO: (no name) - {BC1DC324-3AFE-D576-2247-3C58CAB51AF8} - C:\WINNT\system32\bvbmnbel.dll (file missing)
O2 - BHO: (no name) - {CF388B49-81F1-C9B5-22FB-C28C36BE7EB9} - C:\WINNT\system32\pzcyyjtl.dll
O2 - BHO: (no name) - {FFEA84AB-13CC-74DB-2A97-63ADB7459B49} - C:\WINNT\system32\ymvqqsmi.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\PC-CILLIN NT\pccntmon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Acer] C:\Documents and Settings\u053886\Dati applicazioni\raws.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://tv1mirnts0001/officescan/Clie...l/WinNTChk.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://tv1mirnts0001/officescan/clie...l/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://tv1mirnts0001/officescan/clientinstall/setup.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://tv1mirnts0001/officescan/clie...RemoveCtrl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.0_02) - http://www.presenza02.hrss.it/esiper...0_02-win-i.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - http://codep.fiat.com/forms90/jinitiator/jinit.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab

axxaxxa3 · 22-06-2004, 13:56

Allora..accertato che quello è il problema.....devi spuntare le caselle dei processi incriminati e cliccare su fix checked!
Ciao!

notu2002it · 22-06-2004, 14:04

Ho fatto come mi hai detto
ho resettato
Ma nulla da fare il log e sempre lo stesso

ciao

PixXelite · 22-06-2004, 17:07

Quote:

Originariamente inviato da notu2002it
Ho fatto come mi hai detto
ho resettato
Ma nulla da fare il log e sempre lo stesso

ciao

allora, prima (ancora prima del post di axxaxxa3) avevo dato un'occhiata ai tuoi processi di sistema...mi suonava strano quel NDrv.exe, quindi ho fatto una ricerca, da quello che ho capito (ero moolto di fretta quindi non ho letto tutto) è responsabile di redirezioni (esiste in italiano?...vabbe "redirection") da google verso altre pagine. Ora cerco di ribeccare la pagina che stavo leggendo e ti so dire.
Cmq tu nel frattempo riavvia, termini il processo suddettoNDrv.exe e poi ti fai una navigata...prova a vedere se te lo fa ancora...cmq non prometto niente

CIAUX

PixXelite · 22-06-2004, 17:19

@ axxaxxa3: io ho fatto una ricerca sul processo--> lo fanno sempre fixxare (nei log di hijackthis di altri forum è presente una chiave R4 con sto processo, ma mi pare solo nei programmi da eseguire in avvio del SO) e i forum di solito sono per spyware, virus, etc..
...forse sarebbe meglio se dassi un'occhiata a questa pagina:
http://computercops.biz/postp215015.html
e sappimi dire...
...per me basta terminare il processo che forse non lo fa piu, se funzia basta andare in msconfig e disabilitare l'avvio automatico...
...cmq aspetto un tuo parere

CIAUX

notu2002it · 23-06-2004, 07:42

Ho provato a rinominare NDrv.exe ( cancellarlo non ero sicuro )
Il SO non lo carica più ma non cambia nulla.

PixXelite · 23-06-2004, 08:53

hai provato a fare una scansione completa (attento che in alcuni antivirus devi specificare il livello di scansione, nel caso metti quello piu approfondito) da modalità provvisoria DISATTIVANDO il ripristino configurazione di sistema?
Se no fallo con tutti i programmi...
...intanto io proverò e cercare un po' in giro che puo essere

...a dopo

CIAUX

notu2002it · 23-06-2004, 08:54

Ok !
dopo varie ricerche ho risolto con cwshredder
che mi ha eliminato un CoolWebSearch.

Ora è tutto a posto.

Grazie a tutti per l'aiuto.

PixXelite · 23-06-2004, 09:02

Quote:

Originariamente inviato da notu2002it
Ok !
dopo varie ricerche ho risolto con cwshredder
che mi ha eliminato un CoolWebSearch.

Ora è tutto a posto.

Grazie a tutti per l'aiuto.

ok, bravo

CIAUX

22-06-2004, 12:35	#1
notu2002it Registered User Iscritto dal: Oct 2003 Città: Turin Messaggi: 90	Aiuto per SpyWare Ciao a tutti Allora..... Mi sono beccato uno SpyWare che mi carica sempre una pagina Html chiamata secure.html presente sotto la cartella Winnt ( win 2000 ). Se cancello il file si rigenera. Ho provato con SpyBot, Ad Aware, NoAdware, Xoftspy. Non rilevano nulla. Nel registro non ho trovato nulla. Se provo a modificare l'indirizzo di apertura pagina nel registro si rigenera. Consigli? Grazie

22-06-2004, 13:32	#4
PixXelite Senior Member Iscritto dal: Apr 2004 Città: Massa...ma so' proprio Veneto...OSTIA!!! Messaggi: 631	credo di precedere axxaxxa3 nel dire che prima fai la scansione con Spy Sweeper e poi posti il log di hijackthis CIAUX __________________ ...la profonda conoscenza deriva da un continuo ricominciare... ICQ: 212439216 Mandami una mela

22-06-2004, 13:34	#5
axxaxxa3 Senior Member Iscritto dal: Mar 2004 Città: * * * * Messaggi: 2321	R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html Queste sembrano essere riconducubili al tuo problema.... __________________ Là, dove tutti fuggono terrorizzati, loro vanno.Chi sono?

22-06-2004, 13:56	#8
axxaxxa3 Senior Member Iscritto dal: Mar 2004 Città: * * * * Messaggi: 2321	Allora..accertato che quello è il problema.....devi spuntare le caselle dei processi incriminati e cliccare su fix checked! Ciao! __________________ Là, dove tutti fuggono terrorizzati, loro vanno.Chi sono?

22-06-2004, 17:19	#11
PixXelite Senior Member Iscritto dal: Apr 2004 Città: Massa...ma so' proprio Veneto...OSTIA!!! Messaggi: 631	@ axxaxxa3: io ho fatto una ricerca sul processo--> lo fanno sempre fixxare (nei log di hijackthis di altri forum è presente una chiave R4 con sto processo, ma mi pare solo nei programmi da eseguire in avvio del SO) e i forum di solito sono per spyware, virus, etc.. ...forse sarebbe meglio se dassi un'occhiata a questa pagina: http://computercops.biz/postp215015.html e sappimi dire... ...per me basta terminare il processo che forse non lo fa piu, se funzia basta andare in msconfig e disabilitare l'avvio automatico... ...cmq aspetto un tuo parere CIAUX __________________ ...la profonda conoscenza deriva da un continuo ricominciare... ICQ: 212439216 Mandami una mela

22-06-2004, 13:26	#3
notu2002it Registered User Iscritto dal: Oct 2003 Città: Turin Messaggi: 90	Innanzitutto ecco il log Logfile of HijackThis v1.97.7 Scan saved at 14.25.03, on 22/06/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\PC-CILLIN NT\ntrtscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\PC-CILLIN NT\tmlisten.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\PC-CILLIN NT\ofcdog.exe C:\WINNT\Explorer.EXE C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe C:\WINNT\System32\igfxtray.exe C:\WINNT\System32\hkcmd.exe C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe C:\Programmi\Logitech\MouseWare\system\em_exec.exe C:\PC-CILLIN NT\pccntmon.exe C:\WINNT\system32\ctfmon.exe C:\Documents and Settings\u053886\Dati applicazioni\raws.exe C:\Programmi\Microsoft Office\Office\OSA.EXE C:\Programmi\Microsoft Office\Office\FINDFAST.EXE C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe D:\SEZIONE B\HijackThis.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINNT\system32\NDrv.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.its.it/pac/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = hot-searches.com;lender-search.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts file is located at: C:\WINNT\nsdb\hosts O1 - Hosts: 81.211.105.69 lender-search.com O1 - Hosts: 81.211.105.68 hot-searches.com O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {74E0E2C4-7197-7439-449C-C9E51FA43647} - C:\WINNT\system32\wlsxoymh.dll (file missing) O2 - BHO: (no name) - {7B9777D0-74EB-347F-71AB-E3FA44955A5C} - C:\WINNT\system32\hxscyovs.dll O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINNT\system32\NDrv.dll O2 - BHO: (no name) - {B58306B4-D82A-6993-1BF0-552FA4B02F69} - C:\WINNT\system32\ajbxdvgx.dll (file missing) O2 - BHO: (no name) - {B742BE77-6E59-56F0-4784-B3B8E507C688} - C:\WINNT\system32\agykbqzv.dll (file missing) O2 - BHO: (no name) - {BB463F1B-522D-AC83-2140-2955B2F4516C} - C:\WINNT\system32\hamqvfyz.dll (file missing) O2 - BHO: (no name) - {BC1DC324-3AFE-D576-2247-3C58CAB51AF8} - C:\WINNT\system32\bvbmnbel.dll (file missing) O2 - BHO: (no name) - {CF388B49-81F1-C9B5-22FB-C28C36BE7EB9} - C:\WINNT\system32\pzcyyjtl.dll O2 - BHO: (no name) - {FFEA84AB-13CC-74DB-2A97-63ADB7459B49} - C:\WINNT\system32\ymvqqsmi.dll O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\PC-CILLIN NT\pccntmon.exe" O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Acer] C:\Documents and Settings\u053886\Dati applicazioni\raws.exe O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://tv1mirnts0001/officescan/Clie...l/WinNTChk.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://tv1mirnts0001/officescan/clie...l/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://tv1mirnts0001/officescan/clientinstall/setup.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://tv1mirnts0001/officescan/clie...RemoveCtrl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.0_02) - http://www.presenza02.hrss.it/esiper...0_02-win-i.exe O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - http://codep.fiat.com/forms90/jinitiator/jinit.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab

22-06-2004, 13:51	#7
notu2002it Registered User Iscritto dal: Oct 2003 Città: Turin Messaggi: 90	Ok il problema è esattamente quello come posso eliminarlo? ps. il log dopo spy sweeper è questo Logfile of HijackThis v1.97.7 Scan saved at 14.52.07, on 22/06/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\PC-CILLIN NT\ntrtscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\PC-CILLIN NT\tmlisten.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\PC-CILLIN NT\ofcdog.exe C:\WINNT\Explorer.EXE C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe C:\WINNT\System32\igfxtray.exe C:\WINNT\System32\hkcmd.exe C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe C:\Programmi\Logitech\MouseWare\system\em_exec.exe C:\PC-CILLIN NT\pccntmon.exe C:\WINNT\system32\ctfmon.exe C:\Documents and Settings\u053886\Dati applicazioni\raws.exe C:\Programmi\Microsoft Office\Office\OSA.EXE C:\Programmi\Microsoft Office\Office\FINDFAST.EXE C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\WINNT\system32\NDrv.exe C:\Programmi\Internet Explorer\iexplore.exe D:\SEZIONE B\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.its.it/pac/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = hot-searches.com;lender-search.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts file is located at: C:\WINNT\nsdb\hosts O1 - Hosts: 81.211.105.69 lender-search.com O1 - Hosts: 81.211.105.68 hot-searches.com O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {74E0E2C4-7197-7439-449C-C9E51FA43647} - C:\WINNT\system32\wlsxoymh.dll (file missing) O2 - BHO: (no name) - {7B9777D0-74EB-347F-71AB-E3FA44955A5C} - C:\WINNT\system32\hxscyovs.dll O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINNT\system32\NDrv.dll O2 - BHO: (no name) - {B58306B4-D82A-6993-1BF0-552FA4B02F69} - C:\WINNT\system32\ajbxdvgx.dll (file missing) O2 - BHO: (no name) - {B742BE77-6E59-56F0-4784-B3B8E507C688} - C:\WINNT\system32\agykbqzv.dll (file missing) O2 - BHO: (no name) - {BB463F1B-522D-AC83-2140-2955B2F4516C} - C:\WINNT\system32\hamqvfyz.dll (file missing) O2 - BHO: (no name) - {BC1DC324-3AFE-D576-2247-3C58CAB51AF8} - C:\WINNT\system32\bvbmnbel.dll (file missing) O2 - BHO: (no name) - {CF388B49-81F1-C9B5-22FB-C28C36BE7EB9} - C:\WINNT\system32\pzcyyjtl.dll O2 - BHO: (no name) - {FFEA84AB-13CC-74DB-2A97-63ADB7459B49} - C:\WINNT\system32\ymvqqsmi.dll O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\PC-CILLIN NT\pccntmon.exe" O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Acer] C:\Documents and Settings\u053886\Dati applicazioni\raws.exe O4 - HKCU\..\Run: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://tv1mirnts0001/officescan/Clie...l/WinNTChk.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://tv1mirnts0001/officescan/clie...l/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://tv1mirnts0001/officescan/clientinstall/setup.cab O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://tv1mirnts0001/officescan/clie...RemoveCtrl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.0_02) - http://www.presenza02.hrss.it/esiper...0_02-win-i.exe O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - http://codep.fiat.com/forms90/jinitiator/jinit.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab

22-06-2004, 14:04	#9
notu2002it Registered User Iscritto dal: Oct 2003 Città: Turin Messaggi: 90	Ho fatto come mi hai detto ho resettato Ma nulla da fare il log e sempre lo stesso ciao

23-06-2004, 07:42	#12
notu2002it Registered User Iscritto dal: Oct 2003 Città: Turin Messaggi: 90	Ho provato a rinominare NDrv.exe ( cancellarlo non ero sicuro ) Il SO non lo carica più ma non cambia nulla.

23-06-2004, 08:53	#13
PixXelite Senior Member Iscritto dal: Apr 2004 Città: Massa...ma so' proprio Veneto...OSTIA!!! Messaggi: 631	hai provato a fare una scansione completa (attento che in alcuni antivirus devi specificare il livello di scansione, nel caso metti quello piu approfondito) da modalità provvisoria DISATTIVANDO il ripristino configurazione di sistema? Se no fallo con tutti i programmi... ...intanto io proverò e cercare un po' in giro che puo essere ...a dopo CIAUX __________________ ...la profonda conoscenza deriva da un continuo ricominciare... ICQ: 212439216 Mandami una mela

23-06-2004, 08:54	#14
notu2002it Registered User Iscritto dal: Oct 2003 Città: Turin Messaggi: 90	Ok ! dopo varie ricerche ho risolto con cwshredder che mi ha eliminato un CoolWebSearch. Ora è tutto a posto. Grazie a tutti per l'aiuto.

Strumenti
Mostra una versione stampabile Invia questa pagina per email