Olimpo Informatico

[Faffy]

Credo di averne beccato un altro...la connessione mi si è rallentata, e spesso i collegamenti ai link non funzionano.
Vi posto il file di log di Hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 12.11.34, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Belfiore\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.it/8SEITIT030000TBR/FRWCompleteTBSiteFinalMSGR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=explorer.exe "svchost.exe"
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - C:\PROGRA~1\COMMON~1\System\D_4362.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 10\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IDVisitor=13578&NumAccess=1] C:\Programmi\IDVisitor=13578&NumAccess=1\pgs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9BDCBE9-3647-4D2E-996D-9B27289EB7C8}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

[Sante62]

Ciao Faffy
Scarica la versione aggiornata di Hijackthis per gli usi successivi da quì
Avvialo e seleziona a sinistra queste righe:

[Faffy]

Dunque, ho eseguito il passagio "fix checked"da hijackthis (nuova versione).
Poi, ho eseguito le scansioni con GMER, e questi sono i risultati del primo passaggio:
http://www.freefilehosting.net/download/NDcyODc=
questo del secondo:

http://www.freefilehosting.net/download/NDcyODg=

[Faffy]

e questo è il nuovo file di log di hijackthis dopo aver eseguito le scansioni con GMER:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.57.14, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Belfiore\Impostazioni locali\Temporary Internet Files\Content.IE5\UOAD2AW4\HiJackThis_v2[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.it/8SEITIT030000TBR/FRWCompleteTBSiteFinalMSGR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=explorer.exe "svchost.exe"
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - C:\PROGRA~1\COMMON~1\System\D_4362.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 10\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IDVisitor=13578&NumAccess=1] C:\Programmi\IDVisitor=13578&NumAccess=1\pgs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9BDCBE9-3647-4D2E-996D-9B27289EB7C8}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 8123 bytes

[Sante62]

Pare non ci sia nulla nei log di GMER. Manca quello di Findawf e il link lo trovi qualche post più su. Posta anche un nuovo log di HJT dopo aver riavviato il PC.

[Faffy]

possibile che il log della scansione di AWf sia...questo?


Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

[bdoriano]

Scusa Sante, posso?

Ho qualche dubbio su queste 2 voci:

[Sante62]

[Faffy]

ok...ho effettuato la scansione con kaspersky on line, questo è il report:

KASPERSKY ONLINE SCANNER REPORT
Saturday, December 08, 2007 3:41:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/12/2007
Kaspersky Anti-Virus database records: 477270


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 75877
Number of viruses found 6
Number of infected objects 84
Number of suspicious objects 0
Duration of the scan process 01:06:26

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Belfiore\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Belfiore\Dati applicazioni\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped

C:\Documents and Settings\Belfiore\Documenti\fun &co\Cazzata by Grossi.zip/Fifa.exe Infected: not-virus:BadJoke.Win32.Zappa skipped

C:\Documents and Settings\Belfiore\Documenti\fun &co\Cazzata by Grossi.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Belfiore\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Belfiore\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Belfiore\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Belfiore\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Belfiore\Impostazioni locali\Temp\~DF262E.tmp Object is locked skipped

C:\Documents and Settings\Belfiore\Impostazioni locali\Temp\~DF2639.tmp Object is locked skipped

C:\Documents and Settings\Belfiore\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Belfiore\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Belfiore\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Belfiore\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\Alice ti aiuta\log\mpbtn.log Object is locked skipped

C:\Programmi\ESET\cache\CACHE.NDB Object is locked skipped

C:\Programmi\ESET\logs\virlog.dat Object is locked skipped

C:\Programmi\ESET\logs\warnlog.dat Object is locked skipped

C:\Programmi\Microsoft Office\Office12\Library\EUROTOOL.XLAM Object is locked skipped

C:\Programmi\Microsoft Office\Office12\Library\~$EUROTOOL.XLAM Object is locked skipped

C:\qoobox\Quarantine\C\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\autorun.exe.vir Infected: Trojan.Win32.Qhost.vi skipped

C:\qoobox\Quarantine\C\Documents and Settings\Belfiore\Dati applicazioni\install_it[1].exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.z skipped

C:\qoobox\Quarantine\C\Documents and Settings\Belfiore\Menu Avvio\Programmi\Esecuzione automatica\system.exe.vir Infected: Trojan.Win32.Qhost.vi skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\printer.exe.vir Infected: Trojan.Win32.Qhost.vi skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\vtr.dll.vir Infected: not-virus:Hoax.Win32.Renos.lq skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\WinAvXX.exe.vir Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007809.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007810.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007811.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007819.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007820.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007821.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007832.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007833.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007834.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007843.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007844.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007845.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007855.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007856.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007857.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007890.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007891.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007892.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007900.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007901.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007902.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007910.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007911.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007912.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007925.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007926.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007927.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007954.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007955.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP35\A0007956.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP36\A0007980.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP36\A0007981.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP36\A0007982.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP36\A0007993.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP36\A0007994.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP36\A0007995.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP36\A0008021.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP36\A0008022.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP36\A0008024.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008099.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008100.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008101.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008107.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008108.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008109.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008123.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008124.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008125.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008133.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008134.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP37\A0008135.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008145.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008146.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008147.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008155.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008156.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008157.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008187.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008188.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008189.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008207.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008208.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008209.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP38\A0008216.sys Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP39\A0008231.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP39\A0008232.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP40\A0008235.exe Infected: not-a-virus:Downloader.Win32.WinFixer.z skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP40\A0008236.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP40\A0008237.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP40\A0008238.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP40\A0008239.exe Infected: Trojan.Win32.Qhost.vi skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP40\A0008240.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP62\A0015537.sys Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP62\A0015538.dll Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP62\A0015550.dll Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\System Volume Information\_restore{4E00CB58-6028-4806-8D1B-66846A4BC7A5}\RP62\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wgie2wbp.exe Infected: not-virus:Hoax.Win32.Renos.qg skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[bdoriano]

Era più leggibile se procedevi come ti avevo indicato:

[Faffy]

ho eseguito tutto come mi avete detto, questo è il nuovo file di log di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11.05.09, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Belfiore\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.it/8SEITIT030000TBR/FRWCompleteTBSiteFinalMSGR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=explorer.exe "svchost.exe"
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - C:\PROGRA~1\COMMON~1\System\D_4362.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 10\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9BDCBE9-3647-4D2E-996D-9B27289EB7C8}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7920 bytes

[Sante62]

Apri il task manager e termina, se presente il processo Shell.exe.
Dobbiamo modificare questa chiave:

[Faffy]

non ci riesco...mi comprare un avviso che mi informa che l'editor del registro di sistema è stato disabilitato dall'amministratore
così come il task manager

[Sante62]

Apri il blocco note e inserisci queste righe:

[Faffy]

nulla...
ho creato i due files ma non riesco ad aprirli...l'avviso è sempre lo stesso: che l'editor è stato disabilitato
inoltre ho sempre più problemi: mi si aprono siti improbabili quando clikko su tutt'altri link e firewall si è disabilitato e non riesco più ad attivarlo

[Sante62]

L'antivirus funziona?
Mi sembra che sei infetto da Bagle.
Guarda questa discussione scarica e fai la scansione con Elibagla.
Posta quì il risultato, con un nuovo log di HJT e un nuovo log di HJT.

[Faffy]

si, l'antivirus funziona
questo è il log dop oaver fatto la scansione con Elibagla:
Mon Dec 10 18:04:27 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Dec 10 18:04:40 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3907
Nº Total de Ficheros: 66270
Nº de Ficheros Analizados: 5824
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Dec 10 18:08:33 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3907
Nº Total de Ficheros: 66266
Nº de Ficheros Analizados: 5824
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Dec 10 18:08:46 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 0
Nº Total de Ficheros: 0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Dec 10 18:08:50 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad A:\

Nº Total de Directorios: 0
Nº Total de Ficheros: 0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Dec 10 18:13:11 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Dec 10 18:13:25 2007
EliBagle v10.77 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3907
Nº Total de Ficheros: 66270
Nº de Ficheros Analizados: 5824
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

[Faffy]

e questo è il nuovo file di log di Hijackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.18.22, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\Belfiore\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.it/8SEITIT030000TBR/FRWCompleteTBSiteFinalMSGR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=explorer.exe "svchost.exe"
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - C:\PROGRA~1\COMMON~1\System\D_4362.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 10\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9BDCBE9-3647-4D2E-996D-9B27289EB7C8}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7976 bytes

[Sante62]

Scusa Faffy..hai eseguito le operazioni con avenger indicate precedentemente? Per favore puoi postare il log ? Lo trovi su C:\avenger.txt

[Sante62]

Allora Fuffy.....
ripetiamo la procedura e speriamo bene:
Avvia Hijackthis e selezione a sinistra quste righe: