www.MegaLab.it

[manero478]

SONO partito con problema.. il pc saltuariamente si spegne e mi dà schermata blu con il mess :
PAGE_FAULT_IN_NONPAGE AREA
E evidenziava il file WIN32K.SYS ...(verificare ecc ecc.)

Ho fatto una ricerca sulla RETE e si dice che imputabile a problemi con la memoria RAM
e si parlava di un file eseguibile di windows "VERIFIER.EXE" Che faceva un controllo dei componenti
Ho letto anche che aveva dato qualche prob.. ma visto che parte integrante del sistema operativo di XP
L'ho eseguito spuntando () CREA IMPOSTAZIONI STANDARD....
Mi chiedeva di ripartire.. l'ho fatto.... ma hogni volta mi dava SCHERMATA BLU ..ERRORE :
File PXRTS.sys... rovinato consultare ecc ecc

Provato piu volte sempre lo stesso ERRORE e XP non partiva piu'...
Sono ripartito in MODALITA' provvisoria... ho rilanciato VERIFIER.EXE e ho messo la spunta :
() ELIMINA IMPOSTAZIONI ESISTENTI...

Sono ripartito e il sistema E' RIPARTITO CORRETTAMENTE....
Così mi sono meeeo alla ricerca di info sul file "pxrts.sys"... ho trovato un po di tutto...
dal rimuovere a mana il file PXRTS.sys e tutti i suoi riferimenti (non l'ho fatto.. sono in attesa) ed eseguire PREVX..
ho esefuito PREVX .. ed ha trovato :

- il file che fa le join di file (plsc) script per messanger
- il file FileDiffer.dll di 10240 byte (non so' cosa sia)
- il file bpftpserver.exe (appunto server ftp che uso da molti anni)

qui ho trovato come prima cosa di eseguire GMER

Cosi ho eseguito GMER .. e vi allego il LOG... (non completo perche mi dava errore di eccesso lineeee..

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-05 14:46:34
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 Maxtor_6B200M0 rev.BANC1BM0
Running: gmer.exe; Driver: C:\DOCUME~1\Gilberto\IMPOST~1\Temp\fxtiipoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xAC9581CC]
SSDT BA00B46E ZwCreateKey
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xAC958206]
SSDT BA00B473 ZwDeleteKey
SSDT BA00B47D ZwDeleteValueKey
SSDT BA00B482 ZwLoadKey
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xAC95851A]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xAC9583F6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xAC958292]
SSDT BA00B48C ZwReplaceKey
SSDT BA00B487 ZwRestoreKey
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xAC95818E]
SSDT BA00B478 ZwSetValueKey
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xAC95864E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xAC958316]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xAC95834E]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB90C7000, 0x1BDE76, 0xE8000020]

---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[1808] ntdll.dll!NtWriteFile 7C91E9F3 5 Bytes JMP 00C17B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[1808] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 00C17090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[1808] USER32.dll!SetWindowTextW 77D1BADE 5 Bytes JMP 00C17800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtCreateFile 7C91D682 5 Bytes JMP 003C7940 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtCreateSection 7C91D793 5 Bytes JMP 003C7A60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtMapViewOfSection + 6 7C91DC5B 1 Byte [28]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtMapViewOfSection + 6 7C91DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtMapViewOfSection + B 7C91DC60 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes JMP 003C78D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F49C
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenSection 7C91DDBA 5 Bytes JMP 003C7B00 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F530
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F6BD
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtUnmapViewOfSection + 6 7C91E966 1 Byte [68]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtUnmapViewOfSection + 6 7C91E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtUnmapViewOfSection + B 7C91E96B 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtWriteFile 7C91E9F3 5 Bytes JMP 003C7B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 003C7090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] kernel32.dll!OutputDebugStringA 7C859B5C 5 Bytes JMP 003C7D60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!PostMessageW 77D18CA3 5 Bytes JMP 003C6ED0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003C6AA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!SetWindowTextW 77D1BADE 5 Bytes JMP 003C7800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!PostMessageA 77D1DB62 5 Bytes JMP 003C6E90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003C69D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!SendMessageTimeoutW 77D1E71C 1 Byte [E9]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 003C6D20 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 003C6DC0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!SendNotifyMessageW 77D1EB8C 1 Byte [E9]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!SendNotifyMessageW 77D1EB8C 5 Bytes JMP 003C6C90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!PostThreadMessageW 77D1FDEA 5 Bytes JMP 003C2740 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 003C6CD0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!PostThreadMessageA 77D3EBB0 5 Bytes JMP 003C2720 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!SendNotifyMessageA 77D53668 5 Bytes JMP 003C6C50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003C6D70 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] GDI32.dll!ExtTextOutW 77E47EC6 5 Bytes JMP 003C70E0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] ADVAPI32.dll!CredEnumerateW 77F87E49 7 Bytes JMP 003C6FB0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] CRYPT32.dll!CryptUnprotectData 77A740A1 7 Bytes JMP 003C6F30 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 003C2890 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] WS2_32.dll!WSASocketW 71A339CB 3 Bytes JMP 003C2950 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] WS2_32.dll!WSASocketW + 4 71A339CF 3 Bytes [8E, CC, CC]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] WS2_32.dll!connect 71A3406A 5 Bytes JMP 003C28D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 003C2910 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] WS2_32.dll!WSAConnect 71A40C69 5 Bytes JMP 003C2850 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] WININET.dll!HttpSendRequestA 771976B8 5 Bytes JMP 003C2760 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] WININET.dll!HttpSendRequestExW 771A53EB 5 Bytes JMP 003C27F0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] WININET.dll!InternetWriteFile 771C7953 5 Bytes JMP 003C2790 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] WININET.dll!HttpSendRequestW 771E1808 5 Bytes JMP 003C27C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2952] WININET.dll!HttpSendRequestExA 771E190D 5 Bytes JMP 003C2820 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 7C91DC5B 1 Byte [28]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 7C91DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + B 7C91DC60 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F49C
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F530
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F6BD
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 7C91E966 1 Byte [68]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 7C91E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + B 7C91E96B 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtMapViewOfSection + 6 7C91DC5B 1 Byte [28]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtMapViewOfSection + 6 7C91DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtMapViewOfSection + B 7C91DC60 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F49C
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F530
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F6BD
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtUnmapViewOfSection + 6 7C91E966 1 Byte [68]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtUnmapViewOfSection + 6 7C91E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3256] ntdll.dll!NtUnmapViewOfSection + B 7C91E96B 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtCreateFile 7C91D682 5 Bytes JMP 003C7940 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtCreateFile + 6 7C91D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtCreateFile + B 7C91D68D 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtCreateSection 7C91D793 5 Bytes JMP 003C7A60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtMapViewOfSection + 6 7C91DC5B 1 Byte [28]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtMapViewOfSection + 6 7C91DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtMapViewOfSection + B 7C91DC60 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes JMP 003C78D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenFile + 6 7C91DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenFile + B 7C91DD08 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcess + 6 7C91DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcess + B 7C91DD86 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessToken + 6 7C91DD96 4 Bytes CALL 7B91F49C
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessToken + B 7C91DD9B 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessTokenEx + 6 7C91DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessTokenEx + B 7C91DDB0 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenSection 7C91DDBA 5 Bytes JMP 003C7B00 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThread + 6 7C91DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThread + B 7C91DE04 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadToken + 6 7C91DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadToken + B 7C91DE19 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadTokenEx + 6 7C91DE29 4 Bytes CALL 7B91F530
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadTokenEx + B 7C91DE2E 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryAttributesFile + 6 7C91DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryAttributesFile + B 7C91DEEB 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryFullAttributesFile + 6 7C91DFB8 4 Bytes CALL 7B91F6BD
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryFullAttributesFile + B 7C91DFBD 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationFile + 6 7C91E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationFile + B 7C91E5E4 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationThread + 6 7C91E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationThread + B 7C91E64D 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtUnmapViewOfSection + 6 7C91E966 1 Byte [68]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtUnmapViewOfSection + 6 7C91E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtUnmapViewOfSection + B 7C91E96B 1 Byte [E2]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtWriteFile 7C91E9F3 5 Bytes JMP 003C7B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 003C7090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] kernel32.dll!OutputDebugStringA 7C859B5C 5 Bytes JMP 003C7D60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!PostMessageW 77D18CA3 5 Bytes JMP 003C6ED0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003C6AA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SetWindowTextW 77D1BADE 5 Bytes JMP 003C7800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!PostMessageA 77D1DB62 5 Bytes JMP 003C6E90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003C69D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SendMessageTimeoutW 77D1E71C 1 Byte [E9]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 003C6D20 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 003C6DC0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SendNotifyMessageW 77D1EB8C 1 Byte [E9]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SendNotifyMessageW 77D1EB8C 5 Bytes JMP 003C6C90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!PostThreadMessageW 77D1FDEA 5 Bytes JMP 003C2740 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 003C6CD0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!PostThreadMessageA 77D3EBB0 5 Bytes JMP 003C2720 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SendNotifyMessageA 77D53668 5 Bytes JMP 003C6C50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003C6D70 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] GDI32.dll!ExtTextOutW 77E47EC6 5 Bytes JMP 003C70E0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!CredEnumerateW 77F87E49 7 Bytes JMP 003C6FB0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] CRYPT32.dll!CryptUnprotectData 77A740A1 7 Bytes JMP 003C6F30 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 003C2890 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] WS2_32.dll!WSASocketW 71A339CB 3 Bytes JMP 003C2950 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] WS2_32.dll!WSASocketW + 4 71A339CF 3 Bytes [8E, CC, CC]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] WS2_32.dll!connect 71A3406A 5 Bytes JMP 003C28D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 003C2910 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] WS2_32.dll!WSAConnect 71A40C69 5 Bytes JMP 003C2850 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] WININET.dll!HttpSendRequestA 771976B8 5 Bytes JMP 003C2760 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] WININET.dll!HttpSendRequestExW 771A53EB 5 Bytes JMP 003C27F0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] WININET.dll!InternetWriteFile 771C7953 5 Bytes JMP 003C2790 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] WININET.dll!HttpSendRequestW 771E1808 5 Bytes JMP 003C27C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3292] WININET.dll!HttpSendRequestExA 771E190D 5 Bytes JMP 003C2820 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtCreateFile 7C91D682 5 Bytes JMP 00357940 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtCreateSection 7C91D793 5 Bytes JMP 00357A60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes JMP 003578D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenSection 7C91DDBA 5 Bytes JMP 00357B00 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtWriteFile 7C91E9F3 5 Bytes JMP 00357B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 00357090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] kernel32.dll!OutputDebugStringA 7C859B5C 5 Bytes JMP 00357D60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!PostMessageW 77D18CA3 5 Bytes JMP 00356ED0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 00356AA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!SetWindowTextW 77D1BADE 5 Bytes JMP 00357800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!PostMessageA 77D1DB62 5 Bytes JMP 00356E90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003569D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!SendMessageTimeoutW 77D1E71C 1 Byte [E9]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00356D20 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00356DC0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!SendNotifyMessageW 77D1EB8C 1 Byte [E9]
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!SendNotifyMessageW 77D1EB8C 5 Bytes JMP 00356C90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!PostThreadMessageW 77D1FDEA 5 Bytes JMP 00352740 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00356CD0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!PostThreadMessageA 77D3EBB0 5 Bytes JMP 00352720 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!SendNotifyMessageA 77D53668 5 Bytes JMP 00356C50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 00356D70 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] GDI32.dll!ExtTextOutW 77E47EC6 5 Bytes JMP 003570E0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] ADVAPI32.dll!CredEnumerateW 77F87E49 7 Bytes JMP 00356FB0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] CRYPT32.dll!CryptUnprotectData 77A740A1 7 Bytes JMP 00356F30 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 00352890 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] WS2_32.dll!WSASocketW 71A339CB 7 Bytes JMP 00352950 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] WS2_32.dll!connect 71A3406A 5 Bytes JMP 003528D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 00352910 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] WS2_32.dll!WSAConnect 71A40C69 5 Bytes JMP 00352850 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] WININET.dll!HttpSendRequestA 771976B8 5 Bytes JMP 00352760 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] WININET.dll!HttpSendRequestExW 771A53EB 5 Bytes JMP 003527F0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] WININET.dll!InternetWriteFile 771C7953 5 Bytes JMP 00352790 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] WININET.dll!HttpSendRequestW 771E1808 5 Bytes JMP 003527C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe[3772] WININET.dll!HttpSendRequestExA 771E190D 5 Bytes JMP 00352820 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3780] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 0056DBBD C:\Programmi\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

resto in attesa di vostre istruzioni...
ciao

[FDAC]

Ciao Manero.
PXRTS.SYS potrebbe essere un Banking Info Stealer, ovvero ruba le Password bancarie.

Da quanto poco ho capito, riesci ad avviare il PC in modalità provvisoria, quindi segui queste operazioni:
Scarica Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Nota: prima di eseguire il download, rinomina il file in pippo.exe

posiziona pippo.exe sul Desktop ed esegui queste operazioni preliminari:
● disconnettiti da Internet
● sconnetti, fisicamente, il modem/router dal Computer

è assolutamente necessario, se attivo:
● disattivare l'Antivirus in uso, dall'icona presente sulla traybar (accanto all'orologio di Windows)
● disattivare il Firewall eventualmente installato, dall'icona presente sulla traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un account con privilegi di Amministratore e segui le istruzioni che verranno rilasciate per eseguire la scansione
● verrà richiesta la installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi la scansione e la fase di creazione del log

Note - durante la scansione:
● verranno creati alcuni file sul Desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall, se attivo, potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer, qualora già non ci fosse

Quando Combofix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)
● ricollega, fisicamente, il modem/router al Computer
● connettiti a Internet
● vai in Disco Locale C:, cerca il log dal nome combofix.txt ed allegalo col tag MEMO

[manero478]

fatto ed ecco il log :

ComboFix 10-12-04.02 - Gilberto 05/12/2010 16.59.06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.3199.2658 [GMT 1:00]
Eseguito da: c:\documents and settings\Gilberto\Desktop\pippo.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {0013F2B4-5AF1-7C92-0300-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012F2B4-5AF1-7C92-0300-000000000000}
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gilberto\Dati applicazioni\OfferBox
c:\documents and settings\Gilberto\Dati applicazioni\OfferBox\config.xml
C:\InfoSat.txt
c:\windows\daemon.dll
c:\windows\ST6UNST.000
c:\windows\system32\_000121_.tmp.dll
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\klog.dat
G:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc


((((((((((((((((((((((((( Files Creati Da 2010-11-05 al 2010-12-05 )))))))))))))))))))))))))))))))))))
.

2019-10-15 10:41 . 2019-10-15 10:40 298104 ----a-w- c:\windows\system32\imon.dll
2019-10-15 10:41 . 2019-10-15 10:40 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2019-10-15 10:41 . 2019-10-15 10:40 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-12-05 10:37 . 2010-12-05 10:37 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-12-05 10:37 . 2010-12-05 10:37 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-12-05 10:37 . 2010-12-05 10:37 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-12-05 10:37 . 2010-12-05 10:37 -------- d-----w- c:\programmi\Prevx
2010-12-04 13:58 . 2010-12-04 13:58 1409 ----a-w- c:\windows\QTFont.for
2010-12-01 19:39 . 2010-12-01 21:41 290816 ------w- c:\windows\Setup1.exe
2010-12-01 19:32 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-12-01 19:32 . 2010-12-01 19:41 -------- d-----w- c:\programmi\PDFCreator
2010-12-01 19:32 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-12-01 19:18 . 1999-08-25 13:57 415504 ----a-w- c:\windows\system32\MsRepl35.dll
2010-12-01 19:18 . 1998-10-02 20:55 252176 ----a-w- c:\windows\system32\MSRD2x35.dll
2010-12-01 19:18 . 1998-05-30 23:00 72704 ----a-w- c:\windows\system32\ODBCTL32.dll
2010-12-01 19:18 . 2010-12-01 19:19 -------- d-----w- c:\programmi\Bingo - Tombola
2010-12-01 19:18 . 2000-02-24 16:07 570128 ----a-w- c:\programmi\File comuni\Microsoft Shared\DAO\DAO350.DLL
2010-12-01 19:18 . 1999-09-28 20:42 1050896 ----a-w- c:\windows\system32\MSJet35.dll
2010-12-01 19:18 . 1999-06-10 08:34 24848 ----a-w- c:\windows\system32\MSJtEr35.dll
2010-12-01 19:18 . 1999-06-10 08:34 123664 ----a-w- c:\windows\system32\MSJInt35.dll
2010-12-01 19:18 . 1998-08-04 23:00 34304 ----a-w- c:\windows\system32\MCIIT.dll
2010-12-01 19:18 . 1999-05-05 21:22 98304 ----a-w- c:\windows\system32\VB5IT.dll
2010-11-29 15:44 . 2010-12-02 00:49 -------- d-----w- c:\documents and settings\Gilberto\Dati applicazioni\vlc
2010-11-29 15:22 . 2010-11-29 15:22 -------- d-----w- c:\programmi\FreeTime
2010-11-21 22:23 . 2010-11-21 22:23 -------- d-----w- c:\programmi\File comuni\Skype
2010-11-19 11:17 . 2010-11-19 11:17 -------- d-----w- c:\documents and settings\Gilberto\Dati applicazioni\Avira
2010-11-16 00:12 . 2010-11-16 00:12 -------- d--h--w- c:\documents and settings\Gilberto\Impostazioni locali\Dati applicazioni\AlterGeo
2010-11-16 00:12 . 2010-11-16 00:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Badoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 10:37 . 2009-12-29 10:38 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-12-01 21:40 . 2007-02-09 10:39 73216 ------w- c:\windows\ST6UNST.EXE
2010-10-31 15:29 . 2009-06-12 15:56 2776 --sha-w- c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2010-09-15 02:50 . 2010-09-27 22:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2008-06-22 08:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\programmi\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-22 10:05 2353176 ----a-w- c:\programmi\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\programmi\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\programmi\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2010-04-09 353736]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"Google Update"="c:\documents and settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-02-05 135664]
"DriverMax_RESTART"="c:\programmi\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"Cmaudio"="cmicnfg.cpl" [BU]
"MaxMenuMgr"="c:\programmi\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"BootRacer"="c:\programmi\BootRacer\Bootrace.exe" [2009-01-14 1548392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-09-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-12 07:35 352256 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Badoo Desktop]
2010-10-29 12:55 983552 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 09:56 286720 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PMCS"="c:\programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
"PMCRemote"=c:\programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Corel File Shell Monitor"=c:\programmi\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Mirc Horror\\mirc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Documents and Settings\\Gilberto\\Desktop\\utorrent.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\DAP\\DAP.exe"=
"c:\\Mirc invision Darksin ita\\mirc.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\emule\\eMule.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImLc.exe"=
"g:\\Cell_iphone\\iPhone Tunnel Suite 3.0\\iTunnel\\iTunnel.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Java\\jre1.5.0_14\\bin\\javaw.exe"=
"c:\\Programmi\\ooVoo\\ooVoo.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"7776:TCP"= 7776:TCP:BitComet 7776 TCP
"7776:UDP"= 7776:UDP:BitComet 7776 UDP
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"1755:TCP"= 1755:TCP:emule tcp
"1765:UDP"= 1765:UDP:emule udp
"443:TCP"= 443:TCP:*:Disabled:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 d343bus;d343bus;c:\windows\system32\drivers\d343bus.sys [10/06/2008 11.25.10 136704]
R0 d343port;d343port;c:\windows\system32\drivers\d343port.sys [10/06/2008 11.25.10 5632]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [05/12/2010 11.37.05 32008]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [15/10/2019 11.41.05 15424]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 11.53.48 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 10.39.26 55024]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [05/12/2010 11.37.04 6416120]
R2 FreeAgentGoNext Service;Seagate Service;c:\programmi\Seagate\SeagateManager\Sync\FreeAgentService.exe [01/05/2009 13.35.54 181544]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [29/12/2009 11.38.34 76696]
R2 RioPNP;RioPNP;c:\windows\system32\drivers\RioPnP.sys [25/01/2007 11.40.10 6736]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 10.38.18 92008]
R2 Vqtfk;Vqtfk;c:\windows\system32\Vqtfk.sys [25/01/2007 11.39.37 19936]
R3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [27/12/2006 11.17.20 827008]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [25/02/2010 13.51.55 1287296]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [05/12/2010 11.37.04 26096]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/03/2007 14.39.01 716272]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [21/06/2010 22.22.59 136176]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [04/06/2004 12.21.12 70888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe" c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 15.51.08 4096]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [09/01/2010 22.40.57 16640]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [09/01/2010 22.41.30 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [09/01/2010 22.41.48 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [09/01/2010 22.42.04 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [09/01/2010 22.42.22 25704]
S4 BootRacerServ;BootRacerServ;c:\programmi\BootRacer\BootRacerServ.exe [14/01/2009 14.30.50 57088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-21 11:31]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-21 11:31]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-329068152-725345543-1003Core.job
- c:\documents and settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-05 14:21]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-329068152-725345543-1003UA.job
- c:\documents and settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-05 14:21]

2009-12-25 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-12-17 15:47]

2007-02-21 c:\windows\Tasks\PMCS_Wakeup633076516117350000.job
- c:\programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe [2006-12-27 08:41]

2010-12-05 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
IE: {{4B21E152-BA59-4ebf-B522-8C55B265EE1A} - c:\programmi\PartyItalia\PartyPokerIt\RunApp.exe
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\programmi\DAP\DAPIE.DLL
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\programmi\DAP\DAPIE.DLL
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} - hxxps://servizi.inps.it/servizi/ParlaCo ... IPhona.cab
FF - ProfilePath - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.it/
FF - component: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPPGWrap.dll
FF - Extension: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\en-US@dictionaries.addons.mozilla.org
FF - Extension: Dizionario italiano: it-IT@dictionaries.addons.mozilla.org - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\it-IT@dictionaries.addons.mozilla.org
FF - Extension: MetaProducts Integration: {D249FD00-4DF9-11D9-9FDC-0080481ADA61} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}
FF - Extension: Clippings: {91aa5abe-9de4-4347-b7b5-322c38dd9271} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
FF - Extension: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Extension: ImageTweak: {DB2EA31C-58F5-48b7-8D60-CB0739257904} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
FF - Extension: Cooliris: piclens@cooliris.com - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com
FF - Extension: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Personas: personas@christopher.beard - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\personas@christopher.beard
FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Extension: my-spambox: info@omtv.se - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\info@omtv.se
FF - Extension: TrashMail.net: spam@trashmail.net - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\spam@trashmail.net
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\youtube2mp3@mondayx.de
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 17:14
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1960408961-329068152-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1960408961-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F934923E-FB1D-D557-2C11-F9A8C5E537BB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oamnofbeablnbnhfeoimeccbfngfof"=hex:63,61,6d,70,6b,70,00,7c
"oaipngklgfkookdidopilepcocaeoa"=hex:6a,61,6d,70,65,61,68,68,6c,70,6b,68,70,6b,
65,63,67,69,61,64,00,fd
"nakoicbeboehhhjiikhdlaglnkeg"=hex:6a,61,6d,70,65,61,68,68,6c,70,6b,68,70,6b,
65,63,67,69,61,64,00,fd
"iamnofbeablnbnhfeo"=hex:63,61,70,70,68,61,00,07
"iaipngklgfkookdido"=hex:6a,61,6d,70,65,61,68,68,6c,70,6b,68,70,6b,65,63,67,69,
61,64,00,c0
"hakoicbeboehhhji"=hex:6a,61,6d,70,65,61,68,68,6c,70,6b,68,70,6b,65,63,67,69,
61,64,00,c0

[HKEY_USERS\S-1-5-21-1960408961-329068152-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1960408961-329068152-725345543-1003)
@Allowed: (Read) (S-1-5-21-1960408961-329068152-725345543-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="D6375E760DDDD7E72729032EC3CED2EB2C0A04E8ED6F6BA0567C20E184713F0B77C6CFF2A75A0AA1A9AE865769AF1390727FC17A5CB95F8FC591EBD0FEDB41C84FE00A506BF2AA50903DBF645BC4DAA749011B83FE0B51573CDAB94B22FB1C1732AEB72E9DF5EBFCDBF5ED349CA9004C00C485C5B6E3DA46F24C5690C95C4E13E4F819EDB616D138811D676865D8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808BA7FD869164D67948EDD5E5BE2F6E6676DFC78D5134C3D8C8E8A5BEA83C1115DFEA572DBBCD4F2DF9C03B770D479E8D699A8C655C83B45F656DEFC417EBAA3E20ABCE43596C045A2BDB874410A542EBD0ED195E41AF120DD4CC687F5954559FCDFDC089B65792D2881B3D0D76D95675844AEE3A7BDEC7FCA6FE728A3931D2000A1BCD544A99C76B04F5D34A4D5D95CE98878A3640068C92F906D7D8BD93F9A24C7183B87790AA05BE4A2F7B7AE820A20FAED3E063F67185BD5079B0FDC709F869C2F97E27D645EAF5073EAC77535A108124F0C1BEEAFB80939E40B3924B6B9273F45C2F6F2159895F6C4CFAE3C5B86929463DD57964CAB52873FC8344CDEA76B21A18409AA48E85B0F0FD9E929A05118A0727692D10A27386450435084F5DA990B1099820CEDA130254FB51C77F6CED2A6CB8BC4CEFC149B43D7DF0292D07BDF16E0336E0E3BC3AC1886800A749480606BC04A8E51F891C5EF17F5DFCE86E24DB166F5FEBFA508481D38CB9E82EF99C3862650B3B01AEFE207D5D026A4719FD721F9FB0A416C59613B6D9EE717C983E26656B019D8BD3401FADC31B515307556FA765106C68D58B9CD33F1963FA05A88CB2E73CBC8859892907D4B1233A75986A83BF6129C4DD674851A350116B96E63CA9092F993588B71E388476228FD7688E92B63ED9E36DE9C66B648A2CF9FC305CCE1FC74DFE0AE57DF554072301EABDE53B07CFEBC11A89F46228317B21F94E30D8C1735690CD464C73EC7349B380BF44834A34D7DF0A64F5378302298484CDB9E7E36D5000C0A9B30A1603A4F3FDA95062826077A27FA5F8B5A0BA76F710B296428261586D70BE20562823BC1E816711B7E4BFB604FFC6BC3EB47B3B93327701801A5D574A94A8902681B1581316B9CE8AECA227042396EA3D60B738DEA27B5C680E81F547EEBBB3B9C08C62DD73D8F2735539100A16E4CA548703895B8C765CF26959BC51A498D946DA07479DFA2A6E012048779D110499BEE057810837B4CE972C79AFC01F0F6C74FA965AE8F65247448726557FAC58D28814ACDCFF3E49E9B6B8C0F407EA4D2E2386106A8F28329155EA7AE2E88EBA8C2B637F539765CF1C39A6A906B21D861C8227666D9D930BF48E2A10DA1AB910B38CCB553493C7040128E"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0002]
@DACL=(02 0000)
"Controller"=hex:01
"InfPath"="usbport.inf"
"InfSection"="UHCI.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.2180"
"MatchingDeviceId"="pci\\ven_8086&dev_265a"
"DriverDesc"="Intel(R) 82801FB/FBM USB Universal Host Controller - 265A"
"EnIdleEndpointSupport"=dword:00000000
"EnumPropPages32"="usbui.dll,USBControllerPropPageProvider"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0003]
@DACL=(02 0000)
"Controller"=hex:01
"InfPath"="usbport.inf"
"InfSection"="UHCI.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.2180"
"MatchingDeviceId"="pci\\ven_8086&dev_265b"
"DriverDesc"="Intel(R) 82801FB/FBM USB Universal Host Controller - 265B"
"EnIdleEndpointSupport"=dword:00000000
"EnumPropPages32"="usbui.dll,USBControllerPropPageProvider"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0004]
@DACL=(02 0000)
"InfPath"="usbport.inf"
"InfSection"="ROOTHUB.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.2180"
"MatchingDeviceId"="usb\\root_hub"
"DriverDesc"="Hub principale USB"
"EnumPropPages32"="usbui.dll,USBHubPropPageProvider"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0005]
@DACL=(02 0000)
"InfPath"="usbport.inf"
"InfSection"="ROOTHUB.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.2180"
"MatchingDeviceId"="usb\\root_hub"
"DriverDesc"="Hub principale USB"
"EnumPropPages32"="usbui.dll,USBHubPropPageProvider"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0006]
@DACL=(02 0000)
"InfPath"="usbport.inf"
"InfSection"="ROOTHUB.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.2180"
"MatchingDeviceId"="usb\\root_hub"
"DriverDesc"="Hub principale USB"
"EnumPropPages32"="usbui.dll,USBHubPropPageProvider"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0007]
@DACL=(02 0000)
"InfPath"="usbport.inf"
"InfSection"="ROOTHUB.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.2180"
"MatchingDeviceId"="usb\\root_hub"
"DriverDesc"="Hub principale USB"
"EnumPropPages32"="usbui.dll,USBHubPropPageProvider"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0008]
@DACL=(02 0000)
"InfPath"="usb.inf"
"InfSection"="Composite.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\composite"
"DriverDesc"="Periferica USB composita"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0009]
@DACL=(02 0000)
"DriverFlags"=dword:00000001
"InfPath"="usbstor.inf"
"InfSection"="USBSTOR_BULK"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\class_08&subclass_06&prot_50"
"DriverDesc"="Periferica di archiviazione di massa USB"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0010]
@DACL=(02 0000)
"InfPath"="usb.inf"
"InfSection"="Composite.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\composite"
"DriverDesc"="Periferica USB composita"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0013]
@DACL=(02 0000)
"DriverFlags"=dword:00000001
"InfPath"="usbstor.inf"
"InfSection"="USBSTOR_BULK"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\class_08&subclass_06&prot_50"
"DriverDesc"="Periferica di archiviazione di massa USB"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0014]
@DACL=(02 0000)
"DriverFlags"=dword:00000001
"InfPath"="usbstor.inf"
"InfSection"="USBSTOR_BULK"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\class_08&subclass_05&prot_50"
"DriverDesc"="Periferica di archiviazione di massa USB"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0015]
@DACL=(02 0000)
"DriverFlags"=dword:00000001
"InfPath"="usbstor.inf"
"InfSection"="USBSTOR_BULK"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\class_08&subclass_06&prot_50"
"DriverDesc"="Periferica di archiviazione di massa USB"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0016]
@DACL=(02 0000)
"Controller"=hex:01
"InfPath"="usbport.inf"
"InfSection"="EHCI.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,c0,c4,45,ff,08,c2,01
"DriverDate"="6-1-2002"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="pci\\ven_8086&dev_265c"
"DriverDesc"="Intel(R) 82801FB/FBM USB2 Enhanced Host Controller - 265C"
"EnIdleEndpointSupport"=dword:00000000
"CoInstallers32"=multi:"hccoin.dll,HCCOIN_Entry\00\00"
"EnumPropPages32"="usbui.dll,USBControllerPropPageProvider"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0017]
@DACL=(02 0000)
"InfPath"="usbport.inf"
"InfSection"="ROOTHUB.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.2180"
"MatchingDeviceId"="usb\\root_hub20"
"DriverDesc"="Hub principale USB"
"EnumPropPages32"="usbui.dll,USBHubPropPageProvider"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0018]
@DACL=(02 0000)
"InfPath"="usb.inf"
"InfSection"="Composite.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\composite"
"DriverDesc"="Periferica USB composita"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0019]
@DACL=(02 0000)
"EnumPropPages32"="usbui.dll,USBHubPropPageProvider"
"InfPath"="usb.inf"
"InfSection"="StandardHub.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\class_09"
"DriverDesc"="Hub USB generico"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0020]
@DACL=(02 0000)
"DriverFlags"=dword:00000001
"InfPath"="usbstor.inf"
"InfSection"="USBSTOR_BULK"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\class_08&subclass_05&prot_50"
"DriverDesc"="Periferica di archiviazione di massa USB"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0021]
@DACL=(02 0000)
"DriverFlags"=dword:00000001
"InfPath"="usbstor.inf"
"InfSection"="USBSTOR_BULK"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\class_08&subclass_06&prot_50"
"DriverDesc"="Periferica di archiviazione di massa USB"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0022]
@DACL=(02 0000)
"DriverFlags"=dword:00000001
"InfPath"="usbstor.inf"
"InfSection"="USBSTOR_BULK"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\class_08&subclass_06&prot_50"
"DriverDesc"="Periferica di archiviazione di massa USB"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0023]
@DACL=(02 0000)
"DriverFlags"=dword:00000001
"InfPath"="usbstor.inf"
"InfSection"="USBSTOR_BULK"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\class_08&subclass_06&prot_50"
"DriverDesc"="Periferica di archiviazione di massa USB"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0024]
@DACL=(02 0000)
"InfPath"="usb.inf"
"InfSection"="Composite.Dev"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.0"
"MatchingDeviceId"="usb\\composite"
"DriverDesc"="Periferica USB composita"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6404)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\RunDll32.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Protexis\License Service\PsiService_2.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\programmi\IncrediMail\bin\IMApp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-12-05 17:15:21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-12-05 16:15
ComboFix2.txt 2009-11-13 15:19

Pre-Run: 142.788.743.168 byte disponibili
Post-Run: 142.962.274.304 byte disponibili

Current=12 Default=12 Failed=0 LastKnownGood=17 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
- - End Of File - - 8A1D91AABC9708F0780A2224ADE8F93C

ciao

[FDAC]

Cosa te ne fai di due Antivirus? Vanno in conflitto fra di loro e rallentano il PC, causando crash di sistema e malfunzionamenti.
Disinstalla NOD32.

Poi:

● Scarica ed installa Panda Research USB Vaccine: http://research.pandasecurity.com/panda ... un-vaccine
● In fase di installazione, metti la spunta a queste due voci:
Automatically vaccinate any new inserted USB Key
Enable NTFS file system support (read help file before enabling)
● Inserisci tutte le periferiche esterne che possiedi ed mmunizzale con PandaUSBVaccine

Questa procedura usata serve a disattivare l'autorun delle periferiche esterne quindi ad evitare che queste si avviino automaticamente. Una volta vaccinate, le periferiche, le dovrai sempre lanciare da Risorse del computer.

Poi:

Scarica ed installa Malwarebytes' Anti-Malware Free Version: http://www.malwarebytes.org
● alla richiesta di aggiornamento delle definizioni consenti l'aggiornamento
● clicca sul tasto scansiona ed esegui una scansione completa
● se vengono rilevate infezioni, eliminale
● al termine della scansione verrà rilasciato un log: salvalo sul Desktop perché lo dovrai allegare col tag MEMO

Poi:

Start - Esegui e digita: notepad.exe
● clicca Ok
● copia le righe qui sotto, senza saltarne nessuna:

File::
c:\windows\Setup1.exe
c:\windows\ST6UNST.EXE

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0002]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0003]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0004]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0005]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0006]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0007]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0008]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0009]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0010]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0013]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0014]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0015]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0016]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0017]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0018]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0019]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0020]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0021]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0022]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0023]
[HKEY_LOCAL_MACHINE\System\ControlSet012\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0024]

RegNull::
[HKEY_USERS\S-1-5-21-1960408961-329068152-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-1960408961-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F934923E-FB1D-D557-2C11-F9A8C5E537BB}*]
[HKEY_USERS\S-1-5-21-1960408961-329068152-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

● le incolli all'interno dell'editor di testo Notepad
● clicca in alto su File
● nel menù che vedi scegli Salva con nome
● controlla che in alto, dove c'è scritto Salva in, sia selezionato Desktop
● in Nome file se trovi selezionato .txt lo cancelli, e scrivi CFScript.txt
● clicca Salva
● adesso, sul Desktop, trovi il file di testo
● con il tasto sinistro del mouse, lo trascini sopra l'icona di Combofix, lo rilasci, e parte la scansione di Combofix
● non toccare più ne' mouse ne' tastiera, finche' non è finita
● se il sistema non si riavvia da solo, riavvialo tu
● a questo punta allega il log di Combofix col tag MEMO

Poi:

Carica questo file su VirusTotal e posta qui l'esito:
c:\windows\system32\drivers\pxrts.sys
P.S. Se non riesci a trovarlo devi:
Abilita la Visualizzazione delle cartelle e dei files nascosti, seguendo questa semplice procedura.
Procedura per Windows XP:
● clicca su Start - Pannello di controllo - Opzioni cartella
● clicca sulla scheda Visualizzazione
● in Impostazioni Avanzate cerca la casella Visualizza cartelle e file nascosti e spunta la voce


Buon lavoro.
Saluti. :)

[manero478]

scusami ma e' normale che Malwarebytes' Anti-Malware ci metta tutto sto tempo...
l'ho lanciato subito dopo aver letto sono gia' 3 e sta ancora su c:\
e' normale che si ferma e va' in "non risponde".. ?

comunque lo lscero girare tutta la notte.. vediamo se riesce... comunque a tutt'ora (55000 file) non ha trovato nulla di anomalo

posso fare le cose successive o devo farle cosi come me le hai postate...??

ciao e grazie per ora...

[Uomo_Senza_Sonno]

Ciao manero, quanto tempo!!
Carica il file pxrts.sys su virustotal nel frattempo e scrivici il link del risultato

[manero478]

ciao...ben trovato...
sai quando si viene qui di solito sono problemi.. hahaha
comunque ecco il link :
http://www.virustotal.com/file-scan/rep ... 1291590431

ciao e buona notte

[hashcat]

ciao...ben trovato...
sai quando si viene qui di solito sono problemi.. hahaha
comunque ecco il link :
http://www.virustotal.com/file-scan/rep ... 1291590431

ciao e buona notte

Ok, il file è sicuro (0/43), inoltre possiede una firma digitale.

[FDAC]

Mi pareva di averlo detto anche io quello che avete consigliato, di caricare il file su VirusTotal.
Manero, segui la procedura postata, se non riesci con MBAM prosegui.

[hashcat]

vi allego il LOG... (non completo perche mi dava errore di eccesso lineeee..
resto in attesa di vostre istruzioni...
ciao

Intanto oltre a quello che ti è già stato consigliato carica il log completo qui:
http://paste2.org/new-paste

[manero478]

allora .. buon giorno...
il prog MBAM non sono riustito... si ferma sempre

comunque ho allegato il log GMER qui :
http://paste2.org/p/1127732

e qui il nuovo Combofix.txt

ComboFix 10-12-04.02 - Gilberto 06/12/2010 14.40.50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.3199.2413 [GMT 1:00]
Eseguito da: c:\documents and settings\Gilberto\Desktop\pippo.exe
Opzioni usate :: c:\documents and settings\Gilberto\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {0012F2B4-5AF1-7C92-0300-000000000000}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {0013F2B4-5AF1-7C92-0300-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\Setup1.exe"
"c:\windows\ST6UNST.EXE"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Setup1.exe
c:\windows\ST6UNST.EXE
c:\windows\system32\KGyGaAvL.sys

.
((((((((((((((((((((((((( Files Creati Da 2010-11-06 al 2010-12-06 )))))))))))))))))))))))))))))))))))
.

2019-10-15 10:41 . 2019-10-15 10:40 298104 ----a-w- c:\windows\system32\imon.dll
2019-10-15 10:41 . 2019-10-15 10:40 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-12-05 18:11 . 2010-12-05 18:11 -------- d-----w- c:\documents and settings\Gilberto\Dati applicazioni\Malwarebytes
2010-12-05 18:11 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:11 . 2010-12-05 18:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-12-05 18:11 . 2010-12-05 18:11 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-12-05 18:11 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 18:04 . 2010-12-05 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Panda Security
2010-12-05 18:04 . 2010-12-05 18:04 -------- d-----w- c:\programmi\Panda USB Vaccine
2010-12-05 15:55 . 2010-12-05 16:15 -------- d-----w- C:\pippo
2010-12-05 10:37 . 2010-12-05 10:37 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-12-05 10:37 . 2010-12-05 10:37 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-12-05 10:37 . 2010-12-05 10:37 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-12-05 10:37 . 2010-12-05 10:37 -------- d-----w- c:\programmi\Prevx
2010-12-04 13:58 . 2010-12-04 13:58 1409 ----a-w- c:\windows\QTFont.for
2010-12-01 19:32 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-12-01 19:32 . 2010-12-01 19:41 -------- d-----w- c:\programmi\PDFCreator
2010-12-01 19:32 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-12-01 19:18 . 1999-08-25 13:57 415504 ----a-w- c:\windows\system32\MsRepl35.dll
2010-12-01 19:18 . 1998-10-02 20:55 252176 ----a-w- c:\windows\system32\MSRD2x35.dll
2010-12-01 19:18 . 1998-05-30 23:00 72704 ----a-w- c:\windows\system32\ODBCTL32.dll
2010-12-01 19:18 . 2010-12-01 19:19 -------- d-----w- c:\programmi\Bingo - Tombola
2010-12-01 19:18 . 2000-02-24 16:07 570128 ----a-w- c:\programmi\File comuni\Microsoft Shared\DAO\DAO350.DLL
2010-12-01 19:18 . 1999-09-28 20:42 1050896 ----a-w- c:\windows\system32\MSJet35.dll
2010-12-01 19:18 . 1999-06-10 08:34 24848 ----a-w- c:\windows\system32\MSJtEr35.dll
2010-12-01 19:18 . 1999-06-10 08:34 123664 ----a-w- c:\windows\system32\MSJInt35.dll
2010-12-01 19:18 . 1998-08-04 23:00 34304 ----a-w- c:\windows\system32\MCIIT.dll
2010-12-01 19:18 . 1999-05-05 21:22 98304 ----a-w- c:\windows\system32\VB5IT.dll
2010-11-29 15:44 . 2010-12-02 00:49 -------- d-----w- c:\documents and settings\Gilberto\Dati applicazioni\vlc
2010-11-29 15:22 . 2010-11-29 15:22 -------- d-----w- c:\programmi\FreeTime
2010-11-21 22:23 . 2010-11-21 22:23 -------- d-----w- c:\programmi\File comuni\Skype
2010-11-19 11:17 . 2010-11-19 11:17 -------- d-----w- c:\documents and settings\Gilberto\Dati applicazioni\Avira
2010-11-16 00:12 . 2010-11-16 00:12 -------- d--h--w- c:\documents and settings\Gilberto\Impostazioni locali\Dati applicazioni\AlterGeo
2010-11-16 00:12 . 2010-11-16 00:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Badoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 10:37 . 2009-12-29 10:38 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-10-31 15:29 . 2009-06-12 15:56 2776 --sha-w- c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2010-09-15 02:50 . 2010-09-27 22:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2008-06-22 08:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-05_16.10.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-06 09:41 . 2010-12-06 09:41 16384 c:\windows\Temp\Perflib_Perfdata_630.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\programmi\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-22 10:05 2353176 ----a-w- c:\programmi\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\programmi\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\programmi\Zynga\tbZyng.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"Google Update"="c:\documents and settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-02-05 135664]
"DriverMax_RESTART"="c:\programmi\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"Cmaudio"="cmicnfg.cpl" [BU]
"MaxMenuMgr"="c:\programmi\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"BootRacer"="c:\programmi\BootRacer\Bootrace.exe" [2009-01-14 1548392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-09-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-12 07:35 352256 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Badoo Desktop]
2010-10-29 12:55 983552 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 09:56 286720 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PMCS"="c:\programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
"PMCRemote"=c:\programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Corel File Shell Monitor"=c:\programmi\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Mirc Horror\\mirc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Documents and Settings\\Gilberto\\Desktop\\utorrent.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\DAP\\DAP.exe"=
"c:\\Mirc invision Darksin ita\\mirc.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\emule\\eMule.exe"=
"g:\\Cell_iphone\\iPhone Tunnel Suite 3.0\\iTunnel\\iTunnel.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Java\\jre1.5.0_14\\bin\\javaw.exe"=
"c:\\Programmi\\ooVoo\\ooVoo.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"7776:TCP"= 7776:TCP:BitComet 7776 TCP
"7776:UDP"= 7776:UDP:BitComet 7776 UDP
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"1755:TCP"= 1755:TCP:emule tcp
"1765:UDP"= 1765:UDP:emule udp
"443:TCP"= 443:TCP:*:Disabled:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 d343bus;d343bus;c:\windows\system32\drivers\d343bus.sys [10/06/2008 11.25.10 136704]
R0 d343port;d343port;c:\windows\system32\drivers\d343port.sys [10/06/2008 11.25.10 5632]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [05/12/2010 11.37.05 32008]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 11.53.48 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 10.39.26 55024]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [05/12/2010 11.37.04 6416120]
R2 FreeAgentGoNext Service;Seagate Service;c:\programmi\Seagate\SeagateManager\Sync\FreeAgentService.exe [01/05/2009 13.35.54 181544]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [29/12/2009 11.38.34 76696]
R2 RioPNP;RioPNP;c:\windows\system32\drivers\RioPnP.sys [25/01/2007 11.40.10 6736]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 10.38.18 92008]
R2 Vqtfk;Vqtfk;c:\windows\system32\Vqtfk.sys [25/01/2007 11.39.37 19936]
R3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [27/12/2006 11.17.20 827008]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [25/02/2010 13.51.55 1287296]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [05/12/2010 11.37.04 26096]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/12/2010 19.11.47 38224]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/03/2007 14.39.01 716272]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [21/06/2010 22.22.59 136176]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [04/06/2004 12.21.12 70888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe" c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 15.51.08 4096]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [09/01/2010 22.40.57 16640]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [09/01/2010 22.41.30 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [09/01/2010 22.41.48 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [09/01/2010 22.42.04 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [09/01/2010 22.42.22 25704]
S4 BootRacerServ;BootRacerServ;c:\programmi\BootRacer\BootRacerServ.exe [14/01/2009 14.30.50 57088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-21 11:31]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-21 11:31]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-329068152-725345543-1003Core.job
- c:\documents and settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-05 14:21]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-329068152-725345543-1003UA.job
- c:\documents and settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-05 14:21]

2010-12-06 c:\windows\Tasks\PandaUSBVaccine.job
- c:\programmi\Panda USB Vaccine\RunInteractiveWin.exe [2010-12-05 15:45]

2007-02-21 c:\windows\Tasks\PMCS_Wakeup633076516117350000.job
- c:\programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe [2006-12-27 08:41]

2010-12-06 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
IE: {{4B21E152-BA59-4ebf-B522-8C55B265EE1A} - c:\programmi\PartyItalia\PartyPokerIt\RunApp.exe
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\programmi\DAP\DAPIE.DLL
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\programmi\DAP\DAPIE.DLL
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} - hxxps://servizi.inps.it/servizi/ParlaCo ... IPhona.cab
FF - ProfilePath - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.it/
FF - component: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - Extension: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\en-US@dictionaries.addons.mozilla.org
FF - Extension: Dizionario italiano: it-IT@dictionaries.addons.mozilla.org - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\it-IT@dictionaries.addons.mozilla.org
FF - Extension: MetaProducts Integration: {D249FD00-4DF9-11D9-9FDC-0080481ADA61} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}
FF - Extension: Clippings: {91aa5abe-9de4-4347-b7b5-322c38dd9271} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
FF - Extension: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Extension: ImageTweak: {DB2EA31C-58F5-48b7-8D60-CB0739257904} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
FF - Extension: Cooliris: piclens@cooliris.com - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com
FF - Extension: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Personas: personas@christopher.beard - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\personas@christopher.beard
FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Extension: my-spambox: info@omtv.se - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\info@omtv.se
FF - Extension: TrashMail.net: spam@trashmail.net - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\spam@trashmail.net
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\youtube2mp3@mondayx.de
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 14:47
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1960408961-329068152-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1960408961-329068152-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1960408961-329068152-725345543-1003)
@Allowed: (Read) (S-1-5-21-1960408961-329068152-725345543-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-12-06 14:50:59
ComboFix-quarantined-files.txt 2010-12-06 13:50
ComboFix2.txt 2010-12-05 16:15
ComboFix3.txt 2009-11-13 15:19

Pre-Run: 144.782.229.504 byte disponibili
Post-Run: 144.822.951.936 byte disponibili

Current=12 Default=12 Failed=0 LastKnownGood=17 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
- - End Of File - - A2106B1790DF746CB76C17EBBB5F1EF0

alla fine non e' ripartito... VA BENE LO STESSO??

grazie.. ciao

[manero478]

ha scusate.. ma come mai nonostante abbia tolto nod32 (purtroppo non con unistall perche e' andato in errore tempo fa')
ma comunque cancellando tutti i riferimenti sul registro... a parte un paio di chiavi che non mi permette di cancellarle...
mi ritrovo che sta nei servizi anche se non attivo...
pero a combofix risulta ATTIVO...
(che posso fare per eliminarlo del tutto??)

grazie ancora

[FDAC]

Ciao Manero.
A volta Combofix prende degli abbagli, anche lui :)

Come va il PC?

Disinstalla:
McAfee Security Scan
Mirc
Emule
Badoo Desktop
BootRacer
Zynga

Scarica ATF Cleaner: http://www.atribune.org/ccount/click.php?id=1
● avvia il tool con un doppio click
● seleziona la casella Select All
● clicca sul pulsante Empty selected
● aspetta l'avviso Done Cleaning
(se usi Opera o Firefox, esegui la loro pulizia cliccando sul tab in alto)
● chiudi il programma

Scarica ed installa CCleaner: http://www.piriform.com
Nota - durante l'installazione:
● non consentire l'installazione di Google Chrome, ne' di nessun altro componente aggiuntivo esterno al programma
Una volta installato, configuralo in questo modo:
● lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
● Impostazioni
● spunta la voce Tipo cancellazione: Sicura (lenta) e nel menù a tendina seleziona la voce DOD 5220.22-M (3 passaggi)
Successivamente clicca su:
● Avanzate
● togli la spunta alla voce Cancella file in Windows Temp solo se più vecchi di 24 ore
● alla voce Pulizia nella sezione Avanzate spunta le voci Vecchi dati Prefetch e Disinstallatori Aggiornamenti di Windows
● clicca sul tasto Avvia pulizia per avviare la pulizia dei file temporanei
● finita la scansione, sempre nel menù a sinistra, clicca sulla voce Registro e spunta tutte le voci eccetto:
Estensioni file non usate
● clicca sul tasto Trova Problemi per avviare la pulizia delle voci di registro corrotte e danneggiate
● al termine della scansione clicca sulla voce Ripara selezionati... e prosegui con la riparazione (questo ultimo passaggio ripetilo più volte, fino a quando non verranno rilevati più problemi da correggere)
● chiudi il programma

Scarica ed installa Glary Utilities Free: http://www.glarysoft.com
Nota - durante l'installazione:
● non consentire l'installazione di Ask Toolbar, ne' di nessun altro componente aggiuntivo esterno al programma
● avvia Glary Utilities
● clicca su Menu - Settings - Language - Italian
● portati sul tab Manutenzione 1 -Clic
● controlla che tutte queste voci siano spuntate:
Pulizia Registro
Riparazione Collegamenti
Gestione Esecuzioni Automatiche
Pulizia File Temporanei
Eliminazione Tracce
Rimozione Spyware

● nel riquadro Eliminazione Tracce clicca con il tasto sinistro su Opzioni - Seleziona le le tracce da eliminare e spunta le 4 Macrosezioni
● nel riquadro Eliminazione Tracce clicca con il tasto sinistro su Opzioni - Opzioni - Elimina i cookie non contrassegnati
● clicca sul pulsante in basso Ricerca Errori
● attendi pazientemente la fine della scansione
● a scansione finita, clicca su Ripara Errori:
questo ultimo passaggio ripetilo più volte, fino a quando non verranno rilevati più problemi da correggere

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● doppio click per eseguirlo
● clicca su CleanUp
● ti chiederà di riavviare il sistema
● clicca Yes

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia TFC by OldTimer, clicca su Start
● al termine della scansione ti chiederà di riavviare il sistema
● clicca Ok

Svuota del suo contenuto la cartella Prefetch:
● Start
● clicca su Risorse del Computer
● clicca su Disco locale C:
● cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila e individua la cartella Prefetch
● aprila ed elimina tutte le voci conservate al suo interno (mi raccomando, non eliminare la cartella)

Scarica ed installa Hijackthis: http://www.trendmicro.com/ftp/products/ ... ckThis.msi
● lancia Hijackthis
● clicca su Do a system scan and save a logfile
● al termine della scansione verrà rilasciato un file di testo: allegalo col tag MEMO

[manero478]

scusami FDAC solo un paio di domande chiarificatrici
mi chiedi:
Come va il PC?
"sembra comunque che vada bene " ;)
poi di --->
Disinstalla:
McAfee Security Scan
Mirc
Emule
Badoo Desktop
BootRacer
Zynga

allora :
McAfee Security Scan ---> lo cercato.. credevo che cere in effetti .. ma non lo trovo piu.. :(
badoo deaktop eliminato
Zynga eliminato

BoootRacer .. mi servirebbe per capire quando posso usare le applicazioni... (infatti aspetto sempre che si chiuda.. altrimenti a volte ho problemi ad aprire le applicazioni)

EMULE e Mirc .. sono per fare dei download.. (come mai serve eliminarli??)

grazie...

[FDAC]

BootRacer è un programma che serve per testare la velocità di avvio di Windows.
Disinstallalo pure senza problemi.

Emule e Mirc devi disinstallarli, o meglio:
elimina i software craccati scaricati tramite questi due sopracitati, portano solo virus.


Poi:

Scarica ed installa Hijackthis: http://www.trendmicro.com/ftp/products/ ... ckThis.msi
● lancia Hijackthis
● clicca su Do a system scan and save a logfile
● al termine della scansione verrà rilasciato un file di testo: allegalo col tag MEMO

[manero478]

si infatti e' per quello...(perche il mio ci mette intorno ai 3 minuti.. troppo).. comunque ho capito .. per i portatori di infezioni ok ;)

ecco il log di hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.42.41, on 06/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\Panda USB Vaccine\USBVaccine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.DLL
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programmi\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programmi\WOT\WOT.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Programmi\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Programmi\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [BootRacer] "C:\Programmi\BootRacer\Bootrace.exe" /2
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Programmi\PartyItalia\PartyPokerIt\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Programmi\PartyItalia\PartyPokerIt\RunApp.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmi\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gillo-cesa.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} (Iphona) - https://servizi.inps.it/servizi/ParlaCo ... IPhona.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 7772143906
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2500216609
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programmi\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Programmi\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Programmi\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12502 bytes

aspetto... o continuo con le operazioni che mi hai detto prima?

grazie

[manero478]

sto comunque andando avanti...:
AFT CLEANER ---> ESEGUITO
CCLEANER -------> ESEGUITO
GLARY UTILITIES -> ESEGUITO E RIPARATO...


------ > SEGUE ;)

[manero478]

eseguito tutto....

e alla fine ho rifatto hijackthis e riposto il log :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.42.39, on 06/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Prevx\prevx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.DLL
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programmi\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programmi\WOT\WOT.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Programmi\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Programmi\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Programmi\PartyItalia\PartyPokerIt\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Programmi\PartyItalia\PartyPokerIt\RunApp.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmi\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gillo-cesa.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} (Iphona) - https://servizi.inps.it/servizi/ParlaCo ... IPhona.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 7772143906
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2500216609
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programmi\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Programmi\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Programmi\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11652 bytes

il servizio di NON32 non c'e' pu
Di McAfee security Scan Ho trovato il servizio... anche se e' Manuale.. ma non il programma...
chi lo lancia??
Ciao vado in palestra..
ci risentiamo dopo..
e grazie grazie

[FDAC]

Ciao.

Rilancia Hijackthis:
● Do a System Scan Only
● spunta la casellina fianco di ogni singola voce che ti indicherò sotto
● una volta spuntate le voci:
● chiudi tutte le applicazioni aperte
● chiudi tutte le pagine del browser aperte
● in Hijackthis fixa le voci cliccando su Fix checked

Queste le voci da fixare:

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Programmi\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gilberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Programmi\Innovative Solutions\DriverMax\devices.exe" -RESTART
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gillo-cesa.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} (Iphona) - https://servizi.inps.it/servizi/ParlaCo ... IPhona.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 7772143906
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2500216609
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab

Disinstalla:
PartyItalia
BootRacer
Poi:

Scarica Pserv: http://p-nand-q.com/download/pserv_cpl/pserv-2.7.exe
● installa questo tool, seguendo i semplici passaggi proposti

Una volta installato:
● clicca su Start - Tutti i programmi
● lancia Services & Devices
● nell'elenco, individua questo servizio:
Servizio di Google Update (gupdate) (gupdate)
Java Quick Starter (JavaQuickStarterService)
McAfee Security Scan Component Host Service (McComponentHostService)
● tasto destro del mouse sul servizio in questione
● scegli Delete
● una volta rimosso il servizio riavvia il sistema

Riavvia il PC

Fammi sapere come va

[manero478]

allora hijackthis.. eseguito.. allego log :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.20.07, on 06/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Prevx\prevx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.DLL
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programmi\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programmi\WOT\WOT.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Programmi\PartyItalia\PartyPokerIt\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Programmi\PartyItalia\PartyPokerIt\RunApp.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmi\PlotSoft\PDFill\DownloadPDF.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programmi\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Programmi\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Programmi\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8249 bytes

cancellato
PartyItalia
BootRacer

installato

Scarica Pserv: http://p-nand-q.com/download/pserv_cpl/pserv-2.7.exe
● installa questo tool, seguendo i semplici passaggi proposti

Una volta installato:
● clicca su Start - Tutti i programmi
● lancia Services & Devices
● nell'elenco, individua questo servizio:
Servizio di Google Update (gupdate) (gupdate)
Java Quick Starter (JavaQuickStarterService)
McAfee Security Scan Component Host Service (McComponentHostService)
● tasto destro del mouse sul servizio in questione
● scegli Delete
● una volta rimosso il servizio riavvia il sistema

ma una volta eseguito non c'e' :
● clicca su Start - Tutti i programmi
● lancia Services & Devices
ma un serie di linee dove credo siano tutti i servizi attivi...

che faccio?

grazieeeeeeeeeeeee