www.MegaLab.it

[Pierodoctor]

Ciao a tutti,
sono nuovo e mi sono appena iscritto. Ho un problema con questo file che trovo sempre attivo nel task manager, e anche se lo termino
dopo pochi secondi riappare. Io uso solo firefox per navigare, quindi explorer non lo apro da anni.
In pratica mi succede che in continuazione mi appare una finestra di windows che mi chiede se voglio explorer come browser, e mi toglie l'audio
in continuazione del PC. quando vado sul mixer audio trovo "wave" sempre abbassato, e anche se lo riapro, dopo pochi minuti lo rifa'. Inoltre ogni tanto
mi si apre una finestra di explorer da sola, che va su pagine di suonerie cellulari, casino'..etc etc.
ho fatto una scansione con Hijack e questo e' il log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:22:20 AM, on 6/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Protector Suite quello\psqltray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\My Documents\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite quello\launcher.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1841068531
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 11961 bytes


voreei evitare di formattare, se qualcuno mi puo' aiutare, lo ringrazio gia' da ora.
ciao,
PieroDoc.

[crazy.cat]

Conosci questo programma O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite quello\launcher.exe" /startup ?

Prova a fare una scansione con malwarebytes e se non risolve posta il log della scansione di combofix.

[Pierodoctor]

no, non lo conosco....e tra l'altro sono anche molto ignorante in materia......
il log di Hijack non ti serve???? mi hanno consigliato tutti quello...
comunque ora scarico malwarebytes e pubblico il log.
grazie...a dopo.

[Pierodoctor]

malware bytes dice che e' tutto ok
:(

[crazy.cat]

il log di Hijack non ti serve????

E' stato utile per vedere quel programma con uno strano nome che somiglia tanto ad un rogue software, per quello ti ho consigliato l'uso di malwarebytes che di solito li ammazza stecchiti.

Malwarebytes Non può aver già completato la scansione, devi fargli controllare tutto il disco fisso.

[Pierodoctor]

ok...riprovo....
grazie.

[Pierodoctor]

allora...fatta la scansione completa di HD.
dice che nn ha trovato nulla. questo e' il log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4249

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

6/28/2010 10:51:56 AM
mbam-log-2010-06-28 (10-51-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 254617
Time elapsed: 47 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ho come la sensazione che debba riformattare tutto....continua a darmi problemi....
help....

[crazy.cat]

vai con combofix, non installare la console di windows quando te lo chiede, posta il log finale della sua scansione.

[stevens]

6/28/2010 10:51:56 AM
mbam-log-2010-06-28 (10-51-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 254617
Time elapsed: 47 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

[Pierodoctor]

ho scansionato con combofix, questo e' il log:

ComboFix 10-06-27.06 - Owner 06/28/2010 16:39:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2286 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9D7C08000A00}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\setup.exe
c:\windows\system32\favicon.ico
c:\windows\system32\Thumbs.db
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.

2010-06-28 20:28 . 2010-06-28 20:27 389120 ----a-w- c:\windows\system32\CF4604.exe
2010-06-28 15:51 . 2009-11-25 16:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-28 15:51 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-28 15:51 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-28 15:51 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-28 15:51 . 2010-06-28 15:51 -------- d-----w- c:\program files\Avira
2010-06-28 15:51 . 2010-06-28 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-06-28 13:37 . 2010-06-28 14:02 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
2010-06-28 13:37 . 2010-05-31 20:34 702120 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-06-28 13:37 . 2010-05-31 20:34 868456 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-06-28 11:53 . 2010-06-28 11:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
2010-06-28 11:49 . 2010-06-28 11:49 -------- d-----w- c:\program files\Enigma Software Group
2010-06-28 11:49 . 2010-06-28 11:57 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-28 11:49 . 2010-06-28 11:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-28 11:30 . 2010-06-28 11:30 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-28 11:15 . 2010-06-28 11:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-28 11:13 . 2010-06-28 11:13 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-06-28 11:13 . 2010-06-28 11:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-06-28 08:48 . 2010-06-28 11:04 -------- d-----w- c:\program files\a-squared Free
2010-06-28 00:16 . 2010-06-28 12:29 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-28 00:16 . 2010-06-28 00:16 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-28 00:16 . 2010-06-28 12:29 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-28 00:15 . 2010-06-28 00:15 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-06-28 00:15 . 2010-06-28 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-28 00:15 . 2010-06-28 00:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-27 22:41 . 2010-06-28 11:04 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-27 22:40 . 2010-06-27 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-27 22:40 . 2010-06-27 22:41 -------- d-----w- c:\program files\Lavasoft
2010-06-27 15:20 . 2010-06-27 15:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-27 15:20 . 2010-06-27 15:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-27 15:20 . 2010-06-27 15:20 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\AOL
2010-06-23 00:02 . 2010-06-28 11:06 -------- d-----w- c:\documents and settings\Owner\IlBurraco
2010-06-23 00:02 . 2010-06-23 00:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Tarma Installer
2010-06-11 07:39 . 2010-06-28 11:10 -------- d-----w- C:\d38c209fc4ec1c4346d17822
2010-06-06 12:51 . 2010-06-06 12:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2010-06-04 15:06 . 2010-06-28 11:11 -------- d-----w- c:\program files\PokerStars.IT
2010-06-02 22:01 . 2010-06-02 22:01 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 20:33 . 2009-09-11 18:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-06-28 20:21 . 2009-09-11 18:13 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-06-28 17:22 . 2009-11-04 06:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-28 17:19 . 2010-04-24 22:16 -------- d-----w- c:\program files\Quick Poker
2010-06-28 15:14 . 2009-09-01 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-28 14:04 . 2010-04-11 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 11:14 . 2009-12-26 16:30 -------- d-----w- c:\program files\eMule
2010-06-28 11:13 . 2007-11-15 15:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 13:06 . 2010-01-23 21:58 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-06-05 16:37 . 2010-05-20 10:04 -------- d-----w- c:\program files\Google
2010-06-03 16:02 . 2009-09-01 21:02 69232 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-02 22:17 . 2007-11-15 14:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-01 08:55 . 2010-02-17 15:31 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-01 08:55 . 2010-02-17 15:31 88 --sh--r- c:\windows\system32\60864B9DD0.sys
2010-05-27 00:36 . 2010-05-27 00:36 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23fcb47e-n\msvcp71.dll
2010-05-27 00:36 . 2010-05-27 00:36 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23fcb47e-n\jmc.dll
2010-05-27 00:36 . 2010-05-27 00:36 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23fcb47e-n\msvcr71.dll
2010-05-16 16:40 . 2010-02-06 20:55 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-05-16 16:40 . 2010-02-06 20:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Facebook
2010-05-06 15:19 . 2010-05-06 15:19 -------- d-----w- c:\program files\Governor of Poker
2010-05-02 05:22 . 2007-11-15 11:30 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-04-11 15:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-11 15:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 23:37 . 2010-04-24 23:36 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-04-24 23:34 . 2010-04-24 23:34 249856 -c--a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\components\pfMultiplayer.dll
2010-04-24 23:34 . 2010-04-24 23:34 466944 -c--a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\pfHarness\pfHarness.dll
2010-04-20 05:30 . 2007-11-15 11:30 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 11:20 . 2010-04-12 11:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 11:19 . 2010-04-12 11:19 152576 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-04-12 11:17 . 2010-04-12 11:17 79488 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-31 04:16 . 2010-03-31 04:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10 . 2010-03-31 04:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite quello\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite quello\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-10-06 2075384]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-12 8491008]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-09-06 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-12 149280]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-09-28 217088]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"PSQLLauncher"="c:\program files\Protector Suite quello\launcher.exe" [2007-06-06 49168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-17 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-17 137752]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-01-12 115560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-07-30 870240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-14 110592]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-3 572008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-06 07:03 90112 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-05-17 04:50 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [11/15/2007 7:31 AM 21408]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870.sys [9/11/2009 2:26 PM 90240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 5:08 AM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [11/15/2007 7:31 AM 41216]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [11/15/2007 7:31 AM 31104]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [11/15/2007 12:40 AM 37040]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [11/15/2007 7:31 AM 812544]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 6:04 AM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 10:04]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 10:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tjjbxy4y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus
AddRemove-Quick Poker - c:\program files\Quick Poker\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-28 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,82,f7,2b,4b,39,7e,4d,b1,75,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,82,f7,2b,4b,39,7e,4d,b1,75,75,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite quello\homefus2.dll
c:\program files\Protector Suite quello\infra.dll
c:\program files\Protector Suite quello\homepass.dll
c:\program files\Protector Suite quello\bio.dll
c:\program files\Protector Suite quello\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite quello\crypto.dll

- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite quello\homefus2.dll
c:\program files\Protector Suite quello\infra.dll
.
Completion time: 2010-06-28 16:46:17
ComboFix-quarantined-files.txt 2010-06-28 20:46

Pre-Run: 207,745,249,280 bytes free
Post-Run: 208,198,975,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - EC92B501272FD808BC03DC9600F8146B

Ora??? che fare??

[crazy.cat]

Senza disinstallare il tuo antivirus, prova ad installare questo http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ e a fargli fare una scansione del pc.

[Pierodoctor]

caro crazy cat,
ho effettuato lo scan con kaspersky, (durato 2.40 ore), riavviato...ed e' ancora li'.....
sto perdendo le speranze......

[crazy.cat]

sto perdendo le speranze......

Francamente pure io.
Se qualcuno ha altre idee si faccia avanti.

[farbix89]

Scansione completa in modalità provvisoria con avira o avast,almeno le proviamo tutte

[sondlive07]

hai provato con spybot ???

[Zane]

http://www.MegaLab.it/3591/avira-antivir-rescue-system

[Pierodoctor]

@sondlive: li ho provati tutti.....
@zane: provero' il tuo suggerimento, ora sono a corto di cd vergini, domani ne prendo uno e provo questa procedura....anche se mi spaventa un po'...non sara' troppo complicato??? anyway, leggo che sei di ferrara, dove io risiedo attualmente....alle brutte possiamo incontrarci io te e il mio PC .
vi ringrazio tutti, per l'aiuto.....
a domani.

[gio!]

Ho trovato anche questa discussione di questi giorni in cui l'utente ha il tuo stesso problema http://www.giorgiotave.it/forum/sicurez ... e-exe.html

Se non sei sempre tu si potrebbe pensare ad un problema di windows, magari in seguito ad un aggiornamento

Nel task manager, accanto al processo di iexplorer cliccaci con il tasto dx e clicca su apri percorso file, che si trovasse in un altro percorso? Prova anche a sottoporlo ad una scansione di www.virustotal.com

[sondlive07]

non è che lasci qualcosa che lavora in background e che ha a che fare con internet explorer ?

riesci a ripristinare il pc ad un punto di ripristino indietro nel tempo , dove magari il problema non si presentava ????
hai provato a contattare il produttore del pc, centro assistenza ????

almeno prova, cosi puoi dire che le hai provate tutte, perche se non è un virus,(spera solo che non è un virus di ultimissima generezione e che sfugge a tutti i controlli) allora sicuramente sarà un problema del pc

per il resto ....

[Pierodoctor]

Ciao sondlive,
come faccio a sapere se qualcosa lavora in background? il ripristino l'ho fatto, ma non e' servito.
Il PC purtroppo lo ho comprato in USA, quindi contattarli adesso risulta un po' complicato....
ora ho presom il cd vergine, provero' la procedura suggerita da zane.
Il PC nel frattempo sembra peggiorare, ogni tanto parte una musica medievale da sola, senza che si apra nessuna finestra, e molto spesso sento il click dell'apertura e chiusura delle pagine con explorer, anche se in realta' sul monitor non appare nulla.....sto impazzendo!