www.MegaLab.it

[Ale2695]

Allora, il mio computer utilizza stabilmente tra i 1.05 e i 1.12 GB di RAM senza programmi aperti, con explorer.exe e dwm.exe che usano insieme più di 120.000 KB di RAM (explorer.exe 38.560, dwm.exe 84.904). Mi potete aiutare? Le caratteristiche del sistema sono quelle presenti nella firma.

[Palpas]

Allora, il mio computer utilizza stabilmente tra i 1.05 e i 1.12 GB di RAM senza programmi aperti, con explorer.exe e dwm.exe che usano insieme più di 120.000 KB di RAM (explorer.exe 38.560, dwm.exe 84.904). Mi potete aiutare? Le caratteristiche del sistema sono quelle presenti nella firma.

mi posti un log di Hijackthis ?

[crazy.cat]

mi posti un log di Hijackthis ?

Meglio quello di combofix, così guadagnamo tempo.

[Ale2695]

Ok, ora faccio la scansione con Combofix e Hijackthis e vi faccio sapere

[Ale2695]

Ecco il log di Combofix:

ComboFix 09-11-23.05 - Frigoli 24/11/2009 16.53.57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.2037.1001 [GMT 1:00]
Eseguito da: c:\users\Frigoli\Downloads\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1767375377-492369582-36585800-500
c:\$recycle.bin\S-1-5-21-3339222948-3060210515-2822431980-500
c:\users\Frigoli\AppData\Roaming\Desktopicon
c:\users\Frigoli\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Creati Da 2009-10-24 al 2009-11-24 )))))))))))))))))))))))))))))))))))
.

2009-11-24 16:09 . 2009-11-24 16:09 -------- d-----w- c:\users\Frigoli\AppData\Local\temp
2009-11-22 18:18 . 2009-11-22 18:18 -------- d-----w- c:\program files\Nero
2009-11-22 18:16 . 2009-11-22 18:20 -------- d-----w- c:\programdata\Nero
2009-11-22 18:16 . 2009-11-22 18:19 -------- d-----w- c:\program files\Common Files\Nero
2009-11-14 14:52 . 2009-11-14 14:52 -------- d-----w- c:\program files\Microsoft
2009-11-14 14:47 . 2009-11-14 15:07 -------- d-----w- c:\users\Frigoli\Tracing
2009-11-13 15:53 . 2009-11-13 15:53 -------- d-----w- c:\users\Frigoli\AppData\Local\Symantec_Corporation
2009-11-13 15:48 . 2007-03-21 19:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-11-13 15:48 . 2007-03-21 19:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-11-13 15:48 . 2007-03-21 19:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2009-11-13 15:47 . 2008-01-19 18:31 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-13 15:47 . 2008-01-19 18:31 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-13 15:19 . 2009-11-13 15:19 -------- d-----w- c:\users\Frigoli\Documenti
2009-11-12 17:20 . 2009-11-12 17:20 -------- d-----w- c:\program files\ESET
2009-11-11 17:14 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 17:14 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-09 12:42 . 2009-11-09 12:42 -------- d-----w- c:\users\Frigoli\AppData\Roaming\irido
2009-11-09 12:41 . 2009-11-09 12:41 -------- d-----w- c:\program files\irido
2009-11-07 15:15 . 2009-11-07 15:15 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate
2009-11-07 15:04 . 2009-11-07 15:04 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-11-07 15:04 . 2009-11-23 20:53 -------- d-----w- c:\programdata\Studio 12
2009-11-07 15:04 . 2009-11-23 20:53 -------- d-----w- c:\program files\Pinnacle
2009-11-07 15:04 . 2009-11-07 15:04 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2009-11-07 15:01 . 2009-11-07 15:04 -------- d-----w- c:\programdata\Pinnacle
2009-11-07 14:53 . 2009-11-07 14:55 8192 d-----w- c:\program files\Age of Empires 2
2009-11-06 12:14 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-06 12:14 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-06 12:14 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-06 12:14 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-06 12:13 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-06 12:13 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-06 12:13 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-06 12:13 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-06 12:13 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-05 18:01 . 2009-11-05 18:01 -------- d-----w- c:\program files\Trend Micro
2009-11-04 19:36 . 2009-11-04 19:39 32768 d-----w- c:\program files\Adobe Photoshop CS4
2009-11-04 17:01 . 2009-11-04 17:01 -------- d-----w- c:\windows\system32\x64
2009-11-03 17:28 . 2009-11-03 17:28 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-03 17:24 . 2009-11-03 17:24 -------- d-----w- c:\programdata\is-E4GE3
2009-11-03 17:24 . 2009-11-03 17:41 2420768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-01 19:52 . 2009-11-24 15:39 24576 d-----w- c:\users\Frigoli\Mozilla Firefox Portable
2009-10-31 20:34 . 2009-10-31 20:34 -------- d-----w- c:\program files\iPod
2009-10-31 20:34 . 2009-10-31 20:35 4096 d-----w- c:\program files\iTunes
2009-10-31 20:29 . 2009-10-31 20:29 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 20:27 . 2009-11-05 16:33 49152 ----a-w- c:\programdata\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-10-28 20:21 . 2009-10-28 20:21 -------- d-----w- c:\users\Frigoli\AppData\Local\Microsoft Corporation
2009-10-27 20:24 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 20:24 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-27 20:24 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-27 20:24 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 15:49 . 2009-10-15 14:10 4096 d-----w- c:\users\Frigoli\AppData\Roaming\BitTorrent
2009-11-23 20:37 . 2007-11-30 07:30 684098 ----a-w- c:\windows\system32\perfh010.dat
2009-11-23 20:37 . 2007-11-30 07:30 115544 ----a-w- c:\windows\system32\perfc010.dat
2009-11-14 14:55 . 2008-09-27 17:27 4096 d-----w- c:\program files\Windows Live
2009-11-13 16:19 . 2009-03-15 10:03 165232 ---ha-w- c:\users\Frigoli\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2009-11-13 16:13 . 2007-11-29 22:58 4096 d-----w- c:\programdata\Symantec
2009-11-13 16:10 . 2007-11-29 22:58 12288 d-----w- c:\program files\Common Files\Symantec Shared
2009-11-13 15:53 . 2008-09-23 07:08 -------- d-----w- c:\users\Frigoli\AppData\Roaming\Symantec
2009-11-12 17:26 . 2008-10-25 17:53 -------- d-----w- c:\programdata\McAfee
2009-11-11 20:42 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 17:59 . 2007-11-30 00:24 12288 d-----w- c:\programdata\Microsoft Help
2009-11-10 13:20 . 2008-09-23 07:08 149400 ----a-w- c:\users\Frigoli\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-06 18:17 . 2009-04-23 19:43 4096 d-----w- c:\program files\Unlocker
2009-11-05 15:59 . 2009-01-01 09:30 -------- d-----w- c:\program files\VS Revo Group
2009-11-04 19:41 . 2008-09-27 17:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 17:13 . 2008-09-24 15:02 4096 d-----w- c:\program files\Google
2009-11-03 17:41 . 2009-11-03 17:24 29444 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-02 19:42 . 2009-10-04 19:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 20:34 . 2008-09-27 17:49 -------- d-----w- c:\program files\Common Files\Apple
2009-10-15 14:25 . 2008-02-23 17:00 16384 d-----w- c:\programdata\WildTangent
2009-10-15 14:23 . 2009-08-29 15:17 1706136 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\it\Installers\SetupGamesClient.exe
2009-10-15 14:10 . 2009-10-15 14:10 -------- d-----w- c:\program files\BitTorrent
2009-09-29 12:05 . 2009-09-29 12:05 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 12:02 . 2009-09-29 12:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 11:56 . 2009-09-29 11:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-28 15:15 . 2007-11-30 00:52 4096 d-----w- c:\program files\Java
2009-09-14 09:50 . 2009-10-17 14:24 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 17:38 . 2009-10-17 14:26 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 12:38 . 2009-10-17 14:24 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 15:21 . 2009-10-17 14:25 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 15:17 . 2009-10-17 14:25 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-08-31 15:16 . 2009-10-17 14:25 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-08-29 03:41 . 2009-09-03 09:12 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40 . 2009-09-03 09:12 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31 . 2009-09-03 09:12 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-10-17 14:25 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-17 14:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-17 14:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-17 14:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

------- Sigcheck -------

[-] 2009-01-22 . 74B6336C7ACC815483C2399BDD53EFCC . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2009-11-13 654128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Frigoli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Utilità controllo supporti di Picture Motion Browser.lnk]
backup=c:\windows\pss\Utilità controllo supporti di Picture Motion Browser.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1767375377-492369582-36585800-1000]
"EnableNotificationsRef"=dword:00000001

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [29/09/2009 13.02.58 108792]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [29/09/2009 13.05.54 96408]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [07/03/2009 19.20.38 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [07/03/2009 19.18.34 41744]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29/09/2009 13.03.46 735960]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [07/03/2009 19.19.42 87568]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" c:\program files\Avira\AntiVir Desktop\sched.exe
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/11/2009 18.11.16 135664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe c:\program files\MAGIX\Common\Database\bin\fbserver.exe
S3 VBoxUSB;VirtualBox USB;c:\windows\System32\drivers\VBoxUSB.sys [16/02/2009 17.47.00 31824]
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 17:10]

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 17:10]

2009-11-24 c:\windows\Tasks\User_Feed_Synchronization-{68E98FEE-A851-4206-A8A1-99E48EE6D8EC}.job
- c:\windows\system32\msfeedssync.exe [2009-10-17 03:41]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://it.search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{E55E1F27-0001-491A-9480-AD3097F3DF20} - {E55E1F27-0001-4939-8396-DA2ADCD4B9C4} - c:\program files\irido\Printee for IE\Bin\Printee.dll
Handler: printee - {E55E1F27-0001-11DA-9914-0012F05EB2F7} - c:\program files\irido\Printee for IE\Bin\Printee.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint2K\Uninstap.exe ADDREMOVE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 17:09
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2131815b-3f82-44ea-a7d5-f3901488889c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{28334827-7b80-4bb6-8eaf-ed54843cddaf}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e0016d3
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{580493cc-b491-41e9-a586-5e703e5afc4b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001b38
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c65a669a-44ba-4225-b01d-231942b65a5d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11001f3a
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ffdef8c2-592d-4efc-b55a-8e092537194d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:15000000
"Dhcpv6State"=dword:00000000
.
Ora fine scansione: 2009-11-24 17:12
ComboFix-quarantined-files.txt 2009-11-24 16:12

Pre-Run: 84.448.133.120 byte disponibili
Post-Run: 84.525.445.120 byte disponibili

- - End Of File - - E050D6C2CED0599D43C59FEAFC79D258

[Ale2695]

E quello di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.29.31, on 24/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Printee BHO - {E55E1F27-0001-11DA-9614-0012F05EB2F0} - C:\Program Files\irido\Printee for IE\Bin\Printee.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Printee - {E55E1F27-0001-491A-9480-AD3097F3DF20} - C:\Program Files\irido\Printee for IE\Bin\Printee.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: printee - {E55E1F27-0001-11DA-9914-0012F05EB2F7} - C:\Program Files\irido\Printee for IE\Bin\Printee.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6572 bytes

Ho provato a fare una scansione con GMER per postare il log, ma quando ho iniziato il sistema è andato in crash mostrando il blue screen.

[Ale2695]

Non mi risponde nessuno? Crazy?

[Palpas]

Il log mi sembra pulito

[Ale2695]

E allora che faccio? La ventola del processore gira costantemente e la batteria si scarica subito!

[dario-vr]

Ciao se ancora non hai risolto prova così:

Fai:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Poi:
Scarica Norman Malware Cleaner:
http://normanasa.vo.llnwd.net/o29/publi ... leaner.exe
e salvalo sul desktop

Accedi al sistema in modalità provvisoria

lancia Norman ed esegui una scansione completa

al termine della scansione verrà rilasciato un log: salvalo sul Desktop con il nome Norman1 e riavvia il sistema


accedi nuovamente al sistema in modalità provvisoria

rilancia Norman ed esegui una seconda scansione completa

al termine della scansione verrà rilasciato un log: salvalo sul Desktop con il nome Norman2

riavvia il sistema in modalità normale e vedi come va.

[Ale2695]

Ho fatto come mi hai detto, ma nulla, tutto è come prima, l'utilizzo di RAM oscilla tra 990 MB e 1.24 GB e la batteria non dura nulla. Ti allego i log
Norman1

Norman Malware Cleaner
Version 1.5.0.5
Copyright © 1990 - 2009, Norman ASA. Built 2009/12/01 09:32:39

Norman Scanner Engine Version: 6.03.02
Nvcbin.def Version: 6.03.00, Date: 2009/12/01 09:32:39, Variants: 4435293

Scan started: 01/12/2009 14:01:11

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6000(Safe mode with network)
Logged on user: PC-Frigoli\Frigoli

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000


Scanning running processes and process memory...

Number of processes/threads found: 2136
Number of processes/threads scanned: 2136
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 46s


Scanning file system...

Scanning: C:\*.*


Running post-scan cleanup routine:
Set TCP/IP autotuning to "normal" (or it was already "normal")

Number of files found: 1929
Number of archives unpacked: 0
Number of files scanned: 1922
Number of files not scanned: 7
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1m 9s

Norman2:

Norman Malware Cleaner
Version 1.5.0.5
Copyright © 1990 - 2009, Norman ASA. Built 2009/12/01 09:32:39

Norman Scanner Engine Version: 6.03.02
Nvcbin.def Version: 6.03.00, Date: 2009/12/01 09:32:39, Variants: 4435293

Scan started: 01/12/2009 14:07:14

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6000(Safe mode with network)
Logged on user: PC-Frigoli\Frigoli



Scanning running processes and process memory...

Number of processes/threads found: 2123
Number of processes/threads scanned: 2123
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 46s


Scanning file system...

Scanning: C:\*.*


Running post-scan cleanup routine:
Set TCP/IP autotuning to "normal" (or it was already "normal")

Number of files found: 56718
Number of archives unpacked: 0
Number of files scanned: 56710
Number of files not scanned: 8
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 20m 16s

[dario-vr]

Ciao non comprendo perché la prima scansione di Norman è durata pochissimo: 1' 9" ??? (davvero niente!)
Mentre la seconda scansione 20' 16" ???
Comunque prova con questo tool:

http://www.softpedia.com/get/Antivirus/ ... Tool.shtml

Anche questo non è male:
http://www.softpedia.com/get/Antivirus/ ... reIt.shtml

E poi riporta di nuovo il log di Hijack This


Ps c'è pure questo 3D interessante al riguardo:
http://www.hwupgrade.it/forum/showthrea ... 544&page=7

[Ale2695]

non ho ancora finito le scansioni, ma è normale che il processore abbia 63° di temperatura (misurata con speedfan)?

[Ale2695]

Nulla, il problema non si è risolto, ora scansiono con Hjiackthis e ti faccio sapere.

[ninjabionico]

Ciao.

Se la temperatura è reale anche quella potrebbe essere una causa del rallentamento...

... ma intanto proviamo a controllare se il problema principale è di origine software...

... avvia il Pc con un LinuxCD/LiveUSB, meglio se di un sistema GNU/Linux (es.: Slax, Elive o Simply Mepis)., e utilizzalo normalmente (crea fogli di calcolo, documenti di testo, guarda video e ascolta musica, naviga in Internet, se hai avviato da Usb o hai due unità Cd/Dvd puoi masterizzare, con Gimp puoi fare un po' di fotoritocco, ecc...) per un po' e vedi se i rallentamenti si ripropongono.

Se tutto funziona regolarmente col LinuxCD/LiveUSB, allora è un problema software e puoi fare il backup dei dati e provvedere a reinstallare il S.O. su disco fisso, reinstallare i programmi e ripristinare i dati (salvati in precedenza col backup).

[Ale2695]

ok. ci provo e ti faccio sapere.