www.MegaLab.it

[emiliano72]

Ho eseguito una scansione con malwarebytes, ma non esce nulla; ho pulito con ccleaner (pulizia e registro), ma il pc è sempre lentissimo, a tal punto che non si aprono nemmeno le finestre. Posto qui di seguito la scansione fatta con hijackthis, qualcuno mi aiuti perfavore. Attendo consigli. Grazie.

Scan saved at 21.20.32, on 02/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVAST Software\Avast\avastUI.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\All Users\Dati applicazioni\Chiavetta Internet\OnlineUpdate\ouc.exe
C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Chiavetta Internet\Chiavetta Internet.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchya.com/?s=0&chnl=tst-214&c ... =307396740
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Programmi\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [L09IXLRD_190500] "C:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Chiavetta Internet] "C:\Programmi\Chiavetta Internet\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0BA8512-1FB7-4819-A737-5091D45AA58F}: NameServer = 213.230.130.222 217.200.200.42
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Chiavetta Internet. OUC (Chiavetta Internet. RunOuc) - Unknown owner - C:\Programmi\Chiavetta Internet\UpdateDog\ouc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe (file missing)

--
End of file - 7782 bytes

[crazy.cat]

Ho messo ordine nei tuoi messaggi.

Fai un controllo con questo programma che non ci siano dei rootkit e posta il log che ne esce
http://www.MegaLab.it/8339/aswmbr-rilev ... u-ostinato

Rifai la scansione con hijackthis e seleziona le caselle di queste righe e poi premi ficx checked per eliminarle.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchya.com/?s=0&chnl=tst-214&c ... =307396740
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe

WindowsSearch.exe in genere crea più problemi che benefici, se ti serve cercare dei file nel pc ci sono dei programmi più leggeri.

[emiliano72]

Ho fatto il primo controllo con aswmbr, posto qui di seguito il log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-03 09:11:14
-----------------------------
09:11:14.703 OS Version: Windows 5.1.2600 Service Pack 3
09:11:14.703 Number of processors: 1 586 0x5F03
09:11:14.703 ComputerName: ADMIN-238D6FF41 UserName: Admin
09:11:16.203 Initialize success
09:11:16.796 AVAST engine defs: 12110201
09:11:36.375 Disk 0 (boot) \Device\Harddisk0\DR0 ->
\Device\Ide\IdeDeviceP0T1L0-c
09:11:36.390 Disk 0 Vendor: SAMSUNG_SP1203N TL100-30 Size: 114498MB
BusType: 3
09:11:36.406 Disk 0 MBR read successfully
09:11:36.406 Disk 0 MBR scan
09:11:36.406 Disk 0 Windows XP default MBR code
09:11:36.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114486 MB
offset 63
09:11:36.421 Disk 0 scanning sectors +234468675
09:11:36.453 Disk 0 malicious Win32:MBRoot code @ sector 234468678 !
09:11:36.468 Disk 0 PE file @ sector 234468700 !
09:11:36.500 Disk 0 scanning C:\WINDOWS\system32\drivers
09:11:47.484 Service scanning
09:12:14.921 Modules scanning
09:12:35.828 Disk 0 trace - called modules:
09:12:36.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys
pciide.sys PCIIDEX.SYS
09:12:36.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a53cab8]
09:12:36.671 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver ->
\Device\00000066[0x8a52df18]
09:12:36.953 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver ->
\Device\Ide\IdeDeviceP0T1L0-c[0x8a56fd98]
09:12:38.140 AVAST engine scan C:\WINDOWS
09:12:43.046 AVAST engine scan C:\WINDOWS\system32
09:14:49.734 AVAST engine scan C:\WINDOWS\system32\drivers
09:15:04.250 AVAST engine scan C:\Documents and Settings\Admin
09:17:33.843 AVAST engine scan C:\Documents and Settings\All Users
09:18:44.765 Scan finished successfully
09:19:45.656 Disk 0 MBR has been saved successfully to "C:\Documents and
Settings\Admin\Desktop\MBR.dat"
09:19:45.656 The log file has been saved successfully to "C:\Documents and
Settings\Admin\Desktop\aswMBR.txt"

Dopo aver cliccato su fix, posto qui di seguito il log del secondo controllo:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-03 09:11:14
-----------------------------
09:11:14.703 OS Version: Windows 5.1.2600 Service Pack 3
09:11:14.703 Number of processors: 1 586 0x5F03
09:11:14.703 ComputerName: ADMIN-238D6FF41 UserName: Admin
09:11:16.203 Initialize success
09:11:16.796 AVAST engine defs: 12110201
09:11:36.375 Disk 0 (boot) \Device\Harddisk0\DR0 ->
\Device\Ide\IdeDeviceP0T1L0-c
09:11:36.390 Disk 0 Vendor: SAMSUNG_SP1203N TL100-30 Size: 114498MB
BusType: 3
09:11:36.406 Disk 0 MBR read successfully
09:11:36.406 Disk 0 MBR scan
09:11:36.406 Disk 0 Windows XP default MBR code
09:11:36.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114486 MB
offset 63
09:11:36.421 Disk 0 scanning sectors +234468675
09:11:36.453 Disk 0 malicious Win32:MBRoot code @ sector 234468678 !
09:11:36.468 Disk 0 PE file @ sector 234468700 !
09:11:36.500 Disk 0 scanning C:\WINDOWS\system32\drivers
09:11:47.484 Service scanning
09:12:14.921 Modules scanning
09:12:35.828 Disk 0 trace - called modules:
09:12:36.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys
pciide.sys PCIIDEX.SYS
09:12:36.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a53cab8]
09:12:36.671 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver ->
\Device\00000066[0x8a52df18]
09:12:36.953 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver ->
\Device\Ide\IdeDeviceP0T1L0-c[0x8a56fd98]
09:12:38.140 AVAST engine scan C:\WINDOWS
09:12:43.046 AVAST engine scan C:\WINDOWS\system32
09:14:49.734 AVAST engine scan C:\WINDOWS\system32\drivers
09:15:04.250 AVAST engine scan C:\Documents and Settings\Admin
09:17:33.843 AVAST engine scan C:\Documents and Settings\All Users
09:18:44.765 Scan finished successfully
09:19:45.656 Disk 0 MBR has been saved successfully to "C:\Documents and
Settings\Admin\Desktop\MBR.dat"
09:19:45.656 The log file has been saved successfully to "C:\Documents and
Settings\Admin\Desktop\aswMBR.txt"
09:27:13.640 Disk 0 MBR read successfully
09:27:16.828 Disk 0 scanning sectors +234468675
09:27:16.890 Disk 0 malicious Win32:MBRoot code @ sector 234468678 !
09:27:17.203 Disk 0 PE file @ sector 234468700 !
09:27:17.500 Disk 0 sector 234468678 cleaned
09:27:17.781 Disk 0 sector 234468700 cleaned
09:27:18.062 Verifying disinfection
09:27:28.375 Infection fixed successfully - please reboot ASAP
09:28:24.531 Disk 0 MBR has been saved successfully to "C:\Documents and
Settings\Admin\Desktop\MBR.dat"
09:28:24.546 The log file has been saved successfully to "C:\Documents and
Settings\Admin\Desktop\aswMbr dopo il fix.txt"

Dopo aver riavviato il pc, come da istruzioni, posto qui di seguito il log del terzo controllo (ma NON ho dato nè il comando "FIX", non presente come scelta, NE' il comando "FIXMBR" unico presente, per paura di un mancato riavvio del sistema operetivo):

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-03 10:04:21
-----------------------------
10:04:21.750 OS Version: Windows 5.1.2600 Service Pack 3
10:04:21.750 Number of processors: 1 586 0x5F03
10:04:21.750 ComputerName: ADMIN-238D6FF41 UserName: Admin
10:04:22.984 Initialize success10:04:26.171 Disk 0 MBR read
successfully
10:04:26.171 Disk 0 MBR scan

10:04:23.546 AVAST engine defs: 12110300
10:04:26.156 Disk 0 (boot) \Device\Harddisk0\DR0 ->
\Device\Ide\IdeDeviceP0T1L0-c
10:04:26.156 Disk 0 Vendor: SAMSUNG_SP1203N TL100-30 Size: 114498MB
BusType: 3
10:04:26.187 Disk 0 Windows XP default MBR code
10:04:26.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114486 MB
offset 63
10:04:26.203 Disk 0 scanning sectors +234468675
10:04:26.281 Disk 0 scanning C:\WINDOWS\system32\drivers
10:04:38.609 Service scanning
10:05:28.781 Modules scanning
10:06:05.171 Disk 0 trace - called modules:
10:06:05.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys
pciide.sys PCIIDEX.SYS
10:06:05.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a53cab8]
10:06:10.250 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver ->
\Device\00000066[0x8a52df18]
10:06:10.546 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver ->
\Device\Ide\IdeDeviceP0T1L0-c[0x8a56fd98]
10:06:17.171 AVAST engine scan C:\WINDOWS
10:06:26.750 AVAST engine scan C:\WINDOWS\system32
10:08:27.250 AVAST engine scan C:\WINDOWS\system32\drivers
10:08:41.578 AVAST engine scan C:\Documents and Settings\Admin
10:11:05.671 AVAST engine scan C:\Documents and Settings\All Users
10:12:12.968 Scan finished successfully
10:13:08.843 Disk 0 MBR has been saved successfully to "C:\Documents and
Settings\Admin\Desktop\MBR.dat"
10:13:08.843 The log file has been saved successfully to "C:\Documents and
Settings\Admin\Desktop\aswMBR dopo riavvio.txt"

Infine ho rifatto la scansione con "hijackthis", selezionando le 5 caselle, come da istruzioni, ed eliminandole con ficx checked, posto qui di seguito il log dopo aver fatto questa operazione:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.26.46, on 03/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVAST Software\Avast\avastUI.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student
DVD\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Dati applicazioni\Chiavetta
Internet\OnlineUpdate\ouc.exe
C:\Documents and Settings\All Users\Dati
applicazioni\DatacardService\HWDeviceService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Chiavetta Internet\Chiavetta Internet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.
google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:
//go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:
//go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.
microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:
\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:
\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-
9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:
\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:
\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Programmi\AVAST Software\Avast\avastUI.exe"
/nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [L09IXLRD_190500] "C:\Programmi\Microsoft Student\Microsoft
Encarta 2009 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Chiavetta Internet] "C:\Programmi\Chiavetta
Internet\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:
\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:
\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:
\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-
5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:
\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-
899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search
Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:
\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:
\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:
\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-
45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.
com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0BA8512-1FB7-4819-A737-
5091D45AA58F}: NameServer = 213.230.130.222 217.200.200.42
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:
\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-
00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) -
Adobe Systems Incorporated - C:
\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File
comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST
Software\Avast\AvastSvc.exe
O23 - Service: Chiavetta Internet. OUC (Chiavetta Internet. RunOuc) - Unknown
owner - C:\Programmi\Chiavetta Internet\UpdateDog\ouc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:
\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:
\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and
Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner -
C:\Programmi\CyberLink\Shared files\RichVideo.exe (file missing)

--
End of file - 6991 bytes

Alla fine di queste operazioni, il pc risulta sempre lentissimo. Sembra che non ci sia stato nessun miglioramento. Attendo ulteriori istruzioni. Grazie per la pazienza.

[hashcat]

Scarica Services Disabler ed eseguilo.

Digita 1 e segui la procedura a schermo (rispondi sempre si a tutte le richieste).
Infine riavvia il computer e vedi se la situazione migliora.

[emiliano72]

Non riesco a trovare: "Services Disabler" per scaricarlo. E' corretta la dicitura? Potresti gentilmente mandarmi un link da dove poterlo scaricare? Grazie.

[farbix89]

clicca sul link che trovi nel post di hashcat.

il link è lo stesso nome del programma

[emiliano72]

Ah, grazie. Scusate: non sono molto pratico.
Fatto tutto come da istruzioni. La situazione non migliora. Aiuto!

[emiliano72]

Non so se c'entra qualcosa, ma all'avvio del pc mi spunta sempre in basso a destra un'icona con su scritto: "trovato nuovo hardware", dopo di che mi si apre continuamente una finestra, nonostante io la richiuda per più e più volte, che dice: "installazione guidata nuovo hardware - NVIDIA High Definition Audio". Dopo l'ultimo passo e cioè l'esecuzione di "services disabler" ed il riavvio, mi sono comparse sul desktop tre cartelle: 1)and; 2)applicazioni; 3)settings. Rimango in attesa di vostri consigli. Grazie.

[Ale2695]

Mmm... non dovrebbe centrare nulla quel messaggio, posso sapere le caratteristiche tecniche del tuo pc (processore, ram, scheda video, ecc.)?

[hashcat]

Siamo sicuri che non si tratti di problemi relativi all'hardware vecchio?

Comunque:

1. Scarica ed esegui ListParts e postane il relativo log.
2. Scarica ed esegui SecurityCheck e postane il relativo log.
3. Scarica ed esegui DDS e posta entrambi i log che verranno generati.
4. Infine scarica ed esegui RogueKiller, appena ha terminato la scansione preliminare clicca sul pulsante Scan ed al termine della scansione sul pulstante Report, copia il relativo log e postalo sul forum.

[bitter86]

Darei una controllata anche con tdskiller

[emiliano72]

Chiedo umilmente scusa a tutti voi che pazientemente mi avete aiutato. Purtroppo, come ho già detto in precedenza, non sono molto pratico e così, grazie ad un amico, ho scoperto che il problema principale del rallentamento del pc è dovuto dalla chiavetta tim e non dal computer, poichè non c'era più nessun giga. Chiedo nuovamente scusa a tutti e ringrazio tutti coloro che sono intervenuti per aiutarmi. Dio vi benedica.

[emiliano72]

P.S.: La connessione era talmente lenta che non riuscivo a controllare la barra dei giga rimanenti.