Olimpo Informatico

[Niall]

Ciao a tutti, mi sono appena iscritto al forum per un problema che ho da qualche giorno: improvvisi rallentamenti del sistema, crash nelle situazioni più disparate, soprattutto durante l'esecuzione di file video o videogiochi. Sbirciando tra i processi ho scovato questo gsxpqrovs.exe che però prontamente spariva appena aprivo il task manager. Posto il log di hijackthis, sperando che qualcuno possa darmi qualche suggerimento. Grazie!

Info sul mio sistema:
Windows Xp SP2
Avast Antivirus 4.7 home edition
Ad-Aware SE Personal
Firewall di Windows Xp

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.03.02, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programmi\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programmi\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5975 bytes

[Orange]

Benvenuto Niall

Segui per favore queste indicazioni e posta il log di ComboFix.

[Niall]

Ops, scusa la svista. Rimedio subito... segue il log aggiornato di hijack:

ComboFix 08-01-09.2 - MauroPaga 2008-01-18 10.15.22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1122 [GMT 1:00]
Eseguito da: C:\Documents and Settings\MauroPaga\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MauroPaga\Dati applicazioni\7-zip.dll
C:\Documents and Settings\MauroPaga\Dati applicazioni\addon.dat
C:\Documents and Settings\MauroPaga\Impostazioni locali\Dati applicazioni\gsxpqrovs.dat
c:\documents and settings\mauropaga\impostazioni locali\dati applicazioni\gsxpqrovs.exe
c:\Documents and Settings\MauroPaga\Impostazioni locali\Dati applicazioni\gsxpqrovs_nav.dat
c:\Documents and Settings\MauroPaga\Impostazioni locali\Dati applicazioni\gsxpqrovs_navps.dat
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((( Files Creati Da 2007-12-18 al 2008-01-18 )))))))))))))))))))))))))))))))))))
.

2008-01-18 10:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 15:00 . 2008-01-17 16:16 <DIR> d-------- C:\HiJackThis
2008-01-17 14:59 . 2008-01-17 14:59 318,369 --a------ C:\HiJackThis.zip
2008-01-13 19:17 . 2008-01-13 19:30 <DIR> d-------- C:\Programmi\TVAnts
2008-01-09 15:04 . 2008-01-09 17:09 <DIR> d-------- C:\Programmi\MemoriesOnTV3
2008-01-09 12:16 . 2008-01-09 12:16 268 --ah----- C:\sqmdata00.sqm
2008-01-09 12:16 . 2008-01-09 12:16 244 --ah----- C:\sqmnoopt00.sqm
2008-01-06 13:22 . 2008-01-06 13:22 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-06 13:22 . 2008-01-06 13:22 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-05 14:24 . 2008-01-05 14:24 <DIR> d-------- C:\Programmi\Eidos Interactive
2008-01-05 14:02 . 1995-07-18 15:05 398,416 --------- C:\WINDOWS\system\VBRUN300.DLL
2008-01-05 14:02 . 1995-07-18 15:05 64,544 --------- C:\WINDOWS\system\THREED.VBX
2008-01-05 14:02 . 1995-07-18 15:04 26,272 --------- C:\WINDOWS\system\FXWIN.DLL
2008-01-05 14:02 . 1995-07-18 15:05 22,528 --------- C:\WINDOWS\system\SPIN.VBX
2008-01-05 14:02 . 1995-07-18 15:04 18,688 --------- C:\WINDOWS\system\CMDIALOG.VBX
2008-01-05 14:02 . 2008-01-05 14:02 44 --a------ C:\WINDOWS\atmos.ini
2008-01-05 12:48 . 2008-01-05 12:50 <DIR> d-------- C:\Programmi\Evviva gli Scacchi!
2008-01-04 17:34 . 2008-01-04 17:34 0 --a------ C:\WINDOWS\PowerReg.dat
2008-01-04 16:06 . 2008-01-04 16:06 1,047 --a------ C:\WINDOWS\EVVIVARG.INI
2008-01-04 16:05 . 2008-01-05 12:48 <DIR> d-------- C:\Programmi\Finson Live Update
2008-01-04 16:05 . 2002-10-15 15:29 772,608 --a------ C:\WINDOWS\system32\EvvivaRG.exe
2008-01-04 16:05 . 2003-04-18 11:32 79,872 --a------ C:\WINDOWS\system32\FinsonLU.dll
2008-01-04 16:03 . 2008-01-04 16:03 56 --a------ C:\WINDOWS\SCALA40.INI
2008-01-04 15:41 . 2001-02-05 21:50 106,496 --a------ C:\WINDOWS\system32\EasySound.ocx
2008-01-04 15:41 . 2000-03-06 10:32 38,912 --a------ C:\WINDOWS\system32\hh.exe
2008-01-04 15:41 . 2008-01-04 15:42 520 --a------ C:\WINDOWS\netdet.ini
2008-01-04 15:30 . 2008-01-04 15:30 <DIR> d-------- C:\Documents and Settings\MauroPaga\Dati applicazioni\SolSuite
2008-01-04 15:30 . 2007-09-26 00:00 15 --a------ C:\WINDOWS\FMX_TI8A.DV3
2008-01-04 11:53 . 2008-01-04 11:53 <DIR> d-------- C:\WINDOWS\Preferences
2008-01-04 01:11 . 2008-01-04 01:18 89 --a------ C:\WINDOWS\SOLITUDE.INI
2007-12-25 09:47 . 2007-12-25 09:47 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-24 02:32 . 2008-01-06 19:29 <DIR> d-------- C:\Programmi\TVUPlayer
2007-12-20 20:54 . 2007-12-21 17:51 <DIR> d-------- C:\Programmi\Zylom Games
2007-12-20 20:54 . 2007-12-20 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Zylom
2007-12-19 17:47 . 2007-12-19 17:47 0 --a------ C:\WINDOWS\PlgEnabler2a.INI
2007-12-19 17:41 . 2007-12-19 19:35 <DIR> d-------- C:\Programmi\emagic
2007-12-19 17:07 . 2007-12-19 17:07 44,786 --a------ C:\WINDOWS\Logic 5.prf
2007-12-19 17:03 . 2002-08-13 11:34 258,048 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2007-12-19 17:03 . 2002-08-13 11:34 126,976 --a------ C:\WINDOWS\system32\EASIDS.dll
2007-12-19 17:03 . 2002-09-19 17:33 114,688 --a------ C:\WINDOWS\system32\EASIMME.dll
2007-12-19 17:03 . 2002-08-13 11:34 53,248 --a------ C:\WINDOWS\system32\VSM Manager.dll
2007-12-19 17:03 . 2002-08-13 11:34 36,864 --a------ C:\WINDOWS\system32\Log_ds2.ax
2007-12-19 14:53 . 2008-01-06 12:00 17 --a------ C:\WINDOWS\popcinfo.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 09:09 --------- d-----w C:\Documents and Settings\MauroPaga\Dati applicazioni\OpenOffice.org2
2008-01-16 17:09 --------- d-----w C:\Documents and Settings\MauroPaga\Dati applicazioni\uTorrent
2008-01-06 13:27 --------- d-----w C:\Programmi\ffdshow
2008-01-06 12:17 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-01-04 16:39 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-27 13:45 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-20 18:24 --------- d-----w C:\Documents and Settings\MauroPaga\Dati applicazioni\Skype
2007-12-20 15:00 --------- d-----w C:\Documents and Settings\MauroPaga\Dati applicazioni\skypePM
2007-12-19 16:01 --------- d-----w C:\Programmi\VideoLAN
2007-12-19 16:01 --------- d-----w C:\Programmi\Syncrosoft
2007-12-16 10:44 --------- d-----w C:\Programmi\Microsoft ActiveSync
2007-12-16 09:56 --------- d-----w C:\Programmi\Steinberg
2007-12-15 09:11 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-12-15 09:10 --------- d-----w C:\Programmi\Skype
2007-12-15 09:10 --------- d-----w C:\Programmi\File comuni\Skype
2007-12-15 09:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2007-12-12 08:42 --------- d-----w C:\Programmi\Digidesign
2007-12-12 08:42 --------- d-----w C:\Programmi\Arturia
2007-12-06 10:38 --------- d-----w C:\Programmi\Native Instruments
2007-12-06 09:26 --------- d-----w C:\Programmi\File comuni\Native Instruments
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-28 17:47 --------- d-----w C:\Programmi\PC Inspector File Recovery
2007-11-24 10:26 --------- d-----w C:\Programmi\SONY
2007-11-23 19:22 --------- d-----w C:\Programmi\CyberLink
2007-11-22 17:11 --------- d-----w C:\Documents and Settings\MauroPaga\Dati applicazioni\vlc
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2005-10-22 09:46 25088 C:\WINDOWS\MIDIDEF.EXE]
"H/PC Connection Agent"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="C:\Programmi\IPM\Adsl\DataWay\dslstat.exe" [2003-04-01 10:32 299008]
"DSLAGENTEXE"="dslagent.exe" [2003-04-01 09:53 16384 C:\WINDOWS\system32\dslagent.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"CTHelper"="CTHELPER.EXE" [2005-10-22 10:00 16896 C:\WINDOWS\CTHELPER.EXE]
"REGSHAVE"="C:\Programmi\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-05-08 12:17 185784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

C:\Documents and Settings\MauroPaga\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.2.lnk - C:\Programmi\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56]
PowerReg Scheduler V3.exe [2008-01-04 17:34:44]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-27 14:45:36]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-05-30 14:26:50]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-11-24 14:38 94208 C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 23:29 165784 C:\Programmi\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ebsypgeetr]
c:\documents and settings\mauropaga\impostazioni locali\dati applicazioni\ebsypgeetr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LFAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Programmi\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-08 12:17 185784 C:\Programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--------- 2006-03-06 23:52 36864 C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

R2 LF30FS;LF30FS;C:\Programmi\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys [2004-11-19 16:07]
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 21:23]

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C5CD9787-54F4-6B5A-7054-5E50F28A8F48}]
C:\WINDOWS\crack\crack.exe s
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-08 07:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-01-08 19:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-01-08 13:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 10:20:42
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-18 10.21.25
ComboFix-quarantined-files.txt 2008-01-18 09:21:17
.
2007-12-22 02:01:08 --- E O F ---

LOG HIJACK AGGIORNATO:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.24.44, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmi\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programmi\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5943 bytes

Grazie

[Orange]

Ok, intanto ComboFix ha eliminato il misterioso gsxpqrovs.exe, però c'è ancora qualcosa che non mi convince...


Scarica per favore SDFix e salvalo sul desktop
Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix

Avvia il sistema in modalità provvisoria

- Apri la cartella SDFix situata in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
- seleziona Y per avviare la pulizia
- Quando te lo chiederà premi un tasto per riavviare
(il sistema sarà piu lungo nell'avviarsi perchè lo script eseguirà l'eliminazione dei file trovati)
- Quando apparirà il desktop il tool terminerà il suo lavoro e visualizzerà il messaggio "Finished"
- Premi un tasto per terminare lo script e ricaricare le icone del desktop
- Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt

posta il log finale.

[Niall]

fatto. Per informazione ti dico che il sistema è ancora molto lento, e che il mio secondo disco fisso, che non è quello dove ho installato il sistema operativo, risulta improvvisamente vuoto e non formattato. Possono essere collegate le 2 cose?


SDFix: Version 1.127

Run by MauroPaga on 18/01/2008 at 14.03

Microsoft Windows XP [Versione 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\MauroPaga\Dati applicazioni\addon.dat - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 14:11:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmi\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fa,aa,e2,a3,33,dd,df,a3,de,0a,e5,d0,6a,e5,07,50,57,01,0b,2f,6a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,22,0b,9e,30,db,c1,bd,9e,36,e6,6b,f0,82,de,42,a1,94,..
"khjeh"=hex:55,3f,fd,b1,66,b8,df,e7,c8,99,89,58,d1,54,68,a2,23,61,73,5b,37,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d3,89,13,ce,0b,c5,9c,18,41,9e,47,18,95,76,bb,35,97,83,38,9e,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmi\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fa,aa,e2,a3,33,dd,df,a3,de,0a,e5,d0,6a,e5,07,50,57,01,0b,2f,6a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,22,0b,9e,30,db,c1,bd,9e,36,e6,6b,f0,82,de,42,a1,94,..
"khjeh"=hex:55,3f,fd,b1,66,b8,df,e7,c8,99,89,58,d1,54,68,a2,23,61,73,5b,37,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d3,89,13,ce,0b,c5,9c,18,41,9e,47,18,95,76,bb,35,97,83,38,9e,ea,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 39


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 17 Jun 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 8 Dec 2007 20,992 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\~WRL0005.tmp"
Mon 5 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\~WRL3533.tmp"
Thu 24 Mar 2005 192,512 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\MP4_Dlg.dll"
Fri 18 Jun 2004 143,360 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\ul263enc.dll"
Mon 11 Jul 2005 131,072 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\ulaacdec.dll"
Thu 17 Jun 2004 151,552 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\ulaacenc.dll"
Fri 18 Jun 2004 110,592 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\ulamrdec.dll"
Fri 18 Jun 2004 131,072 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\ulamrenc.dll"
Tue 3 Jan 2006 184,320 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\ulaspdec.dll"
Thu 17 Feb 2005 487,495 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\ulaspenc.dll"
Tue 1 Jun 2004 155,648 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\ulmp3enc.dll"
Sat 25 Feb 2006 200,704 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\ulmp4lib.dll"
Wed 21 Dec 2005 114,688 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\ulspdec.dll"
Mon 21 Nov 2005 299,008 A..H. --- "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\ulspenc.dll"
Tue 21 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 6 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 10 Jun 2005 618,496 A..H. --- "C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe"
Fri 10 Jun 2005 278,528 A..H. --- "C:\Programmi\File comuni\InstallShield\UpdateService\ISDM.exe"
Fri 10 Jun 2005 81,920 A..H. --- "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe"
Fri 10 Jun 2005 368,640 A..H. --- "C:\Programmi\File comuni\InstallShield\UpdateService\_isusres.dll"
Wed 22 Jun 2005 81,920 A..H. --- "C:\Programmi\File comuni\Ulead Systems\MPEG\uvAC3Enc.dll"
Sun 18 Nov 2007 27,648 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\~WRL0001.tmp"
Sun 25 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\~WRL0327.tmp"
Sun 25 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\~WRL1498.tmp"
Sun 25 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\~WRL2097.tmp"
Sun 25 Nov 2007 26,624 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\~WRL2113.tmp"
Sun 25 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\~WRL2168.tmp"
Sun 25 Nov 2007 25,088 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\~WRL2248.tmp"
Sun 25 Nov 2007 28,160 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\~WRL3349.tmp"
Sun 25 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\~WRL3568.tmp"
Sun 25 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\~WRL3574.tmp"
Sun 2 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda falco ocolognola\~WRL0001.tmp"
Sun 16 Dec 2007 28,160 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL0001.tmp"
Sun 16 Dec 2007 28,160 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL0003.tmp"
Sun 16 Dec 2007 28,160 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL0004.tmp"
Sun 16 Dec 2007 28,160 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL0005.tmp"
Sun 16 Dec 2007 27,648 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL0102.tmp"
Sun 16 Dec 2007 28,672 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL0296.tmp"
Sun 16 Dec 2007 29,184 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL0304.tmp"
Sun 16 Dec 2007 28,672 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL0442.tmp"
Sun 16 Dec 2007 28,160 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL0505.tmp"
Sun 16 Dec 2007 29,184 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL0695.tmp"
Sun 16 Dec 2007 29,184 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL1417.tmp"
Sun 16 Dec 2007 25,600 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL1582.tmp"
Sun 16 Dec 2007 27,648 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL1611.tmp"
Sun 16 Dec 2007 28,160 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL1856.tmp"
Sun 16 Dec 2007 29,184 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL1985.tmp"
Sun 16 Dec 2007 29,184 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL2320.tmp"
Sun 16 Dec 2007 28,160 ...H. --- "C:\Documents and Settings\MauroPaga\Documenti\Giornale Di Bergamo\Seconda Categoria\seconda madone prezzatese\~WRL3209.tmp"

Finished!

Grazie

[bdoriano]

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[Niall]

Ecco il tutto:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\utsioppc

*******************

Script file located at: \??\C:\WINDOWS\ecpkubwo.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\documents and settings\mauropaga\impostazioni locali\dati applicazioni\ebsypgeetr.exe not found!
Deletion of file c:\documents and settings\mauropaga\impostazioni locali\dati applicazioni\ebsypgeetr.exe failed!

Could not process line:
c:\documents and settings\mauropaga\impostazioni locali\dati applicazioni\ebsypgeetr.exe
Status: 0xc0000034

File C:\WINDOWS\crack\crack.exe deleted successfully.
File C:\WINDOWS\Tasks\At1.job deleted successfully.
File C:\WINDOWS\Tasks\At2.job deleted successfully.
File C:\WINDOWS\Tasks\At3.job deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.12.23, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UVS10 Preload] C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programmi\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D57F1BB3-FF46-42A1-A1F9-337A9BDEF290}: NameServer = 85.37.17.40 85.38.28.85
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6591 bytes


http://www.freefilehosting.net/download/3ah99


Grazie

[bdoriano]

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[Niall]

Ecco qua:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jetadcds

*******************

Script file located at: \??\C:\Documents and Settings\tnalhpqs.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\MauroPaga\Dati applicazioni\Sun\Java\Deployment\cache\6.0\38\5c7873e6-6b4d73f5 deleted successfully.
File C:\Documents and Settings\MauroPaga\Desktop\Installation\webmediaplayer_setup.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.28.52, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UVS10 Preload] C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programmi\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D57F1BB3-FF46-42A1-A1F9-337A9BDEF290}: NameServer = 85.37.17.40 85.38.28.85
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6816 bytes


Grazie

[Orange]

ciao

[Niall]

No è che stava scansendo l'altro hard disk che è usb, non mi sembrava indispensabile.. Però se credi sia meglio rifarlo, lo faccio, senza interruzioni stavolta..

[Orange]

Ah, se è così, non importa...

Riscontri ancora problemi?

[Niall]

Per ora niente più crash del sistema.. però ho riscontrato lentezza nel caricare Windows e ancora qualche rallentamento a distanza di 5/6 minuti... e poi ho notato un altro particolare, cioè dal pannello di controllo -> installazione applicazioni non mi si carica l'elenco dei programmi.
Attendo lumi

Intanto grazie mille della vostra disponibilità, siete grandi

[Niall]

si può fare proprio niente?

[bdoriano]

L'unico consiglio che ti posso dare è di fare alcune operazioni di pulizia:
- cancellare i files temporanei con ATF-Cleaner
- ripulire il file di registro
- deframmentare il disco