Problema al pc

[pedo89]

Salve, da qualche tempo ho dei problemi al pc.il processo di mozilla aumenta vertiginosamente costringendomi a riavviare il browser, inoltre riscontro un utilizzo del sistema elevato portando il pc ad un alta temperatura anche dopo pochi minuti di utilizzo.
Di seguito, posto il log di hijackthis.
questo log è stato fatto durante il massimo utilizzo.
Spero in un vostro aiuto.
Grazie in anticipo.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:14, on 11/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...4z155v47m2424r
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smsveloce.it/ricerca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...4z155v47m2424r
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...4z155v47m2424r
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 195.149.220.209 www.goldwinpoker.com
O1 - Hosts: 195.149.220.209 goldwinpoker.com
O1 - Hosts: 195.149.220.210 live.goldbet.com
O1 - Hosts: 195.149.220.210 goldbet.com
O1 - Hosts: 195.149.220.210 www.goldbet.com
O1 - Hosts: 195.149.220.210 secure.goldbet.com
O1 - Hosts: 91.213.212.163 livecasino.goldbet.com
O1 - Hosts: 195.149.220.209 gbservice.goldbet.com
O1 - Hosts: 195.149.220.99 mail.goldbetmail.com
O1 - Hosts: 195.149.220.99 mail.goldbet.com
O1 - Hosts: 195.149.220.209 affiliates.goldbet.com
O1 - Hosts: 195.149.220.209 old.goldbet.com
O1 - Hosts: 66.212.226.169 partners.goldbet.com
O1 - Hosts: 195.149.220.209 ced.goldbet.com
O1 - Hosts: 195.149.220.210 marketing.goldbet.com
O1 - Hosts: 195.149.220.209 goldwinportal.com
O1 - Hosts: 195.149.220.209 www.goldwinportal.com
O1 - Hosts: 195.149.220.209 www.betxpro.com
O1 - Hosts: 195.149.220.210 www25.goldbet.com
O1 - Hosts: 195.149.220.210 www35.goldbet.com
O1 - Hosts: 195.149.220.210 content.goldbet.com
O1 - Hosts: 195.149.220.209 www.goalsmania.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: Intralot Poker - {D87CB314-19C3-4f62-9237-8072CE2B9D9C} - C:\Users\UTENTE\Desktop\Intralot Poker.lnk
O9 - Extra 'Tools' menuitem: Intralot Poker - {D87CB314-19C3-4f62-9237-8072CE2B9D9C} - C:\Users\UTENTE\Desktop\Intralot Poker.lnk
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

[aled1974]

hai un bel po' di schifezze nel tuo pc tra goldbet, livecasino e schifezze analoghe, passa in questa sezione http://www.hwupgrade.it/forum/forumdisplay.php?f=125 e comincia a fare qualche scansione tra antivirus (che hai?) e antimalware (malwarebytes antimalware e superantispyware tanto per iniziare)

ed evita di scaricare eventuali schifezze dai siti suddetti

io poi dal log di HJT eliminerei innanzitutto tutti gi O1, tutti gli O* che puntano a siti di scommesse/gioco e tutto ciò che nel log appare come "file missing"

ciao ciao

P.S.
benvenuto

[hyperweb]

Togli queste voci in quanto virus,file mancanti, o applicazioni malevoli.

C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smsveloce.it/ricerca/

O1 - Hosts: 195.149.220.209 www.goldwinpoker.com
O1 - Hosts: 195.149.220.209 goldwinpoker.com
O1 - Hosts: 195.149.220.210 live.goldbet.com
O1 - Hosts: 195.149.220.210 goldbet.com
O1 - Hosts: 195.149.220.210 www.goldbet.com
O1 - Hosts: 195.149.220.210 secure.goldbet.com
O1 - Hosts: 91.213.212.163 livecasino.goldbet.com
O1 - Hosts: 195.149.220.209 gbservice.goldbet.com
O1 - Hosts: 195.149.220.99 mail.goldbetmail.com
O1 - Hosts: 195.149.220.99 mail.goldbet.com
O1 - Hosts: 195.149.220.209 affiliates.goldbet.com
O1 - Hosts: 195.149.220.209 old.goldbet.com
O1 - Hosts: 66.212.226.169 partners.goldbet.com
O1 - Hosts: 195.149.220.209 ced.goldbet.com
O1 - Hosts: 195.149.220.210 marketing.goldbet.com
O1 - Hosts: 195.149.220.209 goldwinportal.com
O1 - Hosts: 195.149.220.209 www.goldwinportal.com
O1 - Hosts: 195.149.220.209 www.betxpro.com
O1 - Hosts: 195.149.220.210 www25.goldbet.com
O1 - Hosts: 195.149.220.210 www35.goldbet.com
O1 - Hosts: 195.149.220.210 content.goldbet.com
O1 - Hosts: 195.149.220.209 www.goalsmania.com

(questi sono tutti dns virus)

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

togli anche tutti le voci che contengono nelle parole finali FILE MISSING o Unknown owner.

Fai poi una pulizia con Combofix, e sarai aposto !!!

[Eress]

Devi editare il file hosts che è corrotto da virus, poi fai delle scansioni con MalwareBytes aggiorntao se non dovessi risolvere ti conviene rivolgerti qui

http://www.hwupgrade.it/forum/forumdisplay.php?f=125

[hyperweb]

Quote:

Originariamente inviato da Eress

Devi editare il file hosts che è corrotto da virus, poi fai delle scansioni con MalwareBytes aggiorntao se non dovessi risolvere ti conviene rivolgerti qui

http://www.hwupgrade.it/forum/forumdisplay.php?f=125

Concordo.
Invece per l'host, se hai windows XP, usa Winsock FIX, uno strumento molto utile.

link x il download ------ http://www.snapfiles.com/get/winsockxpfix.html