rumianek
04-06-2006, 14:24
salve a tutti, ragazzi ho un problema...spero che mi possiate aiutare, praticamente cliccando con il tasto dx sul desktop apare la clessidra e il pc non va piu avanti, praticamente non si apre la finestra. Nel task manager sembra tutto a posto...scansioni ok e questo di seguito è il log di hijackthis
StartupList report, 04/06/2006, 12.46.18
StartupList version: 1.52.2
Started from : C:\DOCUME~1\rumianek\IMPOST~1\Temp\Rar$EX06.500\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\asuskbservice.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\anvshell.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\rumianek\IMPOST~1\Temp\Rar$EX06.500\HijackThis.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Smapp = C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
SpeedTouch USB Diagnostics = "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
LogitechVideoRepair = C:\Programmi\Logitech\Video\ISStart.exe
LogitechVideoTray = C:\Programmi\Logitech\Video\LogiTray.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
SunJavaUpdateSched = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
anvshell = anvshell.exe
RemoteControl = "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
avgnt = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
Zone Labs Client = C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
TkBellExe = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Programmi\Messenger\msmsgs.exe" /background
Skype = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
--------------------------------------------------
Enumerating Download Program Files:
[DetInstaller Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avdetinst.dll
CODEBASE = http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
[YInstStarter Class]
InProcServer32 = C:\Programmi\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Programmi\Yahoo!\Common\yinsthelper.dll
[updatePanelX Control]
InProcServer32 = C:\WINDOWS\system32\uusee\internet\updateC.ocx
CODEBASE = http://www.uusee.com/jmd/player/updateC.cab
[AccountHelper Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Account.dll
CODEBASE = https://ssl.tele2.com/inc/accounthelper.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[IWinAmpActiveX Class]
InProcServer32 = C:\PROGRA~1\FILECO~1\Nullsoft\ActiveX\2.4\AmpX.dll
CODEBASE = http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 6.350 bytes
Report generated in 0,000 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 04/06/2006, 12.46.18
StartupList version: 1.52.2
Started from : C:\DOCUME~1\rumianek\IMPOST~1\Temp\Rar$EX06.500\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\asuskbservice.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\anvshell.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\rumianek\IMPOST~1\Temp\Rar$EX06.500\HijackThis.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Smapp = C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
SpeedTouch USB Diagnostics = "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
LogitechVideoRepair = C:\Programmi\Logitech\Video\ISStart.exe
LogitechVideoTray = C:\Programmi\Logitech\Video\LogiTray.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
SunJavaUpdateSched = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
anvshell = anvshell.exe
RemoteControl = "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
avgnt = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
Zone Labs Client = C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
TkBellExe = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Programmi\Messenger\msmsgs.exe" /background
Skype = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
--------------------------------------------------
Enumerating Download Program Files:
[DetInstaller Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avdetinst.dll
CODEBASE = http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
[YInstStarter Class]
InProcServer32 = C:\Programmi\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Programmi\Yahoo!\Common\yinsthelper.dll
[updatePanelX Control]
InProcServer32 = C:\WINDOWS\system32\uusee\internet\updateC.ocx
CODEBASE = http://www.uusee.com/jmd/player/updateC.cab
[AccountHelper Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Account.dll
CODEBASE = https://ssl.tele2.com/inc/accounthelper.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[IWinAmpActiveX Class]
InProcServer32 = C:\PROGRA~1\FILECO~1\Nullsoft\ActiveX\2.4\AmpX.dll
CODEBASE = http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 6.350 bytes
Report generated in 0,000 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only