View Full Version : spoolsv - stranissimo fatto
cagnaluia
02-10-2007, 08:22
Ciao,
quando apro un database ACCESS (office 2003) per qualche motivo, spoolsv parte a manetta.. . poi si ferma.. per ripartire qualche secondo dopo... e via così...
E il database access si pianta.
SE blocco il servizio.. invece, nessun problema.
MA non posso stampare, :D .
:confused:
cagnaluia
02-10-2007, 09:17
Logfile of HijackThis v1.99.1
Scan saved at 9.19.11, on 02/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\programmi\lenovo\system update\suservice.exe
C:\Programmi\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\Programmi\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\HF3888.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Programmi\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\SPAMfighter\SFAgent.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Programmi\HP\HP UT\bin\hppusg.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\IBM ThinkVantage\Client Security Solution\pwmgre.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\Programmi\Symbian\EPOC Connect\CLIPSYNC.EXE
C:\Programmi\Olympus\DeviceDetector\DevDtct2.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Symbian\EPOC Connect\PSCONSV.EXE
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Microsoft Office\OFFICE11\MSACCESS.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by INDUSTRIE COTTO POSSAGNO S.p.A.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.icp.it.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Programmi\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmi\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmi\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programmi\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HPUsageTracking] C:\Programmi\HP\HP UT\bin\hppusg.exe "C:\Programmi\HP\HP UT\"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Catalyst System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: CopyAnywhere.lnk = C:\Programmi\Symbian\EPOC Connect\CLIPSYNC.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Programmi\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Server di connessione EPOC.lnk = C:\Programmi\Symbian\EPOC Connect\PSCONSV.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/it/it
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191307449529
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = icp.it.local
O17 - HKLM\Software\..\Telephony: DomainName = icp.it.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = icp.it.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comando remoto Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Scansione in tempo reale di Trend Micro Client-Server Security Agent (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Personal Firewall di Trend Micro Client-Server Security Agent (OfcPfwSvc) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmi\lenovo\system update\suservice.exe
O23 - Service: Trend Micro Client-Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
a parte il fatto che hai sbagliato sezione :read: , il log *sembra* pulito (non sono espertissimo, cmq)...
Fai analizzare su Virustotal (http://www.virustotal.com/) questo file per sicurezza?
C:\WINDOWS\TEMP\HF3888.EXE
cagnaluia
02-10-2007, 09:58
a parte il fatto che hai sbagliato sezione :read: , il log *sembra* pulito (non sono espertissimo, cmq)...
Fai analizzare su Virustotal (http://www.virustotal.com/) questo file per sicurezza?
C:\WINDOWS\TEMP\HF3888.EXE
guarda, tolgo il disco e lo cancello... ho visto anch io.. non è bellissimo.
PS: qualcuno può chiudere o spostare il thread?
prima dammi la soddisfazione di dirmi cosa dice virustotal...
Me lo devi per la risposta che ti ho fornito...:D
Per lo spostamento, segnala al mod...
cagnaluia
02-10-2007, 10:14
ok ,ci provo :D
cagnaluia
02-10-2007, 10:20
mah.. non è niente.. . ha l'icona di un cagnolino.. secondo me è un programma dell antivirus OfficeScan... di solito sono quelli di TrendMicro che lasciano cagnolini in giro.. :D
qua.. parziale
File HF3888.EXE received on 10.02.2007 10:16:43 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result:
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2007.10.2.1 2007.10.02 -
AntiVir 7.6.0.18 2007.10.02 -
Authentium 4.93.8 2007.10.02 -
Avast 4.7.1043.0 2007.10.02 -
AVG 7.5.0.488 2007.10.01 -
BitDefender 7.2 2007.10.02 -
CAT-QuickHeal 9.00 2007.10.02 -
ClamAV 0.91.2 2007.10.02 -
DrWeb 4.44.0.09170 2007.10.02 -
eSafe 7.0.15.0 2007.10.01 -
eTrust-Vet 31.2.5178 2007.10.01 -
Ewido 4.0 2007.10.01 -
FileAdvisor 1 2007.10.02 -
Fortinet 3.11.0.0 2007.10.02 -
F-Prot 4.3.2.48 2007.10.01 -
F-Secure 6.70.13030.0 2007.10.02 -
Ikarus T3.1.1.12 2007.10.02 -
Kaspersky 7.0.0.125 2007.10.02 -
McAfee 5131 2007.10.01 -
Microsoft 1.2803 2007.10.02 -
NOD32v2 2564 2007.10.02 -
Norman 5.80.02 2007.10.01 -
Additional information
File size: 172099 bytes
MD5: 421cd213d20eb303e064a1a9f3a9ebea
SHA1: b076b30cfc86c44d0a6f8dbc590a597d6db895f3
cagnaluia
02-10-2007, 10:20
File HF3888.EXE received on 10.02.2007 10:16:43 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
vBulletin® v3.6.4, Copyright ©2000-2026, Jelsoft Enterprises Ltd.