View Full Version : 15 Minuti per avviare Xp
Da qualche giorno il mio pc ha un problema strano. Carica xp normalmente fino a quando compare il desktop e relative icone, ma da lì rimane in "stallo" per 10-15 minuti senza essere operativo. Poi appaiono le icone anche sulla barra delle applicazioni (tipo quella dell'antivirus) e inizia a funzionare. Ho provato a fare scansioni di ogni tipo e ho già tolto tutti i virus malware e trojan che potevo avere, anche in safe mode.
Ho un netbook Compaq mini.
AMIGASYSTEM
18-05-2010, 15:53
Credo tu sia ancora infettato,fai questi passaggi:
- Fixa tutto il superfluo con HijackThis (http://www.filehippo.com/search?q=HijackThis) lascia solo gli antivirus
- Pulizia globale con CCleaner (http://www.filehippo.com/search?q=ccleaner)
- Scansione con Malwarebytes Anti-Malware (http://www.filehippo.com/search?q=malwarebytes) prima dell'uso aggiornalo
- Scansiona il sistema con Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Questa è la scansione con COMBO FIX
ComboFix 10-05-16.06 - xxx 18/05/2010 21.06.49.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.627 [GMT 2:00]
Eseguito da: D:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2010-04-18 al 2010-05-18 )))))))))))))))))))))))))))))))))))
.
2010-05-18 18:51 . 2010-05-18 18:51 388096 ----a-r- c:\documents and settings\xxx\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-18 18:51 . 2010-05-18 18:51 -------- d-----w- c:\programmi\Trend Micro
2010-05-18 18:05 . 2010-05-18 18:05 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\Malwarebytes
2010-05-18 18:05 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 18:05 . 2010-05-18 18:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-05-18 18:05 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-18 18:05 . 2010-05-18 18:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-17 18:14 . 2010-05-17 18:15 -------- d-----w- c:\programmi\CCleaner
2010-05-17 17:22 . 2009-11-25 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-17 17:22 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-17 17:22 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-17 17:22 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-17 17:21 . 2010-05-17 17:21 -------- d-----w- c:\programmi\Avira
2010-05-17 17:21 . 2010-05-17 17:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-05-17 16:01 . 2010-05-17 16:01 63488 ----a-w- c:\documents and settings\xxx\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-17 16:01 . 2010-05-17 16:01 52224 ----a-w- c:\documents and settings\xxx\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-17 16:01 . 2010-05-17 16:01 117760 ----a-w- c:\documents and settings\xxx\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-17 16:01 . 2010-05-17 16:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-05-17 16:00 . 2010-05-17 18:46 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-05-17 16:00 . 2010-05-17 16:00 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\SUPERAntiSpyware.com
2010-05-17 15:59 . 2010-05-17 15:59 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-05-17 14:11 . 2010-05-17 14:21 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-05-17 13:02 . 2010-05-17 13:02 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\CheckPoint
2010-05-17 12:59 . 2010-05-17 12:59 -------- d-----w- c:\programmi\CheckPoint
2010-05-17 12:59 . 2010-05-17 12:59 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-17 12:59 . 2009-12-04 14:35 46472 ----a-w- c:\windows\system32\vsutil_loc0410.dll
2010-05-17 12:59 . 2009-12-04 14:34 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-17 12:59 . 2009-12-04 14:34 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-17 12:58 . 2009-12-04 14:34 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-17 12:58 . 2010-05-17 12:59 -------- d-----w- c:\windows\system32\ZoneLabs
2010-05-17 10:42 . 2010-05-17 10:42 -------- d-----w- c:\programmi\Zone Labs
2010-05-17 10:42 . 2010-05-18 19:15 -------- d-----w- c:\windows\Internet Logs
2010-04-23 16:36 . 2008-04-13 09:51 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2010-04-23 11:44 . 2008-04-13 09:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2010-04-22 12:33 . 2008-04-13 09:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2010-04-22 12:33 . 2008-04-13 09:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2010-04-22 12:18 . 2008-04-13 09:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2010-04-22 12:17 . 2008-04-13 09:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2010-04-22 12:17 . 2001-08-30 18:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-22 12:17 . 2008-04-13 09:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2010-04-21 20:58 . 2008-04-13 16:47 30208 ----a-w- c:\windows\system32\drivers\modem.sys
2010-04-21 20:58 . 2008-04-13 09:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-21 20:57 . 2008-04-13 09:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-04-21 20:57 . 2008-04-15 04:00 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-04-21 20:55 . 2008-04-15 04:00 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2010-04-21 20:55 . 2008-04-13 09:41 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-04-21 20:48 . 2008-04-13 09:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-04-21 20:48 . 2008-04-13 09:40 20480 ----a-w- c:\windows\system32\drivers\flpydisk.sys
2010-04-21 20:48 . 2008-04-13 09:40 27392 ----a-w- c:\windows\system32\drivers\fdc.sys
2010-04-21 20:45 . 2008-04-13 09:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-04-21 20:45 . 2008-04-13 09:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-04-21 20:45 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2010-04-21 20:44 . 2008-04-15 04:00 59904 ----a-w- c:\windows\system32\drivers\atmarpc.sys
2010-04-21 20:44 . 2008-04-13 09:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-04-21 20:43 . 2008-04-15 04:00 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2010-04-21 20:43 . 2008-04-13 09:51 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2010-04-21 20:43 . 2008-04-13 07:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 18:59 . 2010-05-17 15:32 4467763 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-05-17 15:23 . 2010-04-04 16:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-17 13:47 . 2010-05-17 13:50 288768 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-05-15 19:33 . 2010-03-26 16:21 -------- d-----w- c:\programmi\Google
2010-04-13 18:40 . 2009-09-19 16:41 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\vlc
2010-04-04 20:05 . 2008-06-26 16:00 84702 ----a-w- c:\windows\system32\perfc010.dat
2010-04-04 20:05 . 2008-06-26 16:00 489980 ----a-w- c:\windows\system32\perfh010.dat
2010-04-02 20:20 . 2009-08-01 13:55 386 ----a-w- c:\documents and settings\xxx\Dati applicazioni\wklnhst.dat
2010-03-31 12:04 . 2009-05-10 22:09 -------- d-----w- c:\programmi\Windows Media Connect 2
2010-03-31 12:04 . 2009-05-10 13:55 -------- d-----w- c:\programmi\Microsoft Works
2010-03-31 12:04 . 2009-05-10 13:39 -------- d-----w- c:\programmi\IDT
2010-03-11 12:30 . 2010-03-11 12:30 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:30 . 2010-03-11 12:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:30 . 2010-03-11 12:30 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 22:40 . 2009-12-01 14:48 79488 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-09 11:09 . 2010-03-09 11:09 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2010-04-14 19:48 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2009-12-04 1037192]
"SysTrayApp"="c:\programmi\IDT\WDM\sttray.exe" [2009-03-30 483428]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-10 136600]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"Microsoft Default Manager"="c:\programmi\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"ISW"="c:\programmi\CheckPoint\ZAForceField\ForceField.exe" [2009-10-27 730480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"hpWirelessAssistant"="c:\programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP BTW Detect Program"="c:\programmi\HP\HPBTWD.exe" [2009-03-30 319488]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-12-03 00:34 35184 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\programmi\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-05-06 15:04 2017280 ----a-w- c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables]
2009-04-01 23:51 173360 ----a-w- c:\programmi\syncables\syncables desktop\Syncables.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmi\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [10/05/2009 15.44.14 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [10/05/2009 15.44.14 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [24/09/2008 22.09.40 103792]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [10/05/2009 15.44.14 25584]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [06/05/2010 17.10.20 68168]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\programmi\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [11/12/2008 22.46.22 125424]
R2 BOTService;BOTService;c:\programmi\Roxio\BackOnTrack\Instant Restore\BOTService.exe [19/03/2009 12.04.38 203248]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programmi\CheckPoint\ZAForceField\ISWKL.sys [27/10/2009 17.58.32 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programmi\CheckPoint\ZAForceField\ISWSVC.exe [27/10/2009 17.58.58 476528]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10/05/2009 15.39.24 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [02/03/2009 23.03.48 38912]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/11/2009 15.49.31 717296]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [26/03/2010 18.21.15 136176]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10/03/2008 1.04.52 65536]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
2010-05-18 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\programmi\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 10:05]
2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-03-26 16:21]
2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-03-26 16:21]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cnnb
IE: &AOL Toolbar Cerca - c:\documents and settings\All Users\Dati applicazioni\AOL\ieToolbar\resources\it-IT\local\search.html
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-hsf87efjhdsf87f3jfsdi7fhsujfd - c:\docume~1\GRAZIA~1\IMPOST~1\Temp\taskmgr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 21:22
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(888)
c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Ora fine scansione: 2010-05-18 21:27:45
ComboFix-quarantined-files.txt 2010-05-18 19:27
Pre-Run: 129.073.147.904 byte disponibili
Post-Run: 129.504.137.216 byte disponibili
- - End Of File - - 57BEB32901FBD7B926461569E0A8320C
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.53.19, on 18/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CheckPoint\ZAForceField\ForceField.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Programmi\HP\HPBTWD.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Programmi\MSN\Toolbar\3.0.0559.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Programmi\MSN\Toolbar\3.0.0559.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Programmi\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ISW] "C:\Programmi\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP BTW Detect Program] C:\Programmi\HP\HPBTWD.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Cerca - C:\Documents and Settings\All Users\Dati applicazioni\AOL\ieToolbar\resources\it-IT\local\search.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/mjss/MJSS.cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Programmi\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BOTService - Sonic Solutions - C:\Programmi\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\programmi\idt\wdm\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10381 bytes
E questa è quella di Hijackthis.
Ti sarei grato se mi potessi dare un occhio perchè non ci capisco niente, o in caso contrario di consigliarmi dove poter postare.
AMIGASYSTEM
18-05-2010, 21:11
Non ci sono infezioni,probabilmente qualche applicazione precaricata va in loop,potrebbe essere,raysat_3dsMax2009_32server.exe di 3dsMax o le funzioni lanciate per di ZoneAlarm,ma anche le esecuzioni di Roxio etc...
Se hai dubbi sulle eliminazione,crea un nuovo utente e con HijackThis fixa le voci una alla volta per capire quale esecuzione dorme.Le esecuzione che elimini con HijackThis,non "toccheranno" quelle del tuo utente,ogni utente ha il suo avvio.
sicuramente non è zone alarm perchè l'ho installato solo dopo che è comparso il problema. farò così, grazie per l'aiuto.
AMIGASYSTEM
18-05-2010, 23:20
sicuramente non è zone alarm perchè l'ho installato solo dopo che è comparso il problema. farò così, grazie per l'aiuto.
Pùo essere chiunque,qualche applicazione di 3D Studio Max o Roxio,devi ricordarti le ultime installazione prima dei problemi e puntare su quelli.
Visto che sei appassionato di grafica 3D,cosa ne pensi di questo fatto da mio figlio:
La voce nel primo Trailer è del famoso doppiatore Ivo De Palma.
Trailer 1 (http://www.youtube.com/watch?v=s6mNZusqn2c&feature=related)
Trailer 2 (http://www.youtube.com/watch?v=eLcDXneDZ6k&feature=bulletin)
Tutti le parti che compongono il film:
Saint Seiya the movie parte 1 (http://www.youtube.com/watch?v=vmo2xmMmpls&feature=bulletin)
Saint Seiya the movie parte 2 (http://www.youtube.com/watch?v=L2R4H10oWfY&feature=bulletin)
Saint Seiya the movie parte 3 (http://www.youtube.com/watch?v=VBpBCtoKE1I&feature=bulletin)
Saint Seiya the movie parte 4 (http://www.youtube.com/watch?v=4tudA0sv1C0&feature=bulletin)
Saint Seiya the movie parte 5 (http://www.youtube.com/watch?v=MK0NYFnf2x8&feature=bulletin)
mi scuso ma il computer è della mia donna e io non me ne intendo assolutamente di queste cose :D chiederò a lei di darci un occhio visto che sta studiando questo ambito :D
AMIGASYSTEM
19-05-2010, 18:13
mi scuso ma il computer è della mia donna e io non me ne intendo assolutamente di queste cose :D chiederò a lei di darci un occhio visto che sta studiando questo ambito :D
Non volevo offenderti ... scherzo,sicuramente gli farà piacere,conosco gli amanti del genere,forse criticherà qualcosa,ma alla fine gli piacerà visto che si tratta di un lavoro artigianale fatto da un giovanotto (26 anni) (http://www.senzacolonne.it/index.php?option=com_content&view=article&id=5896:qi-cavalieri-dello-zodiacoq-prendono-vita-su-youtube&catid=104:internet-e-tecnologia&Itemid=308) con un semplice PC.
Nevermind
20-05-2010, 19:03
esegui msconfig.exe
disabilita tutto da avvio automatico e dai servizi (spuntando prima di nascondere quelli microsoft) cosi' vedi se e' qualcosa in avvio a dare fastidio.
Ovviamente poi ci sta una bella scansione del disco fisso per vedere che non abbia bad-cluster. ...ti conviene usare il tool del produttore.
Infine pure un checkdisk /r non e' una brutta idea.
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.