spoolsv - stranissimo fatto

cagnaluia · 02-10-2007, 07:22

Ciao,

quando apro un database ACCESS (office 2003) per qualche motivo, spoolsv parte a manetta.. . poi si ferma.. per ripartire qualche secondo dopo... e via così...
E il database access si pianta.
SE blocco il servizio.. invece, nessun problema.

MA non posso stampare,

.

cagnaluia · 02-10-2007, 08:17

Logfile of HijackThis v1.99.1
Scan saved at 9.19.11, on 02/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\programmi\lenovo\system update\suservice.exe
C:\Programmi\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\Programmi\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\HF3888.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Programmi\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\SPAMfighter\SFAgent.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Programmi\HP\HP UT\bin\hppusg.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\IBM ThinkVantage\Client Security Solution\pwmgre.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\Programmi\Symbian\EPOC Connect\CLIPSYNC.EXE
C:\Programmi\Olympus\DeviceDetector\DevDtct2.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Symbian\EPOC Connect\PSCONSV.EXE
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Microsoft Office\OFFICE11\MSACCESS.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by INDUSTRIE COTTO POSSAGNO S.p.A.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.icp.it.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Programmi\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmi\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmi\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programmi\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HPUsageTracking] C:\Programmi\HP\HP UT\bin\hppusg.exe "C:\Programmi\HP\HP UT\"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Catalyst System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: CopyAnywhere.lnk = C:\Programmi\Symbian\EPOC Connect\CLIPSYNC.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Programmi\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Server di connessione EPOC.lnk = C:\Programmi\Symbian\EPOC Connect\PSCONSV.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/it/it
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1191307449529
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = icp.it.local
O17 - HKLM\Software\..\Telephony: DomainName = icp.it.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = icp.it.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comando remoto Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Scansione in tempo reale di Trend Micro Client-Server Security Agent (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Personal Firewall di Trend Micro Client-Server Security Agent (OfcPfwSvc) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmi\lenovo\system update\suservice.exe
O23 - Service: Trend Micro Client-Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

nV 25 · 02-10-2007, 08:35

a parte il fatto che hai sbagliato sezione

, il log *sembra* pulito (non sono espertissimo, cmq)...

Fai analizzare su Virustotal (http://www.virustotal.com/) questo file per sicurezza?
C:\WINDOWS\TEMP\HF3888.EXE

cagnaluia · 02-10-2007, 08:58

Quote:

Originariamente inviato da nV 25

a parte il fatto che hai sbagliato sezione

, il log *sembra* pulito (non sono espertissimo, cmq)...

Fai analizzare su Virustotal (http://www.virustotal.com/) questo file per sicurezza?
C:\WINDOWS\TEMP\HF3888.EXE

guarda, tolgo il disco e lo cancello... ho visto anch io.. non è bellissimo.

PS: qualcuno può chiudere o spostare il thread?

nV 25 · 02-10-2007, 09:02

prima dammi la soddisfazione di dirmi cosa dice virustotal...

Me lo devi per la risposta che ti ho fornito...

Per lo spostamento, segnala al mod...

cagnaluia · 02-10-2007, 09:14

ok ,ci provo

cagnaluia · 02-10-2007, 09:20

mah.. non è niente.. . ha l'icona di un cagnolino.. secondo me è un programma dell antivirus OfficeScan... di solito sono quelli di TrendMicro che lasciano cagnolini in giro..

qua.. parziale

File HF3888.EXE received on 10.02.2007 10:16:43 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result:
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.10.2.1 2007.10.02 -
AntiVir 7.6.0.18 2007.10.02 -
Authentium 4.93.8 2007.10.02 -
Avast 4.7.1043.0 2007.10.02 -
AVG 7.5.0.488 2007.10.01 -
BitDefender 7.2 2007.10.02 -
CAT-QuickHeal 9.00 2007.10.02 -
ClamAV 0.91.2 2007.10.02 -
DrWeb 4.44.0.09170 2007.10.02 -
eSafe 7.0.15.0 2007.10.01 -
eTrust-Vet 31.2.5178 2007.10.01 -
Ewido 4.0 2007.10.01 -
FileAdvisor 1 2007.10.02 -
Fortinet 3.11.0.0 2007.10.02 -
F-Prot 4.3.2.48 2007.10.01 -
F-Secure 6.70.13030.0 2007.10.02 -
Ikarus T3.1.1.12 2007.10.02 -
Kaspersky 7.0.0.125 2007.10.02 -
McAfee 5131 2007.10.01 -
Microsoft 1.2803 2007.10.02 -
NOD32v2 2564 2007.10.02 -
Norman 5.80.02 2007.10.01 -
Additional information
File size: 172099 bytes
MD5: 421cd213d20eb303e064a1a9f3a9ebea
SHA1: b076b30cfc86c44d0a6f8dbc590a597d6db895f3

cagnaluia · 02-10-2007, 09:20

File HF3888.EXE received on 10.02.2007 10:16:43 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)

02-10-2007, 07:22	#1
cagnaluia Senior Member Iscritto dal: Oct 2003 Città: TV Messaggi: 10840	spoolsv - stranissimo fatto Ciao, quando apro un database ACCESS (office 2003) per qualche motivo, spoolsv parte a manetta.. . poi si ferma.. per ripartire qualche secondo dopo... e via così... E il database access si pianta. SE blocco il servizio.. invece, nessun problema. MA non posso stampare, . __________________ cagnaluia MTB\|DH\|Running\|Diving Eos1DX\|16-35f4Lis\|35f1.4L\|100f2\|300F4LIS

02-10-2007, 08:17	#2
cagnaluia Senior Member Iscritto dal: Oct 2003 Città: TV Messaggi: 10840	Logfile of HijackThis v1.99.1 Scan saved at 9.19.11, on 02/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Trend Micro\Client Server Security Agent\ntrtscan.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe c:\programmi\lenovo\system update\suservice.exe C:\Programmi\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe C:\Programmi\RealVNC\VNC4\WinVNC4.exe C:\Programmi\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe C:\WINDOWS\TEMP\HF3888.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe C:\Programmi\IBM ThinkVantage\Client Security Solution\cssauthe.exe C:\Programmi\Picasa2\PicasaMediaDetector.exe C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\SPAMfighter\SFAgent.exe C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\Programmi\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Programmi\HP\HP UT\bin\hppusg.exe C:\Programmi\PC Connectivity Solution\ServiceLayer.exe C:\Programmi\IBM ThinkVantage\Client Security Solution\pwmgre.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe C:\Programmi\Symbian\EPOC Connect\CLIPSYNC.EXE C:\Programmi\Olympus\DeviceDetector\DevDtct2.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\Symbian\EPOC Connect\PSCONSV.EXE C:\Programmi\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\taskmgr.exe C:\Programmi\Microsoft Office\OFFICE11\MSACCESS.EXE C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by INDUSTRIE COTTO POSSAGNO S.p.A. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.1:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .icp.it.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe O4 - HKLM\..\Run: [cssauthe] "C:\Programmi\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmi\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmi\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programmi\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on O4 - HKLM\..\Run: [HPUsageTracking] C:\Programmi\HP\HP UT\bin\hppusg.exe "C:\Programmi\HP\HP UT\" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Catalyst System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: CopyAnywhere.lnk = C:\Programmi\Symbian\EPOC Connect\CLIPSYNC.EXE O4 - Global Startup: Device Detector 3.lnk = C:\Programmi\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Server di connessione EPOC.lnk = C:\Programmi\Symbian\EPOC Connect\PSCONSV.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing) O11 - Options group: [INTERNATIONAL] International O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/it/it O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1191307449529 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = icp.it.local O17 - HKLM\Software\..\Telephony: DomainName = icp.it.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = icp.it.local O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Comando remoto Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Scansione in tempo reale di Trend Micro Client-Server Security Agent (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\ntrtscan.exe O23 - Service: Personal Firewall di Trend Micro Client-Server Security Agent (OfcPfwSvc) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmi\lenovo\system update\suservice.exe O23 - Service: Trend Micro Client-Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\tmlisten.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing) __________________ cagnaluia MTB\|DH\|Running\|Diving Eos1DX\|16-35f4Lis\|35f1.4L\|100f2\|300F4LIS

02-10-2007, 09:14	#6
cagnaluia Senior Member Iscritto dal: Oct 2003 Città: TV Messaggi: 10840	ok ,ci provo __________________ cagnaluia MTB\|DH\|Running\|Diving Eos1DX\|16-35f4Lis\|35f1.4L\|100f2\|300F4LIS

02-10-2007, 09:20	#7
cagnaluia Senior Member Iscritto dal: Oct 2003 Città: TV Messaggi: 10840	mah.. non è niente.. . ha l'icona di un cagnolino.. secondo me è un programma dell antivirus OfficeScan... di solito sono quelli di TrendMicro che lasciano cagnolini in giro.. qua.. parziale File HF3888.EXE received on 10.02.2007 10:16:43 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: Loading server information... Your file is queued in position: 1. Estimated start time is between 39 and 56 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.10.2.1 2007.10.02 - AntiVir 7.6.0.18 2007.10.02 - Authentium 4.93.8 2007.10.02 - Avast 4.7.1043.0 2007.10.02 - AVG 7.5.0.488 2007.10.01 - BitDefender 7.2 2007.10.02 - CAT-QuickHeal 9.00 2007.10.02 - ClamAV 0.91.2 2007.10.02 - DrWeb 4.44.0.09170 2007.10.02 - eSafe 7.0.15.0 2007.10.01 - eTrust-Vet 31.2.5178 2007.10.01 - Ewido 4.0 2007.10.01 - FileAdvisor 1 2007.10.02 - Fortinet 3.11.0.0 2007.10.02 - F-Prot 4.3.2.48 2007.10.01 - F-Secure 6.70.13030.0 2007.10.02 - Ikarus T3.1.1.12 2007.10.02 - Kaspersky 7.0.0.125 2007.10.02 - McAfee 5131 2007.10.01 - Microsoft 1.2803 2007.10.02 - NOD32v2 2564 2007.10.02 - Norman 5.80.02 2007.10.01 - Additional information File size: 172099 bytes MD5: 421cd213d20eb303e064a1a9f3a9ebea SHA1: b076b30cfc86c44d0a6f8dbc590a597d6db895f3 __________________ cagnaluia MTB\|DH\|Running\|Diving Eos1DX\|16-35f4Lis\|35f1.4L\|100f2\|300F4LIS

02-10-2007, 09:20	#8
cagnaluia Senior Member Iscritto dal: Oct 2003 Città: TV Messaggi: 10840	File HF3888.EXE received on 10.02.2007 10:16:43 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) __________________ cagnaluia MTB\|DH\|Running\|Diving Eos1DX\|16-35f4Lis\|35f1.4L\|100f2\|300F4LIS

02-10-2007, 08:35	#3
nV 25 Bannato Iscritto dal: Jan 2003 Città: Lucca Messaggi: 9119	a parte il fatto che hai sbagliato sezione , il log sembra pulito (non sono espertissimo, cmq)... Fai analizzare su Virustotal (http://www.virustotal.com/) questo file per sicurezza? C:\WINDOWS\TEMP\HF3888.EXE

02-10-2007, 09:02	#5
nV 25 Bannato Iscritto dal: Jan 2003 Città: Lucca Messaggi: 9119	prima dammi la soddisfazione di dirmi cosa dice virustotal... Me lo devi per la risposta che ti ho fornito... Per lo spostamento, segnala al mod...

Strumenti
Mostra una versione stampabile Invia questa pagina per email