[XP sp2] Freeze di 1' dopo il login

[elpasa]

Ciao,
da qualche mese mi succede che appena effettuato il login il sistema si ferma per 70-80" durante i quali è possibile interagire soltanto con le icone del desktop (in modo comunque parziale, non è possibile ad es. accedere alle risorse del computer) ma non con barra delle applicazioni, menu di avvio e tray.

Passato questo minuto abbondante viene caricato il firewall (kerio 2.1.5) e il sistema funziona normalmente.

Idee su come risolvere il problema?

[card72]

controllo cosa carichi alla'avvio, manda un log di hijack

[elpasa]

Logfile of HijackThis v1.99.1
Scan saved at 18.30.40, on 10/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Programmi\Digicom\Michelangelo PCI\CnxDslTb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\utils\Chameleon Clock\ChamClock.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Programmi\utils\HDD Health\hddhealth.exe
C:\Programmi\utils\Skype\Skype.exe
C:\Programmi\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
C:\Programmi\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Programmi\utils\cidial\CiDial.exe
C:\Programmi\utils\BestCrypt\BCResident.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmi\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Kerio Personal Firewall\persfw.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\system32\svchost.exe
C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX09.422\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\utils\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Digicom\Michelangelo PCI\CnxDslTb.exe
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Programmi\utils\BestCrypt\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HomeAlarm] C:\Programmi\utils\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [HDDHealth] C:\Programmi\utils\HDD Health\hddhealth.exe -wl
O4 - HKCU\..\Run: [Skype] "C:\Programmi\utils\Skype\Skype.exe" /nosplash /minimized
O4 - Startup: Collegamento a CiDial.lnk = C:\Programmi\utils\cidial\CiDial.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Programmi\utils\BestCrypt\BestCrypt.exe
O4 - Global Startup: PCSuiteperNokia3650 Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokia3650 TS.lnk = ?
O8 - Extra context menu item: Add to &Teleport - C:\Programmi\utils\Teleport Pro\teleport.htm
O8 - Extra context menu item: Download with GetRight - C:\Programmi\utils\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\utils\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.it
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://webcam-1.cittafiera.it/plugin/h263ctrl.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{869C282A-3CBE-4892-9676-865756857073}: NameServer = 85.37.17.14 85.38.28.78
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: hplun.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programmi\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programmi\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Programmi\Kerio Personal Firewall\persfw.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: Transbase - Transaction Software, D 81737 Munich - C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe

[card72]

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Programmi\utils\BestCrypt\BestCrypt.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Questi mi sembrano sospetti.
Ti consiglio i fare una scansione con antivirus e "SUPERANTISPYWARE"

[Joker84]

hai configurata una rete sul pc?!?

[elpasa]

Quote:

Originariamente inviato da card72

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Programmi\utils\BestCrypt\BestCrypt.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Questi mi sembrano sospetti.
Ti consiglio i fare una scansione con antivirus e "SUPERANTISPYWARE"

Il primo è l'active sync, il secondo è bestcrypt, il terzo è un file di messenger, ma non ho capito perché lo dà come missing (sul disco è presente, comunque nel dubbio l'ho fixato).

Adesso sto facendo un full scan con supercazziemazzi, vediamo se trova qualcos'altro.

ciao e grazie

[elpasa]

Quote:

Originariamente inviato da Joker84

hai configurata una rete sul pc?!?

Si

[Joker84]

Quote:

Originariamente inviato da elpasa

Si

la rete come è configurata. hai un ip dinamico o statico?!?

[elpasa]

Quote:

Originariamente inviato da Joker84

la rete come è configurata. hai un ip dinamico o statico?!?

Statico