|
|
Rank: AiutAmico
Iscritto dal : 11/9/2004
Posts: 45
|
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9.05.38, on 28/04/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\LANDesk\LDClient\localsch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Programmi\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\LANDesk\LDClient\policy.client.invoker.exe
C:\Programmi\LANDesk\LDClient\antivirus\avservice.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Programmi\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Programmi\TOSHIBA\TME3\Tmesrv31.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Programmi\LANDesk\LDClient\antivirus\kavehost.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\TouchED\TouchED.exe
C:\Programmi\TOSHIBA\TME3\TMERzCtl.EXE
C:\Programmi\TOSHIBA\TME3\TMEEJME.EXE
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\TAudEffect\TAudEff.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\LANDesk\LDClient\antivirus\LDav.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\Programmi\Java\jre6\bin\javaws.exe
C:\Programmi\Java\jre1.6.0_07\bin\javaw.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = arraysa:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmi\TOSHIBA\TouchED\TouchED.exe
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Programmi\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Programmi\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TAudEffect] C:\Programmi\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LANDesk Antivirus] "C:\Programmi\LANDesk\LDClient\antivirus\LDav.exe" /systray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://intranet
O15 - Trusted Zone: http://*.gedweb (HKLM)
O15 - Trusted Zone: http://*.seaintranet (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DC91914-186B-4D65-BCA2-2395C7C95080}: NameServer = 80.93.143.42,151.99.125.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sea.spa.dom,bdv.sea,sea-aeroportimilano.it,seadomain.sea-aeroportimilano.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sea.spa.dom,bdv.sea,sea-aeroportimilano.it,seadomain.sea-aeroportimilano.it
O20 - Winlogon Notify: TosBtNP - TosBtNP.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Programmi\LANDesk\Shared Files\residentagent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Programmi\LANDesk\LDClient\localsch.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Programmi\LANDesk\LDClient\tmcsvc.exe
O23 - Service: Servizio di controllo remoto LANDesk (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Programmi\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LANDesk(R) Antivirus (LDAVService) - LANDesk Software, Ltd. - C:\Programmi\LANDesk\LDClient\antivirus\avservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Programmi\LANDesk\LDClient\softmon.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Programmi\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 11283 bytes
|
|
|
|
|
|
Rank: Admin
Iscritto dal : 10/4/2000
Posts: 19,056
|
IL log è pulito, che problemi riscontri?
alfonso_aiutamici@hotmail.it
|
|
Rank: AiutAmico
Iscritto dal : 11/9/2004
Posts: 45
|
Ciao, grazie per il controllo, il problema è un blocco del pc, comparizione maschera blu con scritte bianche per un nanosecondo, da non capire cosa c'è scritto, poi il riavvio della macchina. Questo è avvenuto anche in fase di installazione di software tipo CCleaner.
bo non so, pensavo a qualche virus o altro ma le scansioni danno esito negativo....
|
|
Rank: AiutAmico
Iscritto dal : 11/8/2008
Posts: 13,964
|
Ciao, prova a fare una scansione con Malwarebytes, QUI, lo installi poi aggiornalo e fai una scansione COMPLETA, non veloce, elimina tutto quello che trova, posta il log. Pulisci con Ccleaner compreso il registro. Svuota anche la cartella Prefetch, vai in C:\windows e la cerchi, aprila ed elimina tutto il contenuto. Io eliminerei anche le toolbar inutili, tieni solo quella del motore di ricerca. Fai sapere come va.
|
|
Rank: Admin
Iscritto dal : 10/4/2000
Posts: 19,056
|
Le maschere BLU sono causa di problemi Hardware, se hai aggiunto qualche scheda di memoria o altro, uno di questi potrebbe essere non compatibile o difettoso, oppure sono lenti i contatti.
alfonso_aiutamici@hotmail.it
|
|
Rank: AiutAmico
Iscritto dal : 10/19/2010
Posts: 14,635
|
Ciao, concordo con Alfonso, in quanto il più' delle volte la problematica è legata ad un problema hardware. Se non l'hai fatto, prova ad avviare il PC con un modulo RAM per volta, verifica l'esito. Per un controllo piu' approfondito, ti consiglio di usare Memtest86+, un live cd da scaricare qui, e da avviare prima di windows. Consiglierei di verificare l'efficenza del tuo hard disk,con questo, semplice e in italiano.
 
|
|
|
Guest |
