PDA

Visualizza versione completa : PC slooow



Boe.
15-11-2006, 12.04.37
Da qualche giorno (non sono certo ma direi da quando ho aggiornato firefox) il pc si rallenta fino a addormentarsi e ad obbligarmi a resettare.. Sembrerebbe invaso da virus, invce ho norton+firewall e controllato con hijackthis, adaware e spybot senza trovar nulla.
E' un pc non recentissimo (xp1800 e 1gb di pc133 mushkin) ma funzionale che viene utilizzato per contabilitā e prenotazioni aeree. E' inoltre regolarmente deframmentato.

Un mio amico - poco ma ahimč - tecnico č quasi certo che si tratti di un virus nonostante l'antivirus non trovi nulla. Io ho sinceramente molti dubbi e sono piuttosto orientato ad un deterioramento della ram, sopratutto in considerazione del fatto che č sempre acceso.

Non so che pesci pigliare, per cominciare vi posto il logo di HJ:

Boe.
15-11-2006, 12.10.52
Eccolo


Logfile of HijackThis v1.99.1
Scan saved at 12.09.58, on 15/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Programmi\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Symantec\WinFax\WFXCTL32.EXE
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gianluca\Desktop\hijackthis_199\HijackThi s.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Programmi\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Controller.LNK = C:\Programmi\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 3.EXE
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.worldspan.net
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sdatmail2a.worldspan.com/iNotes6W.cab
O16 - DPF: {6DD584C4-79F4-4F46-8F81-C26AA75D8467} (ComboBox.UserControl1) - https://go2f.wspan.com/Secure/DLLs/WSCombo.CAB
O16 - DPF: {6FC2871E-004B-4141-B9C0-59708BD96CCE} (WSEmul Control 3) - https://go2f.wspan.com/Secure/DLLs/WSEMUL3.CAB
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - http://go.worldspan.com/Dlls/WSFileIO3.cab
O16 - DPF: {7DB7E238-1425-4434-8B05-6453AD6A49C6} (WSPrint3 Control) - https://go2f.wspan.com/secure/DLLs/WSPrint3.CAB
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go2f.wspan.com/secure/DLLs/WSFileIO2.cab
O16 - DPF: {8E27C92B-1264-101C-8A2F-040224009C02} - http://gopublic.wspan.com/secure/DLLs/mscal.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://gopublic.wspan.com/Secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {ABB81A12-05DF-11D1-A007-02608CDD90E8} (Pro client Persistent Session Control) - http://cbpshppnas0010a.worldspan.net/w2hlegacy/pro/cphostproclient.cab
O16 - DPF: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - https://gopublic.wspan.com/Secure/DLLs/IEHelper.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - https://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - http://gopublic.wspan.com/scripts/us//DLLs/WSFileIO.cab
O16 - DPF: {F2C74EB6-1E7C-44A1-8EBA-CEDB52D47108} - https://gopublic.wspan.com/Secure/Dlls/WSClient.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - http://gopublic.wspan.com/secure/DLLs/Comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD764B4E-73BC-4CB3-8AEA-E5796E7DFCA1}: NameServer = 151.99.125.1,151.99.0.100
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilitā di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

Cuj0
15-11-2006, 13.22.37
L'unico problema plausibile pare sia norton :sisi:

Boe.
15-11-2006, 15.19.11
Dopo 2 anni che ci gira?

Cuj0
15-11-2006, 15.31.58
Indipendentemente :)

StrangeVibration
16-11-2006, 00.19.06
Hai due virus nel pc. Il primo e norton, ma il piu pericoloso, che e la causa delle stasi e delle catalessi del tuo pc, e sicuramente windows.

Gen.Web
16-11-2006, 00.42.53
prova con una scansione online

NewBusterSword
16-11-2006, 00.48.23
Hai due virus nel pc. Il primo e norton, ma il piu pericoloso, che e la causa delle stasi e delle catalessi del tuo pc, e sicuramente windows.
questa me la segno :asd:

Raziel7
16-11-2006, 11.28.43
Installa un programma come RegSupreme e fai una scansione del registro, spesso il sistema si rallenta proprio in presenza di chiavi mancanti, soprattutto se la pulitura non viene fatta mai. Da fare molta attenzione a cosa selezionare, perchč al posto di velocizzare postresti rischiare di compromettere.

mErLoZZo
16-11-2006, 11.30.16
Anche tiscali come homepage dā parecchio da pensare ;)
prova una scansione con bitdefender, anche trial, sia online che offline.