spoolsv.exe chiude le applicazioni
Inviato: gio lug 19, 2007 11:53 am
Salve a tutti
Ho un problema sul pc aziendale con il processo spoolsv.exe
In pratica quando apro le applicazioni di office si chiudono automaticamente notando sul task manager che il processo spoolsv.exe aumenta la % di cpu utilizzata da 0 fino al 70 % sembrerebbe l'effetto di un virus ma nn so di preciso quale sia.
Lo stesso problema avviene anche quando si preme il tasto stampa nel menu file di tutti i programmi quali explorer mozilla acrobat......etc.
posto anche il log di hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 10.43.31, on 19/07/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\XSM.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\File comuni\FotoNation\EvLstnr.exe
C:\WINNT\System32\usbtapnp.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\Windows LPR Spooler\Wlprsp32.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\Java\jre1.5.0_10\bin\jucheck.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\pcdoc001\Impostazioni locali\Temp\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [MGA_CD_Install] E:\mgasetup.exe /No_Welcome /Lang:Italiano
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Programmi\File comuni\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [USBTA] C:\WINNT\System32\usbtapnp.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: Windows LPR Spooler.lnk = C:\Programmi\Windows LPR Spooler\Wlprsp32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O16 - DPF: {511F39B7-8852-11D5-B93E-00609704F4A7} (PNetCompoundFileHandler Class) - https://collaboration.gepower.com/class ... lerExt.cab
O16 - DPF: {77645E00-8794-11D5-B93D-00609704F4A7} (DWGPlugin Class) - https://collaboration.gepower.com/class ... ginExt.cab
O16 - DPF: {77645E02-8794-11D5-B93D-00609704F4A7} (DGNPlugin Class) - https://collaboration.gepower.com/class ... ginExt.cab
O16 - DPF: {77645E03-8794-11D5-B93D-00609704F4A7} (P3Plugin Class) - https://collaboration.gepower.com/class ... ginExt.cab
O16 - DPF: {77645E04-8794-11D5-B93D-00609704F4A7} (ZIPPlugin Class) - https://collaboration.gepower.com/class ... ginExt.cab
O16 - DPF: {F84E8AB8-4FFD-49ED-9547-9E2C9977C284} (PNetUpload Control) - https://collaboration.gepower.com/class ... oadExt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D782C847-C0B1-40EF-B7AF-4D4B8B4EFC58}: NameServer = 192.168.10.206
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programmi\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Xerox Advanced Windows Services (XSM) - Unknown owner - C:\WINNT\System32\XSM.EXE
Grazie a tutti per l'aiuto che mi riuscirete a dare
Ho un problema sul pc aziendale con il processo spoolsv.exe
In pratica quando apro le applicazioni di office si chiudono automaticamente notando sul task manager che il processo spoolsv.exe aumenta la % di cpu utilizzata da 0 fino al 70 % sembrerebbe l'effetto di un virus ma nn so di preciso quale sia.
Lo stesso problema avviene anche quando si preme il tasto stampa nel menu file di tutti i programmi quali explorer mozilla acrobat......etc.
posto anche il log di hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 10.43.31, on 19/07/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\XSM.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\File comuni\FotoNation\EvLstnr.exe
C:\WINNT\System32\usbtapnp.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\Windows LPR Spooler\Wlprsp32.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\Java\jre1.5.0_10\bin\jucheck.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\pcdoc001\Impostazioni locali\Temp\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [MGA_CD_Install] E:\mgasetup.exe /No_Welcome /Lang:Italiano
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Programmi\File comuni\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [USBTA] C:\WINNT\System32\usbtapnp.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: Windows LPR Spooler.lnk = C:\Programmi\Windows LPR Spooler\Wlprsp32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O16 - DPF: {511F39B7-8852-11D5-B93E-00609704F4A7} (PNetCompoundFileHandler Class) - https://collaboration.gepower.com/class ... lerExt.cab
O16 - DPF: {77645E00-8794-11D5-B93D-00609704F4A7} (DWGPlugin Class) - https://collaboration.gepower.com/class ... ginExt.cab
O16 - DPF: {77645E02-8794-11D5-B93D-00609704F4A7} (DGNPlugin Class) - https://collaboration.gepower.com/class ... ginExt.cab
O16 - DPF: {77645E03-8794-11D5-B93D-00609704F4A7} (P3Plugin Class) - https://collaboration.gepower.com/class ... ginExt.cab
O16 - DPF: {77645E04-8794-11D5-B93D-00609704F4A7} (ZIPPlugin Class) - https://collaboration.gepower.com/class ... ginExt.cab
O16 - DPF: {F84E8AB8-4FFD-49ED-9547-9E2C9977C284} (PNetUpload Control) - https://collaboration.gepower.com/class ... oadExt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D782C847-C0B1-40EF-B7AF-4D4B8B4EFC58}: NameServer = 192.168.10.206
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programmi\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Xerox Advanced Windows Services (XSM) - Unknown owner - C:\WINNT\System32\XSM.EXE
Grazie a tutti per l'aiuto che mi riuscirete a dare