ho winXPpro e da un paio di settimane noto che a volte il processo explorer.exe impazzisce e usa il 99% della CPU rallentando tutto. L'unica cosa che posso fare è terminarlo (sparisce tutto tranne lo sfondo!) e riavviarlo.
Cosa strana poi è che succede solo con un account mentre gli altri 3 account non hanno tale problema.
Mi sono imformato un po' sul web:
1) potrebbe essere un worm o virus ma Antivir, Ad-aware, Kerio Firewall, Xcleaner e windows startup inspector non mi segnalano nulla. inoltre il fatto che terminado manulamente il processo mi scompaia tutto credo che significhi che è proprio il vero processo explorer.exe no?!?!
2) potrebbe trattarsi del fatto che windows spesso se non riesce a fare l'anteprima di un file danneggiato continui a provarci all'infinito (tipo busy wait). Tuttavia explorer.exe non "impazzisce" sempre e sopratutto lo fa in momenti apparentemente casuali
Avete suggerimenti?
Di seguito posto anche il log ottnuto con HijackThis:
----------------
Logfile of HijackThis v1.98.0
Scan saved at 23.25.42, on 17/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:windowsSystem32smss.exe
C:windowssystem32winlogon.exe
C:windowssystem32services.exe
C:windowssystem32lsass.exe
C:windowssystem32svchost.exe
C:windowsSystem32svchost.exe
C:windowssystem32spoolsv.exe
C:ProgrammiAVPersonalAVGUARD.EXE
C:ProgrammiApache GroupApache2inApache.exe
C:ProgrammiAVPersonalAVWUPSRV.EXE
C:ProgrammiKerioPersonal Firewall 4kpf4ss.exe
C:ProgrammiFile comuniMicrosoft SharedVS7DEBUGMDM.EXE
C:windowsSystem32
vsvc32.exe
C:ProgrammiApache GroupApache2inApache.exe
C:ProgrammiKerioPersonal Firewall 4kpf4gui.exe
C:ProgrammiAnalog DevicesSoundMAXSMAgent.exe
C:windowsSystem32svchost.exe
C:windowsExplorer.EXE
C:ProgrammiKerioPersonal Firewall 4kpf4gui.exe
C:windowsSystem32carpserv.exe
C:windowsSOUNDMAN.EXE
C:PROGRA~1OPTICA~1KeyboardIkeymain.exe
C:PROGRA~1OPTICA~1MouseAmoumain.exe
C:ProgrammiHewlett-PackardHP Software UpdateHPWuSchd.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
C:ProgrammiHewlett-PackardDigital Imaginginhpotdd01.exe
C:ProgrammiThomsonSpeedTouch USBDragdiag.exe
C:ProgrammiAVPersonalAVGNT.EXE
C:ProgrammiAnalog DevicesSoundMAXSMTray.exe
C:windowsSystem32RUNDLL32.EXE
C:windowsSystem32ctfmon.exe
C:ProgrammiMessengermsmsgs.exe
C:ProgrammiApache GroupApache2inApacheMonitor.exe
C:ProgrammiPeerGuardianPeerGuardian.exe
C:ProgrammiInternet Exploreriexplore.exe
C:Documents and SettingsAll UsersDocumentisetup filesHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:WINDOWSSystem32/left.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.it/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.olidata.it
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammiAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:ProgrammiFreshDevicesFreshDownloadfdcatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:ProgrammiAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:ProgrammiAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O4 - HKLM..Run: [CARPService] carpserv.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [iKeyWorks] C:PROGRA~1OPTICA~1KeyboardIkeymain.exe
O4 - HKLM..Run: [WheelMouse] C:PROGRA~1OPTICA~1MouseAmoumain.exe
O4 - HKLM..Run: [HP Software Update] "C:ProgrammiHewlett-PackardHP Software UpdateHPWuSchd.exe"
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
O4 - HKLM..Run: [DeviceDiscovery] C:ProgrammiHewlett-PackardDigital Imaginginhpotdd01.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:ProgrammiThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [AVGCtrl] "C:ProgrammiAVPersonalAVGNT.EXE" /min
O4 - HKLM..Run: [smapp] C:ProgrammiAnalog DevicesSoundMAXSMTray.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:windowsSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:windowsSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Openwares LiveUpdate] C:Program FilesLiveUpdateLiveUpdate.exe
O4 - HKCU..Run: [CTFMON.EXE] C:windowsSystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:ProgrammiMessengermsmsgs.exe" /background
O4 - Global Startup: Monitor Apache Servers.lnk = C:ProgrammiApache GroupApache2inApacheMonitor.exe
O8 - Extra context menu item: &Download with &DAP - C:DOCUME~1ALESSA~1DOCUME~1DAPdapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:DOCUME~1ALESSA~1DOCUME~1DAPdapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Edit with &XML Spy - C:ProgrammiAltovaXMLSPY2004spy.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:ProgrammiWinHTTrackWinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:ProgrammiWinHTTrackWinHTTrackIEBar.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:PROGRA~1ICQICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:PROGRA~1ICQICQ.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:ProgrammiAltovaXMLSPY2004spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:ProgrammiAltovaXMLSPY2004spy.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.it
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04ab775128c ... 601_it.cab
O17 - HKLMSystemCCSServicesTcpip..{F7ECD393-737B-4484-8C64-6BFFD1586DAC}: NameServer = 80.17.212.208 151.99.125.1
---------------------------
Grazie mille.
Marco