riavvio windows XP - netbt.sys

iphiel

Nuovo Utente
1
0
Salve a tutti e complimenti per il sito.
Passo ad esporre il mio problema.
Mio fratello ha concessione dall'azienda per cui lavora un portatile non proprio nuovo (hp 6730b) su cui è installato windows xp.
L'altro giorno al suo ritorno a casa, si è accorto che ad ogni suo utilizzo della scheda di rete (sia tramite accensione dell'antennina wifi inclusa sia utilizzando un cavetto ethernet) il portatile si riavviava.
Smanettando abbiamo notato che il suo antivirus (sophos) aveva messo in quarantena un file "NETBT.sys", non avendo per i diritti di amministratore sulla macchina e non potendo cambiare nulla nell'antivirus, non abbiamo risolto alcun chè. Oggi l'ha portato all'assistenza della sua compagnia, (dove in effetti non ha alcun problema ad accedere alla rete aziendale da ciò che dice), e non hanno trovato alcun problema, adducendo come causa della quarantena un mancato aggiornamento di sophos fallito per un non meglio specificato problema addotto. Tornato a casa abbiamo riprovato la connesione ma il problema persiste, ho spostato il porttile a casa del vicino e utilizzato la sua rete il computer è cmq soggetto a riavvii vari.
Idee su cosa possa aver provocato questo malfuzionamento? Soluzioni? Possibili cause da consigliare?
grazie anticipatamente

ps allego una scansione di HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19.47.39, on 05/04/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Programmi\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\Symantec\pcAnywhere\awhost32.exe
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Sophos\AutoUpdate\almon.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\UMonit.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Programmi\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Programmi\Sophos\AutoUpdate\ALsvc.exe
C:\Programmi\Sophos\Remote Management System\RouterNT.exe
C:\Programmi\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Programmi\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programmi\Hewlett-Packard\HP Connection Manager\SMManager.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Programmi\Hewlett-Packard\Shared\hpqToaster.exe
C:\Documents and Settings\longobardig\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Italia: Hotmail, Messenger, Skype, Windows Live
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxypac.ets.grptop.net/STSproxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.170.196:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Communicator] "C:\Programmi\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Programmi\Sophos\AutoUpdate\almon.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Password.lnk = C:\WINDOWS\Temp\Password.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\dati applicazioni\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\dati applicazioni\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\dati applicazioni\sophos\web intelligence\swi_ifslsp.dll
O15 - Trusted Zone: http://mgate.astsnet.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5028236306
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - http://www.metrocspa.net/eRoomSetup/client.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5156525820
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ets.grptop.net
O17 - HKLM\Software\..\Telephony: DomainName = ets.grptop.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ets.grptop.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ets.grptop.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ets.grptop.net
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Programmi\ActivIdentity\ActivClient\acunlock.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Programmi\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programmi\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Atchksrv (IPFilter) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Limited - C:\Programmi\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Programmi\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: HP Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Programmi\Hewlett-Packard\HP Connection Manager\SMManager.exe
O23 - Service: Sophos Agent - Sophos Limited - C:\Programmi\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Programmi\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Limited - C:\Programmi\Sophos\Remote Management System\RouterNT.exe
O23 - Service: Sophos Web Control Service - Sophos Limited - C:\Programmi\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Programmi\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
O23 - Service: Sophos Web Intelligence Update (swi_update) - Sophos Limited - C:\Documents and Settings\All Users\Dati applicazioni\Sophos\Web Intelligence\swi_update.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/LONGOB~1/IMPOST~1/Temp/msohtml1/16/clip_image002.gif

--
End of file - 12977 bytes
 

Federico83

UTENTE LEGGENDARIO
Utente Èlite
35,407
6,323
CPU
Ryzen 7 3700X
Dissipatore
NDH15
Scheda Madre
Gigabyte auros X570 elite
HDD
4.5TB + 15 di NAS lol
RAM
16 GB G.Skill 3200
GPU
RTX2070
Monitor
IIyama 28" 4K
PSU
Cooler Master GX 650
Case
REV200
OS
Windows11x64pro
Re: riavvio pc -netbt.sys

sposto in sezione adatta
 

Entra

oppure Accedi utilizzando
Discord Ufficiale Entra ora!