View Full Version : explorer.exe non parte...
Bomb Jack
10-12-2008, 02:08
Salve a tutti, ragazzi.
Ho uno stranissimo problema. Andando al succo: ho windows xp 64, dopo l'ultimo riavvio explorer.exe non si avvia pi da solo all'avvio ed il desktop risulta totalmente vuoto... :( Devo avviarlo io da "nuova operazione" in task manager, che riesco ad aprire con ctl+alt+canc, dopodichè tutto va bene.
Però è assurdo. Che diavolo può essere? :confused: E soprattutto: come si può risolvere?
Grazie a tutti. :)
Strano problema, puoi provare a fare una scansione con hijackthis e vedere se c'è qualche processo che minaccia l'explorer.exe
Bomb Jack
10-12-2008, 17:12
Già, vero, grazie. Ora provo. Posso postare il log?
Già, vero, grazie. Ora provo. Posso postare il log?
si posta pure
Bomb Jack
10-12-2008, 21:59
Grazie. Eccolo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.24.19, on 10/12/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Boot mode: Normal
Running processes:
G:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
G:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe
G:\Programmi\SUPERAntiSpyware Professional\SUPERAntiSpyware.exe
G:\Programmi\Orbit Downloader\orbitdm.exe
G:\Programmi\Vidalia Bundle\Privoxy\privoxy.exe
G:\Programmi\FastStone Capture\FSCapture.exe
F:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe
G:\Programmi\Orbit Downloader\orbitnet.exe
G:\Programmi\Vidalia Bundle\Tor\tor.exe
F:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
G:\Programmi\Foxit Reader\Foxit Reader.exe
G:\Programmi\Musicmatch Jukebox\mmjb.exe
G:\Programmi\Musicmatch Jukebox\MMDiag.exe
G:\Programmi\Musicmatch Jukebox\mim.exe
G:\Programmi\Musicmatch Jukebox\mm_director.exe
G:\Programmi\Musicmatch Jukebox\mm_TDMEngine.exe
G:\Programmi\Mozilla Firefox\firefox.exe
G:\Programmi\OpenOffice\OpenOffice.org 3\program\swriter.exe
G:\Programmi\OpenOffice\OpenOffice.org 3\program\soffice.exe
G:\Programmi\OpenOffice\OpenOffice.org 3\program\soffice.bin
G:\Programmi\SoulseekNS\slsk.exe
G:\Programmi\eMule\emule.exe
G:\Programmi\foobar2000\foobar2000.exe
G:\Programmi\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - G:\Programmi\Orbit Downloader\orbitcth.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Programmi\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] "F:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [avgnt] "G:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min /nosplash
O4 - HKCU\..\Run: [PeerGuardian] G:\Programmi\PeerGuardian\pg2.exe
O4 - HKCU\..\Run: [Vidalia] "G:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Programmi\SUPERAntiSpyware Professional\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: FastStone Capture.lnk = G:\Programmi\FastStone Capture\FSCapture.exe
O4 - Global Startup: Orbit.lnk = G:\Programmi\Orbit Downloader\orbitdm.exe
O4 - Global Startup: Privoxy.lnk = G:\Programmi\Vidalia Bundle\Privoxy\privoxy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/202
O8 - Extra context menu item: Scarica tutti i video usando BitComet - res://G:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Scarica tutto usando BitComet - res://G:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Scarica usando &BitComet - res://G:\Programmi\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O20 - AppInit_DLLs: F:\WINDOWS\SysWOW64\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - G:\Programmi\SUPERAntiSpyware Professional\SASWINLO.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: AODService - Unknown owner - F:\Program.exe (file missing)
O23 - Service: Servizio assistenza di Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - G:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: CSIScanner - Prevx - F:\Program Files (x86)\PrevxCSI\prevxcsi.exe
O23 - Service: Diskeeper - Diskeeper Corporation - G:\Programmi\Diskeeper 2008 Pro Premier\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - F:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - F:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - F:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - F:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - G:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - F:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - F:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - F:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - F:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - F:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - F:\WINDOWS\System32\vssvc.exe (file missing)
--
End of file - 7765 bytes
Ci sono un pò di cose da eliminare, ma non credo sia quelli la causa del problema. Fai una scansione con antispyware
Bomb Jack
11-12-2008, 16:07
...l'analisi automatica sul sito non dava nulla di sbagliato.
Comunque ho fatto anche l'analisi con Spybot e Prevxcsi ma non danno nulla che non va.
Tu a cosa ti riferisci quando parli di antispyware? Quali sarebbero le voci da cancellare?
queste restrizioni le hai impostate tu? se no, fixale pure
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Bomb Jack
11-12-2008, 19:00
Guarda, io internet expolorer non lo uso praticamente mai, e meno accede alla rete, specialmente "a mia insaputa", meglio è, per cui anche se in questo momento non so che tipo di restrizioni possono essere le terrei...
Bomb Jack
13-12-2008, 18:57
...'mbè? Non mi risponde più nessuno? :(
Io non so proprio che fare con questa anomalia... :boh: :help:
aranciammx
13-12-2008, 21:14
avvia regedit dal task manager
vai alla chiave:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution
controlla se ci sono delle cartelle chiamate explorer.exe o iexpolere.exe ed in caso eliminale.
Se così risolvi fai delle scansioni più approfondite perchè hai sicuramente qualche virus.
Ciao.
Bomb Jack
14-12-2008, 23:38
no, non ci sono. io non credo sia un virus, e poi varie scansioni mi danno pulito; inoltre non che explorer non funziona, è che non parte automaticamente come dovrebbe accadere all'avvio del sistema, lo devo avviare io dal task manager. Ho pure controllato con Autoruns, ma risulta normalmente presente la voce all'avvio... :confused:
fixa le voci che ti avevo segnalato poi carica un log aggiornato di hjt
Bomb Jack
16-12-2008, 15:49
Scusa se insisto, ma che c'entra internet explorer con explorer? Mi puoi spiegare cosa sono quelle restrizioni? Non è detto che siano un male...
internet explorer è comunque coinvolto in molte operazioni comuni
e le restrizioni alle voci 06 il 99% delle volte derivano da infezioni
Bomb Jack
22-12-2008, 22:24
...va bene, io ci provo, spero di non fare una caxxata... :(
(cmq, non risultano infezioni neanche con Antivir o SuperAntispyware, per me virus/malware non c'entrano.)
Nel frattempo qualcuno ha qualche altra idea??
P.S. (sorry se rispondo solo ora)
fixa quelli 2 voci 06 e poi carica un nuovo log
Bomb Jack
23-12-2008, 01:01
Eccolo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.59.08, on 23/12/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Boot mode: Normal
Running processes:
G:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
G:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe
G:\Programmi\SUPERAntispyware Professional\SUPERAntiSpyware.exe
G:\Programmi\Orbit Downloader\orbitdm.exe
G:\Programmi\Vidalia Bundle\Privoxy\privoxy.exe
G:\Programmi\FastStone Capture\FSCapture.exe
F:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe
G:\Programmi\Orbit Downloader\orbitnet.exe
G:\Programmi\Vidalia Bundle\Tor\tor.exe
G:\Programmi\Mozilla Firefox\firefox.exe
F:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
G:\Programmi\Musicmatch Jukebox\mmjb.exe
G:\Programmi\Musicmatch Jukebox\MMDiag.exe
G:\Programmi\Musicmatch Jukebox\mm_director.exe
G:\Programmi\Musicmatch Jukebox\mm_TDMEngine.exe
G:\Programmi\Musicmatch Jukebox\mim.exe
G:\Programmi\SoulseekNS\slsk.exe
G:\Programmi\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - G:\Programmi\Orbit Downloader\orbitcth.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Programmi\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] "F:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [avgnt] "G:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min /nosplash
O4 - HKCU\..\Run: [PeerGuardian] G:\Programmi\PeerGuardian\pg2.exe
O4 - HKCU\..\Run: [Vidalia] "G:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Programmi\SUPERAntispyware Professional\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: FastStone Capture.lnk = G:\Programmi\FastStone Capture\FSCapture.exe
O4 - Global Startup: Orbit.lnk = G:\Programmi\Orbit Downloader\orbitdm.exe
O4 - Global Startup: Privoxy.lnk = G:\Programmi\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &Download by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/202
O8 - Extra context menu item: Scarica tutti i video usando BitComet - res://G:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Scarica tutto usando BitComet - res://G:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Scarica usando &BitComet - res://G:\Programmi\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O20 - AppInit_DLLs: F:\WINDOWS\SysWOW64\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - G:\Programmi\SUPERAntispyware Professional\SASWINLO.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: AODService - Unknown owner - F:\Program.exe (file missing)
O23 - Service: Servizio assistenza di Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - G:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: CSIScanner - Prevx - F:\Program Files (x86)\PrevxCSI\prevxcsi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - F:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - F:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - F:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - F:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - G:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - F:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - F:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - F:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - F:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - F:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - F:\WINDOWS\System32\vssvc.exe (file missing)
--
End of file - 7201 bytes
...com'è? ;-)
privoxy è necessario che parta all'avvio?
di COMODO Internet Security cosa hai installato? solo la parte firewall?
Bomb Jack
23-12-2008, 16:47
Direi di si, parte con tutto il pacchetto vidalia.
Di Comodo (è Comodo Firewall comunque) ho sia la parte firewall che la parte HIPS, ma siamo sempre "andati d'accordo"... :) Se fosse il modulo HIPS che blocca explorer.exe, cosa mai successa e quantomeno strana, dovrebbe comparire un avviso...?
Bomb Jack
15-01-2009, 17:42
...ehm, scusa, ma il mio problema persiste... :( :help:
Bomb Jack
17-01-2009, 14:18
...ma sarà uguale all'ultimo :rolleyes: :mbe: :fagiano:
Comunque, eccolo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.05.06, on 17/01/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Boot mode: Normal
Running processes:
G:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
G:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe
G:\Programmi\SUPERAntispyware Professional\SUPERAntiSpyware.exe
G:\Programmi\Orbit Downloader\orbitdm.exe
G:\Programmi\Vidalia Bundle\Privoxy\privoxy.exe
G:\Programmi\FastStone Capture\FSCapture.exe
F:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
G:\Programmi\Orbit Downloader\orbitnet.exe
G:\Programmi\Vidalia Bundle\Tor\tor.exe
F:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
G:\Programmi\Mozilla Firefox\firefox.exe
G:\Programmi\Musicmatch Jukebox\mmjb.exe
G:\Programmi\Musicmatch Jukebox\mim.exe
G:\Programmi\Musicmatch Jukebox\mm_director.exe
G:\Programmi\Foxit Reader\Foxit Reader.exe
G:\Programmi\Musicmatch Jukebox\MMDiag.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Common\ComponentMgr\MMComponentMgr.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\Iron\iron.exe
G:\Programmi\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - G:\Programmi\Orbit Downloader\orbitcth.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Programmi\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Programmi\Orbit Downloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "F:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [avgnt] "G:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min /nosplash
O4 - HKCU\..\Run: [PeerGuardian] G:\Programmi\PeerGuardian\pg2.exe
O4 - HKCU\..\Run: [Vidalia] "G:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Programmi\SUPERAntispyware Professional\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: FastStone Capture.lnk = G:\Programmi\FastStone Capture\FSCapture.exe
O4 - Global Startup: Orbit.lnk = G:\Programmi\Orbit Downloader\orbitdm.exe
O4 - Global Startup: Privoxy.lnk = G:\Programmi\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &Download by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://G:\Programmi\Orbit Downloader\orbitmxt.dll/202
O8 - Extra context menu item: Scarica tutti i video usando BitComet - res://G:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Scarica tutto usando BitComet - res://G:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Scarica usando &BitComet - res://G:\Programmi\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O20 - AppInit_DLLs: F:\WINDOWS\SysWOW64\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - G:\Programmi\SUPERAntispyware Professional\SASWINLO.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: AODService - Unknown owner - F:\Program.exe (file missing)
O23 - Service: Servizio assistenza di Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - G:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - G:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: CSIScanner - Prevx - F:\Program Files (x86)\PrevxCSI\prevxcsi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - F:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - F:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - F:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - F:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - G:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - F:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - F:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - F:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - F:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - F:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - F:\WINDOWS\System32\vssvc.exe (file missing)
--
End of file - 7744 bytes
Aspetto speranzoso. :)
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.