|
|
|
![]() |
|
Strumenti |
![]() |
#1 |
Member
Iscritto dal: Jan 2009
Messaggi: 137
|
Win 7 - Non si avvia explorer all'avvio
Ho win 7 ultimate e all'avvio l'explorer.exe non si avvia,
appena accedo mi appare una finestra dell' esplora risorse, non si vede ne la barra delle applicazioni ne desktop,come devo fare? Per avviarlo devo aprire il task manager e fare avvia explorer.exe |
![]() |
![]() |
![]() |
#2 |
Senior Member
Iscritto dal: Jan 2010
Messaggi: 37084
|
Apri il prompt come amministratore e quindi digita il comando: sfc /scannow e dai invio aspetta che abbia terminato il ripristino quindi riavvia il pc.
Ti conviene anche fare delle scansioni AV |
![]() |
![]() |
![]() |
#3 |
Member
Iscritto dal: Jan 2009
Messaggi: 137
|
Ho provato a fare sfc /scannow ma non ha trovato nessun problema e ho già fatto la scansione con av
La versione di win 7 è ultimate |
![]() |
![]() |
![]() |
#5 |
Member
Iscritto dal: Jan 2009
Messaggi: 137
|
Log HijackThis
Codice:
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:11:32, on 05/01/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe C:\Windows\system32\explorer.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\s3trayp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\SmarThru Office\LegacyLauncher.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\SmarThru Office\BackUpSvr.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Everything\Everything.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe C:\Program Files\Orb Networks\Orb\bin\Orb.exe C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe C:\Program Files\DynDNS Updater\DynTray.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\KeePass Password Safe 2\KeePass.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=explorer.exe rundll32.exe iedtcbo O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file) O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" O4 - HKLM\..\Run: [STO Launcher Service] C:\Program Files\SmarThru Office\LegacyLauncher.exe /run O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [STO Backup Service] C:\Program Files\SmarThru Office\BackUpSvr.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKCU\..\Run: [Oregon] C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe --force_start_minimized O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\Windows\system32\fservice.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE') O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Capture Selection - C:\Program Files\SmarThru Office\WebCapture.dll2.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MI068C~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save as HTML - C:\Program Files\SmarThru Office\WebCapture.dll1.htm O8 - Extra context menu item: Save Selected Text - C:\Program Files\SmarThru Office\WebCapture.dll.htm O8 - Extra context menu item: Web Capture - C:\Program Files\SmarThru Office\WebCapture.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI068C~1\Office12\REFIEBAR.DLL O9 - Extra button: Web Capture - {7BDBFB9E-FD6E-43c2-937A-5C9F33FEBE5F} - C:\Program Files\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: Web Capture - {7BDBFB9E-FD6E-43c2-937A-5C9F33FEBE5F} - C:\Program Files\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra button: Capture Selection - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Program Files\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: Capture Selection - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Program Files\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra button: Save Selected Text - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Program Files\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: Save Selected Text - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Program Files\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra button: Save as HTML - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Program Files\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: Save as HTML - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Program Files\SmarThru Office\WebCapture.dll (HKCU) O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B424FB5F-AA73-4BAF-AAA0-8E05B326A099}: NameServer = 85.37.17.49,85.38.28.91 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 2007\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Abyss Web Server (AbyssWebServer) - Unknown owner - C:\Abyss Web Server\abyssws.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe O23 - Service: DTBService - Unknown owner - C:\Program Files\DVRMSToolbox\DTBFWService.exe O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service) - Unknown owner - C:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing) O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.13\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\Users\Michele\Downloads\aircrack-ng-1.1-win\aircrack-ng-1.1-win\bin\wzcook.exe (file missing) -- End of file - 13272 bytes |
![]() |
![]() |
![]() |
#6 |
Senior Member
Iscritto dal: Jan 2010
Messaggi: 37084
|
Hai il pc infetto almeno da questo:
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\Windows\system32\fservice.exe probabilmente un figlio di trojan ![]() http://www.hwupgrade.it/forum/showthread.php?t=1599737 |
![]() |
![]() |
![]() |
#7 |
Member
Iscritto dal: Jan 2009
Messaggi: 137
|
log malwarebyte
Codice:
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versione database: 4736 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 05/01/2011 18:23:40 mbam-log-2011-01-05 (18-23-40).txt Tipo di scansione: Scansione veloce Elementi esaminati: 167817 Tempo trascorso: 10 minuti, 38 secondi Processi infetti in memoria: 0 Moduli di memoria infetti: 0 Chiavi di registro infette: 3 Valori di registro infetti: 1 Voci infette nei dati di registro: 1 Cartelle infette: 0 File infetti: 1 Processi infetti in memoria: (Non sono stati rilevati elementi nocivi) Moduli di memoria infetti: (Non sono stati rilevati elementi nocivi) Chiavi di registro infette: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{5y99ae78-58tt-11dw-be53-y67078979y} (Backdoor.ProRat) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5y99ae78-58tt-11dw-be53-y67078979y} (Backdoor.ProRat) -> No action taken. HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken. Valori di registro infetti: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\directx for microsoft® windows (Backdoor.Prorat) -> No action taken. Voci infette nei dati di registro: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe iedtcbo) Good: (Explorer.exe) -> No action taken. Cartelle infette: (Non sono stati rilevati elementi nocivi) File infetti: C:\Windows\ktd32.atm (Backdoor.ProRat) -> No action taken. |
![]() |
![]() |
![]() |
#8 |
Member
Iscritto dal: Jan 2009
Messaggi: 137
|
Ho risolto tutto con una scansione con Malwarebytes' Anti-Malware
|
![]() |
![]() |
![]() |
#9 |
Senior Member
Iscritto dal: Jan 2010
Messaggi: 37084
|
Rifai la scansione per sicurezza, comuqnue se davvero avessi risolto, come ho già scritto ieri in altra sezione del forum sono sempre più convinto che MalwareBytes in questo momento sia il miglior programma in circolazione per la rimozione del malware
![]() |
![]() |
![]() |
![]() |
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 12:38.