Ciao a tutti,
finalmente ho deciso di smetterla di smanettare e di vedere di trovare aiuto..
Prima di rompervi le scatole però ho passato 5 ore a vedere tutti i forum possibili...ed ora vi spiego:
-Il PC,uno di quelli piccoli piccoli con su windows XP,ieri sera andava alla grande..e ha concluso il suo lavoro dopo avermi fatto vedere che avevo vinto una quarantina di euro su bwin.it..
-Stamattina accendo e c'è solo lo sfondo del desktop(niente icone,niente barra).
-COl task manager lancio chrome e parto alla ricerca...
Cose che ho fatto e non hanno risolto:
-sono andato in regedit e non c'era la stringa NoDesktop,l'ho creata e non è cambiato nulla
-ho provato a ripristinare il sistema a 2 giorni fa e non cambiato nulla
-non ho il virus EXPLORER o IEXPLORER...non ho quelle stringhe nelle cartelle
-tasto destro con mostra icone del desktop..beh sarei un pirla a non averci provato subito
quindi....sono distrutto...una cosa non capisco..ho scaricato antispyware e simili ma non me li fa partire...li lancio da chrome quando ha finito il download ma non partono...
questo è il Log di hijack...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.28.49, on 11/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Programmi\Tall Emu\Online Armor\OAcat.exe
D:\Programmi\Tall Emu\Online Armor\oasrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
d:\programmi\idt\wdm\stacsv.exe
D:\Programmi\Avira\AntiVir Desktop\sched.exe
D:\Programmi\Avira\AntiVir Desktop\avguard.exe
D:\Programmi\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Programmi\Google\Chrome\Application\chrome.exe
D:\Programmi\Google\Chrome\Application\chrome.exe
D:\Programmi\Google\Chrome\Application\chrome.exe
D:\Programmi\Google\Chrome\Application\chrome.exe
D:\Programmi\Trend Micro\HijackThis\hijackthis.exe
D:\Programmi\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.ask.com?o=15161&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AESTFltr] "D:\WINDOWS\system32\AESTFltr.exe" /NoDlg
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Programmi\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1caa66b228cc8e6) (gupdate1caa66b228cc8e6) - Google Inc. - D:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - D:\Programmi\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - d:\programmi\idt\wdm\stacsv.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - D:\Programmi\Tall Emu\Online Armor\oasrv.exe
--
End of file - 6759 bytes
Grazie mille a tutti coloro che mi aiuteranno!!..
Lorenzo
Rispondi quotando
