Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

aiuto. non riesco ad eliminare una connessione e1xplorer

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

aiuto. non riesco ad eliminare una connessione e1xplorer

Postdi merante » 14/06/06 13:24

salve, non riesco ad eliminare una connessione che crea un file e1xplorer
ho bloccato il dialer al suo numero e di seguito invio il log di Hijackthis:

p.s. aiutatemi perchè dopo poco mi cade la connessione


StartupList report, 14/06/2006, 13.51.15
StartupList version: 1.52.2
Started from : C:\Documents and Settings\domenico\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programmi\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\LifeView TVR\Remote.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\Programmi\LifeView TVR\RecSche.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Symantec Shared\NMain.exe
C:\WINDOWS\TEMP\win15.tmp.exe
C:\WINDOWS\system32\clickme.exe
C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\domenico\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
Exif Launcher.lnk = ?
InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
Norton GoBack.lnk = C:\Programmi\Norton SystemWorks\Norton GoBack\GBTray.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TaskTray = C:\Programmi\Creative\SBAudigy\Taskbar\CTLTray.exe
Taskbar = C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
MSMSGS = "C:\Programmi\Messenger\msmsgs.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
NAV Helper - C:\Programmi\Norton AntiVirus\NavShExt.dll - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Esegui scansione completa del sistema - domenico.job
Norton SystemWorks One Button Checkup.job
Symantec Drmc.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 5.888 bytes
Report generated in 0,063 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
merante
Newbie
 
Post: 8
Iscritto il: 14/06/06 13:16
Località: italia

Sponsor
 

errata corrige su log

Postdi merante » 14/06/06 13:46

invio l'esatto log del programma
preciso di aver letto gli altri post e di aver tolto
piu volte "O15 - Trusted Zone: http://www.1987324.com" anche in modalità provvisoria, ma niente



Logfile of HijackThis v1.99.1
Scan saved at 14.35.12, on 14/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programmi\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\LifeView TVR\Remote.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\Programmi\LifeView TVR\RecSche.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\TEMP\win15.tmp.exe
C:\WINDOWS\system32\clickme.exe
C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
C:\WINDOWS\TEMP\win2.tmp.exe
C:\Documents and Settings\domenico\Desktop\HijackThis.exe

O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Remote] C:\Programmi\LifeView TVR\Remote.exe
O4 - HKLM\..\Run: [RecSche] "C:\Programmi\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Programmi\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.1987324.com
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\SYSTEM32\winowl32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
merante
Newbie
 
Post: 8
Iscritto il: 14/06/06 13:16
Località: italia

Postdi andorra24 » 14/06/06 14:19

Ciao, apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'' :

C:\WINDOWS\TEMP\win15.tmp.exe
C:\WINDOWS\system32\clickme.exe
C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
C:\WINDOWS\TEMP\win2.tmp.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O15 - Trusted Zone: http://www.1987324.com
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\SYSTEM32\winowl32.dll

assicurati di eliminare i seguenti files exe e la dll:

C:\WINDOWS\TEMP\win15.tmp.exe
C:\WINDOWS\system32\clickme.exe
C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
C:\WINDOWS\TEMP\win2.tmp.exe
C:\WINDOWS\SYSTEM32\winowl32.dll

Puoi farlo usando hijackthis. Apri hijackthis, clicca su Open the misc tools section e premi su Delete a file on reboot. Segui il percorso preciso ed individua i files da eliminare e premi ''apri''. Ti apparira' una finestrella che ti chiede conferma dell'eliminazione del file al reboot.

Inoltre:
Svuota il contenuto delle cartelle temp.
Vai in C:\Programmi ed elimina la cartella E-nrgyPlus
Fai una scansione con ewido:
http://download.ewido.net/ewido-setup.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

ok

Postdi merante » 14/06/06 14:29

grazie per l'aiuto ora provo come mi ai consigliato
poi ti faccio sapere
merante
Newbie
 
Post: 8
Iscritto il: 14/06/06 13:16
Località: italia

Postdi Luke57 » 14/06/06 16:01

Ciao, questo file
C:\Programmi\LifeView TVR\Remote.exe
è spesso indicato come trojan, però in system32. Analizzalo qui:
http://www.virustotal.com/en/indexf.html
inserisci il percorso e premi Send (il file sarà analizzato da diversi antivirus)
Se il responso fosse positivo, riservagli il medesimo trattamento che andorra 24 ti ha suggerito per i file infetti.
Inoltre per la pulizia dei file tmp e tmp, scarica ATF cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
Utilizzalo dalla modalità provvisoria.
Avvialo. Clicca sul menu main e poi seleziona la casella Select All. Adesso clicca sul pulsante Empty selected e aspetta il messaggio Done Cleaning!.
P.S. Un grazie a Holifay da cui ho "carpito" da altra parte la conoscenza di ATF cleaner.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

ringraziamenti

Postdi merante » 15/06/06 08:35

ciao, andorra24 ho fatto quanto dettomi e tutto funziona.
volevo solo ringraziarti di cuore.
saluti
merante
Newbie
 
Post: 8
Iscritto il: 14/06/06 13:16
Località: italia

Re: ringraziamenti

Postdi andorra24 » 15/06/06 08:42

merante ha scritto:ciao, andorra24 ho fatto quanto dettomi e tutto funziona.
volevo solo ringraziarti di cuore.
saluti

Bene, mi fa piacere. :)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo


Torna a Sicurezza e Privacy


Topic correlati a "aiuto. non riesco ad eliminare una connessione e1xplorer":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti