Condividi:        

Aiuto Exsplorer!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Aiuto Exsplorer!!!

Postdi Socmel » 02/05/06 15:02

Da qualche giorno non posso più entrare in certi forum che automaticamente mi installa sto cavolo di Exsplorer. Ho provato in tutti i modi ad eliminarlo ma non c'è verso. Qualcuno mi può aiutare per favore?

Questo il og di HiJack:

Logfile of HijackThis v1.99.1
Scan saved at 15:58:23, on 02/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmi\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\programmi\voipstunt.com\voipstunt\voipstunt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PVSW\bin\W3DBSMGR.EXE
C:\Programmi\Microsoft Office97\Office\msaccess.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\ewido anti-malware\securitysuite.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\francescon.NORBLAST\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da norblast srl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=explorer.exe "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00013.exe"
F3 - REG:win.ini: load=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Programmi\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [SysTray] c:\Program Files\jkdado.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NetAppel] "C:\Programmi\NetAppel\NetAppel.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipStunt] "C:\programmi\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [shell] "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00013.exe"
O4 - Startup: BitTorrent.lnk = C:\Programmi\BitTorrent\bittorrent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office 2000\Office\OSA9.EXE
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = norblast.local
O17 - HKLM\Software\..\Telephony: DomainName = norblast.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = norblast.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = norblast.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = norblast.local
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programmi\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Servizio Bonjour (Bonjour Service) - Unknown owner - C:\Programmi\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Socmel
Newbie
 
Post: 7
Iscritto il: 20/01/06 17:53

Sponsor
 

Postdi Luke57 » 02/05/06 15:27

Ciao, apri hijackthis, premi “ do a system scan only”, cerchi e spunti le voci seguenti:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
F2 - REG:system.ini: Shell=explorer.exe "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00013.exe"
F3 - REG:win.ini: load=
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [SysTray] c:\Program Files\jkdado.exe
O4 - HKCU\..\Run: [shell] " c:\Program Files\jkdado.exe
O4 - HKCU\..\Run: [shell] "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00013.exe
Premi fix checked
2)Riavvia il sistema in
Modalità provvisoria http://service1.symantec.com/SUPPORT/IN ... 6143424924
3)Rendi visibili file e cartelle nascosti (vai in start>impostazioni>pannello di controllo>opzioni cartella, e clicca su "visualizzazione". Seleziona "visualizza file e cartelle nascosti", "visualizza il contenuto delle cartelle di sistema" e deseleziona "nascondi file protetti e di sistema". Clicca su OK.
4)Cerca ed elimina i seguenti file ( se ci sono):
c:\secure32.html
C:\WINDOWS\system32\spoolsvc.exe
c:\Program Files\jkdado.exe
C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00013.exe
5)Poi elimina tutti i file temporanei di windows (temp e tmp, fai così start>cerca>tutti i file e cartelle, nello spazio bianco “nome del file o parte del nome” copi : *.temp; *.tmp ed elimini tutti quelli trovati),
6)cancella tutti i file temporanei di IE, cronologia, cookies;
7)Svuota il cestino.
8)Da pannello di controllo, installazioni\applicazioni, cerchi ed elimini tutti i programmi che non hai installato tu.
9)Fai una scansione on line qui:
http://www.bitdefender.com/scan8/ie.html
10)Posta nuovo log per controllo
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "Aiuto Exsplorer!!!":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3
aiuto x mobili
Autore: MarioLombardi
Forum: Forum off-topic
Risposte: 8

Chi c’è in linea

Visitano il forum: Nessuno e 52 ospiti