Home News Guide Hardware Download Forum Glossario

Condividi:        

Problema e1xplorer

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

Postdi Fagio » 01/09/06 09:21

Sembrava debellato ma è rispuntato fuori, qualcuno mi aiuta? :)

Questo è il log:
Logfile of HijackThis v1.99.1
Scan saved at 10.15.34, on 01/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WXPH\System32\smss.exe
C:\WXPH\system32\winlogon.exe
C:\WXPH\system32\services.exe
C:\WXPH\system32\lsass.exe
C:\WXPH\system32\svchost.exe
C:\WXPH\System32\svchost.exe
C:\WXPH\system32\spoolsv.exe
C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust Antivirus\InoRT.exe
C:\Programmi\CA\eTrust Antivirus\InoTask.exe
C:\WXPH\System32\svchost.exe
C:\WXPH\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Documents and Settings\mexal2\Dati applicazioni\ratorefaci\sysrtmvs.exe
C:\WXPH\System32\ctfmon.exe
C:\mexal_cli_ADP\prog\mxdesk.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Microsoft Office\Office\EXCEL.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\SCANJET\PrecisionScanLT\hpprsclt.exe
C:\Programmi\ZipGenius 5\zipgenius.exe
C:\DOCUME~1\mexal2\IMPOST~1\Temp\ZGTemp\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0712FB8F-FE45-166D-F477-DDE972BE5CC5} - C:\WXPH\npbkp1.dll (file missing)
O2 - BHO: Class - {493C64A2-68D8-00DB-49B1-A424B3007DC4} - C:\WXPH\npbkp1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WXPH\System32\msdxm.ocx
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\mexal2\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WXPH\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Avvia Pc.lnk = C:\Sysadm\Pc-Start.bat
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8027531197
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/closer/close.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = plasticacesena.lan
O17 - HKLM\Software\..\Telephony: DomainName = plasticacesena.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{38BAD992-0FEA-4017-B93B-713EE1AD01D7}: NameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = plasticacesena.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{38BAD992-0FEA-4017-B93B-713EE1AD01D7}: NameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = plasticacesena.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{38BAD992-0FEA-4017-B93B-713EE1AD01D7}: NameServer = 192.168.0.254
O23 - Service: Server RPC di eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: Server Realtime di eTrust Antivirus (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: Server Processi di eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
Fagio
Utente Junior
 
Post: 12
Iscritto il: 24/08/06 07:23
Top
Sponsor
 

Postdi Luke57 » 01/09/06 10:25

Ciao, devi rimandare i log di GMer.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Postdi Fagio » 01/09/06 10:43

Ecco il log fi gmer ;)

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-01 11:37:35
Windows 5.1.2600


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WXPH\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
admcntrl /*Gestione Active Desktop Manager*/@ = C:\WXPH\Downlo~1\nvkwji\jehpclu.exe
InoRPC /*Server RPC di eTrust Antivirus */@ = "C:\Programmi\CA\eTrust Antivirus\InoRpc.exe"
InoRT /*Server Realtime di eTrust Antivirus */@ = "C:\Programmi\CA\eTrust Antivirus\InoRT.exe"
InoTask /*Server Processi di eTrust Antivirus */@ = "C:\Programmi\CA\eTrust Antivirus\InoTask.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Realtime MonitorC:\PROGRA~1\CA\ETRUST~1\realmon.exe -s = C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
@hppwrsavC:\SCANJET\PrecisionScanLT\hppwrsav.exe = C:\SCANJET\PrecisionScanLT\hppwrsav.exe
@aoueiC:\Documents and Settings\mexal2\Dati applicazioni\ratorefaci\sysrtmvs.exe = C:\Documents and Settings\mexal2\Dati applicazioni\ratorefaci\sysrtmvs.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WXPH\svchost.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WXPH\System32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{DCED20BE-3645-11D4-BC95-00C04F0E0588} /*InoShell*/C:\Programmi\CA\eTrust Antivirus\InoShell.dll = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
@{AF32DAFE-1358-4F35-A673-FB123BC6303F} /*Cutter 4.1 Shell Extension*/(null) =
@{310A0C95-EA11-42AE-A8E4-53E69E650310} /*ZipGenius Zip Drop handler*/C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL = C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL
@{FE8D01BF-610A-4261-9C6E-32D65A42C907} /*ZipGenius 5.5 DnD Extract handler*/C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL = C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL
@{3E307794-57B9-473A-98CC-4A039255063F} /*OpenOffice.org/ZipGenius Shell Extension*/C:\PROGRA~1\ZIPGEN~1\oodll.dll = C:\PROGRA~1\ZIPGEN~1\oodll.dll
@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} /*ZipGenius Shell Extension*/C:\PROGRA~1\ZIPGEN~1\contmenu.dll = C:\PROGRA~1\ZIPGEN~1\contmenu.dll
@{2E5AC2E0-406D-11D4-86B3-FA5861508E25} /*ZipGenius Zip InfoTip*/C:\PROGRA~1\ZIPGEN~1\zgtips.dll = C:\PROGRA~1\ZIPGEN~1\zgtips.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
InoShell@{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
ZipGenius 5@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
InoShell@{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
ZipGenius 5@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{0712FB8F-FE45-166D-F477-DDE972BE5CC5}C:\WXPH\npbkp1.dll /*file not found*/ = C:\WXPH\npbkp1.dll /*file not found*/
@{493C64A2-68D8-00DB-49B1-A424B3007DC4}C:\WXPH\npbkp1.dll /*file not found*/ = C:\WXPH\npbkp1.dll /*file not found*/

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WXPH\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WXPH\System32\blank.htm = C:\WXPH\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WXPH\System32\msvidctl.dll
its@CLSID = C:\WXPH\System32\itss.dll
lid@CLSID = C:\WXPH\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WXPH\System32\itss.dll
tv@CLSID = C:\WXPH\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WXPH\System32\msdxm.ocx
wia@CLSID = C:\WXPH\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = plasticacesena.lan

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38BAD992-0FEA-4017-B93B-713EE1AD01D7} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.0.54 = 192.168.0.54
@NameServer192.168.0.254 = 192.168.0.254
@DefaultGateway192.168.0.254 = 192.168.0.254
@Domain =

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Microsoft Office.lnk = Microsoft Office.lnk
Avvia Pc.lnk = Avvia Pc.lnk

---- EOF - GMER 1.0.10 ----
Fagio
Utente Junior
 
Post: 12
Iscritto il: 24/08/06 07:23
Top

Postdi Luke57 » 01/09/06 12:30

Ciao, non vedo grossi riferimenti a linkoptimizer.
Per prima cosa copia l’eseguibile di hijackthis in una cartella del disco fisso (non desktop) appositamente dedicata, tipo C\HJT, in modo che il programma possa fare il backup delle voci eventualmente rimosse.
Apri il programma, premi "open the misc tools section", "open process manager", cerchi il processo (se c'è) e lo evidenzi:
C:\Documents and Settings\mexal2\Dati applicazioni\ratorefaci\sysrtmvs.exe

premi kill process

Torni alla pag.principale con bak, premi "Scan", cerchhi e spnti le voci seguenti:
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0712FB8F-FE45-166D-F477-DDE972BE5CC5} - C:\WXPH\npbkp1.dll (file missing)
O2 - BHO: Class - {493C64A2-68D8-00DB-49B1-A424B3007DC4} - C:\WXPH\npbkp1.dll (file missing)
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\mexal2\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - Global Startup: Avvia Pc.lnk = C:\Sysadm\Pc-Start.bat
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name

premi fix checked.

Cerca ed elimina la cartella:
C:\Documents and Settings\mexal2\Dati applicazioni\ratorefaci
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top
Precedente
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "Problema e1xplorer":

Problema WhatsApp Google Vocale
Autore: crisge73 		Forum: Discussioni
Risposte: 4
Problema con macro copia e rinomina file
Autore: systemcrack 		Forum: Applicazioni Office Windows
Risposte: 2
problema con la stampa
Autore: themisterx 		Forum: Software Windows
Risposte: 5
PROBLEMA notebook hp con windows 11 audio sempre al massimo
Autore: balza14 		Forum: Audio/Video e masterizzazione
Risposte: 13
problema blocco note
Autore: carlin 		Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 28 ospiti