hurryowl
25-05-2004, 21:08
Ciao ho provato in tutti i modi a pulire il mio pc da spyware e altro ho installato ad-aware, eseguendolo pių volte, ho installato spywareblaster aggiornandolo ho rieseguito ad-aware e mi da sempre lo stesso risultato: un tracking cookie categoria data minerva.
ho eseguito hijack, ma non ne capisco molto.. potete aiutarmi? Tra l'altro scorrendo le voci ho ritrovato alcune riguardanti norton antivirus che ho disinstallato :eek: mi date una mano a ripulire il tutto? Grazie
Logfile of HijackThis v1.97.7
Scan saved at 21.01.20, on 25/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Programmi\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Programmi\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Programmi\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Programmi\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Programmi\F-Secure Anti-Virus\backweb\4476822\Program\BackWeb-4476822.exe
C:\Programmi\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Programmi\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Programmi\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\PowerKey.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\CtrlVol.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\F-Secure Anti-Virus\Common\FSM32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
C:\Programmi\Microsoft Office\Office\1040\msoffice.exe
C:\Programmi\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Documenti\Pc\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = libero.it; iol.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Barra degli strumenti Microsoft Office.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1080036445827
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38056.1052430556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8973538C-852D-4F4E-BF03-7C4041D49FC1}: NameServer = 193.70.152.25 193.70.192.25
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.tin.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.tin.it
ho eseguito hijack, ma non ne capisco molto.. potete aiutarmi? Tra l'altro scorrendo le voci ho ritrovato alcune riguardanti norton antivirus che ho disinstallato :eek: mi date una mano a ripulire il tutto? Grazie
Logfile of HijackThis v1.97.7
Scan saved at 21.01.20, on 25/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Programmi\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Programmi\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Programmi\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Programmi\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Programmi\F-Secure Anti-Virus\backweb\4476822\Program\BackWeb-4476822.exe
C:\Programmi\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Programmi\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Programmi\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\PowerKey.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\CtrlVol.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\F-Secure Anti-Virus\Common\FSM32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
C:\Programmi\Microsoft Office\Office\1040\msoffice.exe
C:\Programmi\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Documenti\Pc\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = libero.it; iol.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Barra degli strumenti Microsoft Office.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1080036445827
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38056.1052430556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8973538C-852D-4F4E-BF03-7C4041D49FC1}: NameServer = 193.70.152.25 193.70.192.25
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.tin.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.tin.it