Condividi:        

Nuovo file HijackThis :(

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Nuovo file HijackThis :(

Postdi IVU » 17/03/06 19:52

Ciao!! mi sa ke ho un altro spyware... :cry: me lo potete controllare questo file?? Grazie!!

Logfile of HijackThis v1.99.1
Scan saved at 19.27.08, on 17/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Lexmark 5200 series\lxbtbmon.exe
C:\Programmi\Pinnacle\Shared Files\remoterm.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Programmi\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmi\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\eMule\eMule.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\Boris\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {E69CD362-73E3-3B8E-3EC0-AD3E1EF20A26} - C:\DOCUME~1\Boris\DATIAP~1\SOFTWA~1\FREE LIST.exe (file missing)
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleRemote] C:\Programmi\Pinnacle\Shared Files\remoterm.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Bait setup idle ooze] C:\Documents and Settings\All Users\Dati applicazioni\Obj default bait setup\dumbfilm.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [InstantTray] C:\Programmi\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [keep memo] C:\DOCUME~1\Boris\DATIAP~1\MPEGWE~1\loadbash.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteperNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokia6600 TS.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Programmi\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8265785882
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{218B86DE-29A5-4DB0-8D58-7301F89018B0}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
IVU
IVU
Utente Junior
 
Post: 77
Iscritto il: 11/01/06 22:49

Sponsor
 

Postdi Dylan666 » 17/03/06 20:08

Incolla il log qui e dicci quali gialli assolutamente non conosci:

http://hijackthis.de/it
Avatar utente
Dylan666
Moderatore
 
Post: 39983
Iscritto il: 18/11/03 16:46

Postdi IVU » 17/03/06 21:11

Dylan666 ha scritto:Incolla il log qui e dicci quali gialli assolutamente non conosci:

http://hijackthis.de/it

il risultato dell'analisi mi da questi files come non riconosciuti:
C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe [non ne sono sicuro, Lexmark e' la marca della mia stampante]

C:\Programmi\Lexmark 5200 series\lxbtbmon.exe [non ne sono sicuro, Lexmark e' la marca della mia stampante]

O2 - BHO: (no name) - {E69CD362-73E3-3B8E-3EC0-AD3E1EF20A26} - C:\DOCUME~1\Boris\DATIAP~1\SOFTWA~1\FREE LIST.exe (file missing) [l'avevo gia' eliminato una volta l'eseguibile]

O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe"[non ne sono sicuro, Lexmark e' la marca della mia stampante]

O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Bait setup idle ooze] C:\Documents and Settings\All Users\Dati applicazioni\Obj default bait setup\dumbfilm.exe
[dovrebbe essere un virus ke avrei dovuto gia' eliminare]

O4 - HKCU\..\Run: [keep memo] C:\DOCUME~1\Boris\DATIAP~1\MPEGWE~1\loadbash.exe
[dovrebbe essere un virus ke avrei dovuto gia' eliminare]

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{218B86DE-29A5-4DB0-8D58-7301F89018B0}: NameServer = 85.37.17.4 85.38.28.70

Fammi sapere grazie :)
IVU
IVU
Utente Junior
 
Post: 77
Iscritto il: 11/01/06 22:49

Postdi Dylan666 » 17/03/06 21:52

Da modalità provvisoria leva questi:

O4 - HKLM\..\Run: [Bait setup idle ooze] C:\Documents and Settings\All Users\Dati applicazioni\Obj default bait setup\dumbfilm.exe

O4 - HKCU\..\Run: [keep memo] C:\DOCUME~1\Boris\DATIAP~1\MPEGWE~1\loadbash.exe

O2 - BHO: (no name) - {E69CD362-73E3-3B8E-3EC0-AD3E1EF20A26} - C:\DOCUME~1\Boris\DATIAP~1\SOFTWA~1\FREE LIST.exe (file missing)

Pure questo se non sai cosa sia:
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab

Poi nuovo log
Avatar utente
Dylan666
Moderatore
 
Post: 39983
Iscritto il: 18/11/03 16:46

Postdi IVU » 17/03/06 22:15

Ciao!! Ho provato a eliminare i files e ho riffatto il log...eccolo: grazie

Logfile of HijackThis v1.99.1
Scan saved at 22.14.09, on 17/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Pinnacle\Shared Files\remoterm.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Programmi\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmi\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\Lexmark 5200 series\lxbtbmon.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmi\eMule\eMule.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\Boris\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {E69CD362-73E3-3B8E-3EC0-AD3E1EF20A26} - C:\DOCUME~1\Boris\DATIAP~1\SOFTWA~1\FREE LIST.exe (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleRemote] C:\Programmi\Pinnacle\Shared Files\remoterm.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Bait setup idle ooze] C:\Documents and Settings\All Users\Dati applicazioni\Obj default bait setup\dumbfilm.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [InstantTray] C:\Programmi\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [keep memo] C:\DOCUME~1\Boris\DATIAP~1\MPEGWE~1\loadbash.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteperNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokia6600 TS.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8265785882
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{218B86DE-29A5-4DB0-8D58-7301F89018B0}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
IVU
IVU
Utente Junior
 
Post: 77
Iscritto il: 11/01/06 22:49

Postdi Dylan666 » 17/03/06 22:22

Chiudi tutte le finestre di Internet Explorer e leva questo:

O2 - BHO: (no name) - {E69CD362-73E3-3B8E-3EC0-AD3E1EF20A26} - C:\DOCUME~1\Boris\DATIAP~1\SOFTWA~1\FREE LIST.exe (file missing)

Su dumbfilm.exe e loadbash.exe non so che dirti, spero che li conosca tu perché non trovo informazioni su Google

Per il resto pare ok
Avatar utente
Dylan666
Moderatore
 
Post: 39983
Iscritto il: 18/11/03 16:46

Postdi IVU » 17/03/06 22:27

Su dumbfilm.exe e loadbash.exe....questi programmi li avevo gia' eliminati una volta sempre cn la modalita provvisoria e la pagina ke visualizzavo sempre grazie a questi programmi non la visualizzo piu'....pero' adesso visualizzo la solita pagina ke si vede quando ti dice: Impossibile visualizzare pagina e cose varie...Il norton me li dava come virus...non me li da piu' da quando li avevo eliminato come ho detto prima ....dai provero a fare l'ultima kosa ke mi hai detto ....GrAzIe!!!!!
IVU
IVU
Utente Junior
 
Post: 77
Iscritto il: 11/01/06 22:49

Postdi fabrizius » 17/03/06 23:31

Elimina sia dumbfilm.exe che loadbash.exe,tanto a male che vadi hai sempre la possibilità del ripristino.....
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi IVU » 17/03/06 23:42

quidni se continua cosi, dici ke devo ripristinare windows?? azzz non riesco nemmeno a navigare correttamente su internet :cry: quando cerco i files da eliminare....non li trovo piu' li avevo gia' eliminati quella volta in cui me lo dicesti di farlo :( ....
IVU
IVU
Utente Junior
 
Post: 77
Iscritto il: 11/01/06 22:49

Postdi Dylan666 » 17/03/06 23:55

fabrizius diceva che puoi ripristinare le chiavi di quei due EXE sconosciuti da HijackThis se si dovessero rivelare programmi utili, ma nel dubbio di levarli ;)
Avatar utente
Dylan666
Moderatore
 
Post: 39983
Iscritto il: 18/11/03 16:46

Postdi fabrizius » 18/03/06 00:00

Comunque,ora che ho guardato bene il log vedo che hai installato MessengerPlus...,se quando lo hai installato non sei stato bene attento a togliere la spunta per non accettare i programmi sponsor,sei stato tu stesso a dare via libera agli ospiti sgradevoli,,io ti consiglierei di disinstallarlo al piu presto,poi vedi tu....

Esempio in francese:
Immagine
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi Dylan666 » 18/03/06 00:12

Il MSG Plus (parlo per esperienza) non è dannoso, basta non installare gli sponsor se non li si vuoe! Lo dicono pure loro...

http://www.msghelp.net/showthread.php?tid=21598
Avatar utente
Dylan666
Moderatore
 
Post: 39983
Iscritto il: 18/11/03 16:46

Postdi IVU » 18/03/06 13:50

fabrizius ha scritto:Comunque,ora che ho guardato bene il log vedo che hai installato MessengerPlus...,se quando lo hai installato non sei stato bene attento a togliere la spunta per non accettare i programmi sponsor,sei stato tu stesso a dare via libera agli ospiti sgradevoli,,io ti consiglierei di disinstallarlo al piu presto,poi vedi tu....

Esempio in francese:
Immagine

ma lo devo disinstallare e basta o posso reinstallarlo?? Perke e' vero io avevo accettato gli sponsor.... :(
IVU
IVU
Utente Junior
 
Post: 77
Iscritto il: 11/01/06 22:49

Postdi fabrizius » 18/03/06 14:10

Si che puoi reinstallarlo,ma stai attento a non accettare gli sponsor
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi IVU » 19/03/06 00:49

ciao!! ho reinstallato Msn Plus...e quindi non ho installato gli sponsor a quano pare :) ...pero continuo lo stesso a vedere questa pagian ke cvi dicevo :(Immagine
Non so ke devo fare :cry: :cry:
IVU
IVU
Utente Junior
 
Post: 77
Iscritto il: 11/01/06 22:49

Postdi Luke57 » 19/03/06 01:24

Ciao, prova a fare una scansione on line con Panda e posta il risultato:
http://www.pandasoftware.com/products/activescan.htm
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi IVU » 19/03/06 18:54

Ciao!! Ho fatto la scansione e sono rimasto sbalordito :| .....Il norton non me li aveva rilevati ieri sera ke ho fatto la scansione completa del PC....Ditemi ke devo fare :( grazie :)
    Incident Status Location

    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Boris\Cookies\boris@2o7[1].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Boris\Cookies\boris@888[1].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Boris\Cookies\boris@888[2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Boris\Cookies\boris@ad.yieldmanager[2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Boris\Cookies\boris@adopt.hbmediapro[2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Boris\Cookies\boris@ads.pointroll[1].txt
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Boris\Cookies\boris@adtech[2].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Boris\Cookies\boris@adultfriendfinder[1].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Boris\Cookies\boris@advertising[1].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Boris\Cookies\boris@apmebf[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Boris\Cookies\boris@as-eu.falkag[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Boris\Cookies\boris@as-us.falkag[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Boris\Cookies\boris@as1.falkag[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Boris\Cookies\boris@atdmt[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Boris\Cookies\boris@atwola[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Boris\Cookies\boris@belnk[1].txt
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Boris\Cookies\boris@bfast[2].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Boris\Cookies\boris@bluestreak[1].txt
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Boris\Cookies\boris@bravenet[2].txt
    Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Boris\Cookies\boris@bs.serving-sys[1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Boris\Cookies\boris@burstnet[2].txt
    Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Boris\Cookies\boris@c.enhance[1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Boris\Cookies\boris@casalemedia[1].txt
    Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Boris\Cookies\boris@cassava[1].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Boris\Cookies\boris@ccbill[2].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Boris\Cookies\boris@cgi-bin[6].txt
    Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Boris\Cookies\boris@clickbank[1].txt
    Spyware:Cookie/Clubdicecasino Not disinfected C:\Documents and Settings\Boris\Cookies\boris@clubdicecasino[1].txt
    Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Boris\Cookies\boris@counter.hitslink[2].txt
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Boris\Cookies\boris@counter2.sextracker[1].txt
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Boris\Cookies\boris@counter4.sextracker[1].txt
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Boris\Cookies\boris@counter7.sextracker[1].txt
    Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Boris\Cookies\boris@cs.sexcounter[2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Boris\Cookies\boris@dist.belnk[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Boris\Cookies\boris@doubleclick[1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Boris\Cookies\boris@ehg-ads.hitbox[1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Boris\Cookies\boris@ehg-ati.hitbox[1].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Boris\Cookies\boris@errorsafe[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Boris\Cookies\boris@fastclick[2].txt
    Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Boris\Cookies\boris@findwhat[1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Boris\Cookies\boris@hitbox[2].txt
    Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Boris\Cookies\boris@hotlog[1].txt
    Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Boris\Cookies\boris@images.lop[1].txt
    Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Boris\Cookies\boris@kmpads[1].txt
    Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Boris\Cookies\boris@lop[2].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Boris\Cookies\boris@maxserving[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Boris\Cookies\boris@media.fastclick[1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Boris\Cookies\boris@mediaplex[1].txt
    Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Boris\Cookies\boris@outster[2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Boris\Cookies\boris@overture[1].txt
    Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Boris\Cookies\boris@paycounter[1].txt
    Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\Boris\Cookies\boris@paypopup[2].txt
    Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Boris\Cookies\boris@qksrv[2].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Boris\Cookies\boris@questionmarket[2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Boris\Cookies\boris@realmedia[1].txt
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Boris\Cookies\boris@revenue[2].txt
    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Boris\Cookies\boris@rn11[2].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Boris\Cookies\boris@searchportal.information[1].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Boris\Cookies\boris@sel.as-eu.falkag[2].txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Boris\Cookies\boris@server.iad.liveperson[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Boris\Cookies\boris@serving-sys[1].txt
    Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Boris\Cookies\boris@sexlist[1].txt
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Boris\Cookies\boris@sextracker[1].txt
    Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Boris\Cookies\boris@spylog[2].txt
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Boris\Cookies\boris@stat.onestat[2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Boris\Cookies\boris@statcounter[2].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Boris\Cookies\boris@stats1.reliablestats[2].txt
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Boris\Cookies\boris@statse.webtrendslive[1].txt
    Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Boris\Cookies\boris@targetnet[1].txt
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Boris\Cookies\boris@tradedoubler[1].txt
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Boris\Cookies\boris@tradedoubler[3].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Boris\Cookies\boris@trafficmp[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Boris\Cookies\boris@tribalfusion[1].txt
    Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Boris\Cookies\boris@valueclick[1].txt
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Boris\Cookies\boris@webpower[2].txt
    Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Boris\Cookies\boris@winfixer[1].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Boris\Cookies\boris@www.errorsafe[1].txt
    Spyware:Cookie/Mp3s Hits Not disinfected C:\Documents and Settings\Boris\Cookies\boris@www.mp3shits[1].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Boris\Cookies\boris@www.myaffiliateprogram[1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Boris\Cookies\boris@xiti[1].txt
    Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Boris\Cookies\boris@xmts[1].txt
    Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Boris\Cookies\boris@xxxcounter[2].txt
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Boris\Cookies\boris@yadro[1].txt
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Boris\Cookies\boris@z1.adserver[1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Boris\Cookies\boris@zedo[2].txt
    Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Boris\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-281987ef.zip[NewSecurityClassLoader.class]
    Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Boris\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-281987ef.zip[NewURLClassLoader.class]
    Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Boris\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv462.jar-191d7ca7-7e6a0521.zip[Matrix.class]
    Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Boris\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv462.jar-191d7ca7-7e6a0521.zip[Dummy.class]
    Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
IVU
IVU
Utente Junior
 
Post: 77
Iscritto il: 11/01/06 22:49

Postdi fabrizius » 19/03/06 19:02

Niente di allarmante,elimina tutti i cookie e svuota la cache Java
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi IVU » 19/03/06 19:53

ok i cookies li ho eliminati ma la cache java dove la trovo?? :oops:
Grazie! :roll:
IVU
IVU
Utente Junior
 
Post: 77
Iscritto il: 11/01/06 22:49

Postdi Luke57 » 19/03/06 21:45

Ciao, da pannello di controllo, doppio click sul simbolo java>generale>sull'opzione "file temporanei di internet" scegli elimina file, lasci la spunta sulle tre opzioni, clicchi OK.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Nuovo file HijackThis :(":


Chi c’è in linea

Visitano il forum: Nessuno e 24 ospiti