Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.28.06, on 03/12/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Sandboxie\SbieSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Philips\SPC230NC\Monitor.exe
F:\Programmi\Canon\MyPrinter\BJMyPrt.exe
F:\Programmi\Canon\Solution Menu EX\CNSEMAIN.EXE
F:\Programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
F:\Programmi\DivX\DivX Update\DivXUpdate.exe
F:\WINDOWS\system32\rundll32.exe
F:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
F:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
F:\programmi\real\realplayer\update\realsched.exe
F:\Programmi\Winamp\winampa.exe
F:\Programmi\File comuni\Java\Java Update\jusched.exe
F:\Programmi\System Explorer\SystemExplorer.exe
F:\WINDOWS\system32\RunDll32.exe
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Sandboxie\SbieCtrl.exe
F:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
F:\Programmi\Java\jre7\bin\jqs.exe
F:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
F:\Programmi\Google\Update\GoogleUpdate.exe
F:\Programmi\Google\Update\1.3.21.165\GoogleCrashHandler.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Google\Update\GoogleUpdate.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\System Explorer\service\SystemExplorerService.exe
F:\Programmi\Google\Update\GoogleUpdate.exe
F:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Yahoo Italia
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:21218
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Programmi\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - F:\Programmi\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programmi\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - F:\Programmi\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SPC230NC_Monitor] F:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SPC_Monitor] F:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [CanonMyPrinter] F:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] F:\Programmi\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] F:\Programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [DivXUpdate] "F:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "F:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "F:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\programmi\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] F:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "F:\Programmi\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] F:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "F:\Programmi\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Snoozer] "F:\Documents and Settings\mikey\Dati applicazioni\Snz\Snz.exe"
O4 - HKUS\S-1-5-21-1844237615-507921405-682003330-1003\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1844237615-507921405-682003330-1003\..\Run: [SandboxieControl] "F:\Programmi\Sandboxie\SbieCtrl.exe" (User '?')
O4 - HKUS\S-1-5-21-1844237615-507921405-682003330-1003\..\Run: [Snoozer] "F:\Documents and Settings\mikey\Dati applicazioni\Snz\Snz.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: f:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\prxerdrv.dll
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) -
http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
MSN Games - Free Online Games
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - F:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - F:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - F:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - F:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - F:\Programmi\McAfee Security Scan\3.0.318\McCHSvc.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - F:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - F:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - F:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - F:\Programmi\Sony\Sony PC Companion\PCCService.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - F:\Programmi\System Explorer\service\SystemExplorerService.exe
--
End of file - 9184 bytes
1. Ci sono delle stringhe segnalate dall'analisi di HJT in rosso che nn sò se eliminare
- Malwarebytes mi chiede la licenza ma feci una ripulita prima del crash e mi tolse tanti file POP... rossi, dovrei avere il log da qualche parte.
- Ho pubblicità che si aprono all'apertura di alcune pagine e un motore di ricerca che si mette nella home page di Google Chrome anche se lo tolgo e cancello dalle impostazioni...
questo quà ::
http/ start.qone8 . com/ ecc ecc ... non posto tutto per evitare spam
- Ho due partizioni e uso Google Chrome per alcune cose e Internet Explorer per altre quindi un bel formattone ci vuole proprio ma devo salvare un sacco di roba prima.
2. L'hard disk esterno è un toshiba da 500gb, nn sò se ha la funziona autorun.inf non me lo vede come una cartella dati .. mi dà un iconcina strana e mi dice (spazio disponibile 450 gb ).. nelle proprietà c'è scritto autorun ma sembra come l'autorun dei cd vergini su cui masterizzare file audio... boh io voglio uno spazio tipo cartella dove mettere file importanti ..
3. Per ripulire uso ESET Nod32 versione 5 licenza pi.... e SpyBot e CCleaner insieme a qualcosa on line ma stò pensando di comprare Malwarebts
Ps: si può cambiare il titolo alla discussione ?
