analisi log hijackthis

pao631 · 06-06-2006, 10.38.38

ciao mi date una mano a capire se c'è qualcosa di strano ?
grazie

Logfile of HijackThis v1.99.1
Scan saved at 10.27.26, on 06/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programmi\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\a-squared\a2guard.exe
C:\Programmi\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WIND OWS\SERVICES.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O2 - BHO: - {bf9a1453-a605-4b7f-a312-db1abef666ff} - C:\WINDOWS\System32\phxpzv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Programmi\a-squared\a2guard.exe"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.1987324.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149511227119
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Servizio iPod (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe

andorra24 · 06-06-2006, 10.52.42

Ciao, fixa queste voci:

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WIND OWS\SERVICES.EXE
O2 - BHO: - {bf9a1453-a605-4b7f-a312-db1abef666ff} - C:\WINDOWS\System32\phxpzv.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present (se questa voce l'hai impostata volutamente oppure con l'ausilio di spybot allora non eliminarla, in caso contrario eliminala)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present (se questa voce l'hai impostata volutamente oppure con l'ausilio di spybot allora non eliminarla, in caso contrario eliminala)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: www.1987324.com
O23 - Service: Servizio iPod (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)

06-06-2006, 10.38.38	#1
pao631 Senior Member Registrato: 24-09-2001 Messaggi: 392	analisi log hijackthis ciao mi date una mano a capire se c'è qualcosa di strano ? grazie Logfile of HijackThis v1.99.1 Scan saved at 10.27.26, on 06/06/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\System32\snmp.exe C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe C:\Programmi\Trend Micro\OfficeScan Client\ofcdog.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\a-squared\a2guard.exe C:\Programmi\Trend Micro\OfficeScan Client\Pop3Trap.exe C:\WINDOWS\System32\wuauclt.exe C:\Programmi\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.it R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WIND OWS\SERVICES.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll O2 - BHO: - {bf9a1453-a605-4b7f-a312-db1abef666ff} - C:\WINDOWS\System32\phxpzv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [a-squared] "C:\Programmi\a-squared\a2guard.exe" O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: www.1987324.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149511227119 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europ...vex/hcImpl.cab O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Servizio iPod (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing) O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe

Discussioni simili
Discussione	Autore discussione	Forum	Risposte	Ultimo messaggio
impossibile cancellari voci con Hijackthis	tetsuo	Sicurezza&Privacy	5	16-02-2009 21.26.59
HijackThis 2.0.2	Thor	Archivio News Software	6	08-07-2007 21.50.15
HijackThis 2.0.0 beta	Thor	Archivio News Software	20	16-03-2007 05.15.44
Analisi log HijackThis	dect	Sicurezza&Privacy	6	24-09-2005 18.21.28
HijackThis 1.99	Gervy	Archivio News Software	1	15-12-2004 18.39.46

06-06-2006, 10.52.42	#2
andorra24 Junior Member Registrato: 14-05-2005 Loc.: Palermo Messaggi: 57	Ciao, fixa queste voci: F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WIND OWS\SERVICES.EXE O2 - BHO: - {bf9a1453-a605-4b7f-a312-db1abef666ff} - C:\WINDOWS\System32\phxpzv.dll O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present (se questa voce l'hai impostata volutamente oppure con l'ausilio di spybot allora non eliminarla, in caso contrario eliminala) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present (se questa voce l'hai impostata volutamente oppure con l'ausilio di spybot allora non eliminarla, in caso contrario eliminala) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: www.1987324.com O23 - Service: Servizio iPod (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)

Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti)

Strumenti discussione
Visualizza versione stampabile Invia questa pagina via e-mail