mary7781

Pubblicità Rompi Scatole !

4 messaggi in questa discussione

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8.42.59, on 12/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Documents and Settings\Administrator\Documenti\Immagini\Firebird_2_1\bin\fbguard.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Documents and Settings\Administrator\Documenti\Immagini\Firebird_2_1\bin\fbserver.exe

C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\FSRremoS.EXE

C:\Programmi\Sharp\Sharpdesk\IndexTray.exe

C:\WINDOWS\system32\Pelmiced.exe

C:\Programmi\Sharp\Sharpdesk\Indexer.exe

C:\Programmi\Sharp\Sharpdesk\SharpTray.exe

C:\PROGRA~1\SHARP\SHARPD~1\Indexer.exe

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\documents and settings\administrator\impostazioni locali\dati applicazioni\gggff.exe

C:\Programmi\SHARP\Button Manager G\btnman.exe

C:\PROGRA~1\Webshots\Webshots.scr

C:\Programmi\IncrediMail\bin\IMApp.exe

C:\Programmi\Internet Explorer\IEXPLORE.EXE

C:\Programmi\Microsoft Office\Office\EXCEL.EXE

C:\Programmi\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\msagent\AgentSvr.exe

C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programmi\P2P_Energy\tbP2P0.dll (file missing)

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [uC_Start] C:\Programmi\IBM\Updater\\ucstartup.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TypeRegChecker] C:\Programmi\Sharp\Sharpdesk\TypeRegChecker.exe

O4 - HKLM\..\Run: [indexTray] C:\Programmi\Sharp\Sharpdesk\IndexTray.exe

O4 - HKLM\..\Run: [indexer] C:\Programmi\Sharp\Sharpdesk\Indexer.exe

O4 - HKLM\..\Run: [sharpTray] C:\Programmi\Sharp\Sharpdesk\SharpTray.exe

O4 - HKLM\..\Run: [scadenzario Pro] C:\Programmi\Scadenzario Pro 1.0 Demo\ScadenzarioPro.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [incrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [incrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [gggff] "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gggff.exe" gggff

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: GA.net Alerter.lnk = H:\GestioneAcquario.Net\Gestione_Allarmi.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: GA.net Alerter.lnk = H:\GestioneAcquario.Net\Gestione_Allarmi.exe (User 'Default user')

O4 - .DEFAULT Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe (User 'Default user')

O4 - Startup: GA.net Alerter.lnk = H:\GestioneAcquario.Net\Gestione_Allarmi.exe

O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe

O4 - Global Startup: Button Manager G.lnk = C:\Programmi\SHARP\Button Manager G\btnman.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmi\PlotSoft\PDFill\DownloadPDF.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://194.244.16.123/g_bin/eng/solitaire_2_0_0_28.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://194.244.16.123/g_bin/eng/roulette_2_0_0_27.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://194.244.16.123/g_bin/eng/cards_2_0_0_77.cab

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://194.244.16.123/g_bin/eng/boards_2_0_0_35.cab

O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Rinera Streaming Control) - http://portal3.rinera.com/download/RineraProxy-1.4.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://194.244.16.123/g_bin/eng/navy_2_0_0_29.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131696567794

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206451280343

O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://194.244.16.123/g_bin/eng/hunter_2_0_0_27.cab

O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) - http://194.244.16.123/g_bin/eng/demon_2_0_0_30.cab

O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://194.244.16.123/g_bin/eng/slots70_2_0_0_35.cab

O16 - DPF: {A811D2D3-9F4B-4ECF-9904-374329395D60} (AXUpload Control) - http://foto.esselungaacasa.it/pod/AXUploadLib.cab

O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://194.244.16.123/g_bin/eng/sudoku_2_0_0_15.cab

O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://194.244.16.123/g_bin/eng/marbles_2_0_0_32.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://194.244.16.123/g_bin/eng/darts_2_0_0_40.cab

O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://194.244.16.123/g_bin/eng/breakout_2_0_0_29.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://194.244.16.123/g_bin/eng/words_2_0_0_51.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://194.244.16.123/g_bin/eng/wordssingle_2_0_0_48.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.fueps.com/gp/resources/games/pu...ploader_v10.cab

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://194.244.16.123/g_bin/eng/mahjong_2_0_0_31.cab

O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://inquiero.sielco.it/inquiero/mod/set...tivex118_24.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://194.244.16.123/g_bin/eng/billard8_2_0_0_35.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://194.244.16.123/g_bin/eng/billardt_2_0_0_35.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://194.244.16.123/g_bin/eng/snooker_2_0_0_35.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{71AF8E4D-E78C-49E9-9611-C77F7CACE5D7}: NameServer = 213.140.2.43,213.140.2.49

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Documents and Settings\Administrator\Documenti\Immagini\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Documents and Settings\Administrator\Documenti\Immagini\Firebird_2_1\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe

O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Silicon Integrated Systems Corporation - (no file)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programmi\File comuni\Symantec Shared\Support Controls\ssrc.exe

--

End of file - 12572 bytes

hijackthis.log

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao mary8177,

Avvia Hijackthis e clicca su "do a system scan only"

Metti la spunta a queste voci e clicca su "fix checked"

O4 - HKCU\..\Run: [gggff] "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gggff.exe" gggff

Scarica the Avenger

Lo salvi in una cartella, scompatti il file .zip

Individua avenger.exe, lo avvii

Inserisci questo script nel box bianco

Files to delete:

c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gggff_navps.dat

c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gggff.dat

c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gggff_nav.dat

c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gggff.exe

folders to delete:

C:\WINDOWS\temp

C:\WINDOWS\Tasks

Clicca su Execute

Il pc dovrebbe riavviarsi (se così non fosse, fallo tu)

Posta il log che verrà creato in C:\Avenger

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gggff_navps.dat" deleted successfully.

File "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gggff.dat" deleted successfully.

File "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gggff_nav.dat" deleted successfully.

File "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gggff.exe" deleted successfully.

Folder "C:\WINDOWS\temp" deleted successfully.

Folder "C:\WINDOWS\Tasks" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora