Olimpo Informatico

[giT]

ho notato nella cronologia questi siti

b.skitodayplease- a.doginhispen- 88.80.7.66- 217.146.182.28

che mi si connettono automaticamente da oltre 1 mese.
ma cosa sono?
come faccio a toglierli?
grazie

[ioSOLOio]

Trattasi di virus, ci sono varie discussioni in proposito sul forum.
Ad esempio questa.
Se hai un minimo di dimestichezza con i software li citati, puoi iniziare a fare una scansione con HiKackThis e postare qua di seguito il log.

[giT]

non ho nessuna dimestichezza.. anzi non ci capisco nulla!
se faccio la scansione con avast è lostesso? semmai poi cosa devo fare?
grazie

[ioSOLOio]

[giT]

forse ci sono arrivata.. mi sorprendo.. è qst?

[ioSOLOio]

il log non mi pare indichi cose particolari relative al problema.
Nella discussione linkata prima, dovresti utilizzare gli altri tool come descritto ovvero:

[bdoriano]

Ciao giT,

come ha già detto ioSOLOio, il log di hijackthis, in questo caso, non serve a molto.
Le prime operazioni da fare sono:

• la scansione con FindAWF
  
• seguire le istruzioni di questo topic per postare il log di combofix.

Poi, in base al risultato delle due scansioni, vedremo cos'altro fare.

PS: se vuoi, puoi presentarti qui

[giT]

ho fatto la scansione con FindAWF
adesso che ci faccio??



Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: ECAD-BEBA

Directory di C:\WINDOWS\BAK

09/09/2007 17.44 40.960 NCLAUNCH.EXe
1 File 40.960 byte
2 Directory 63.231.504.384 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: ECAD-BEBA

Directory di C:\PROGRA~1\REGSHAVE\BAK

04/02/2002 22.32 53.248 REGSHAVE.EXE
1 File 53.248 byte
2 Directory 63.231.504.384 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: ECAD-BEBA

Directory di C:\PROGRA~1\WINAMP\BAK

21/11/2006 18.38 35.328 winampa.exe
1 File 35.328 byte
2 Directory 63.231.500.288 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: ECAD-BEBA

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 14.39 15.360 ctfmon.exe
09/07/2001 09.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 63.231.500.288 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: ECAD-BEBA

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

06/09/2007 11.06 79.224 ashDisp.exe
1 File 79.224 byte
2 Directory 63.231.500.288 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: ECAD-BEBA

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

16/11/2007 19.50 68.856 GoogleToolbarNotifier.exe
1 File 68.856 byte
2 Directory 63.231.500.288 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: ECAD-BEBA

Directory di C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

03/07/2001 08.11 57.344 hpgs2wnd.exe
1 File 57.344 byte
2 Directory 63.231.500.288 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: ECAD-BEBA

Directory di C:\PROGRA~1\WINDOW~4\MESSEN~1\BAK

0 File 0 byte
2 Directory 63.231.500.288 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 22 Jan 2008 "C:\WINDOWS\NCLAUNCH.EXe"
40960 9 Sep 2007 "C:\WINDOWS\bak\NCLAUNCH.EXe"
14348 22 Jan 2008 "C:\Programmi\REGSHAVE\REGSHAVE.EXE"
53248 4 Feb 2002 "C:\Programmi\REGSHAVE\bak\REGSHAVE.EXE"
14348 22 Jan 2008 "C:\Programmi\Winamp\winampa.exe"
35328 21 Nov 2006 "C:\Programmi\Winamp\bak\winampa.exe"
14348 22 Jan 2008 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 22 Jan 2008 "C:\WINDOWS\system32\NeroCheck.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
79224 6 Sep 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
52272 9 Sep 2007 "C:\Programmi\Google\googletoolbar1user.exe"
14348 22 Jan 2008 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1195088 9 Sep 2007 "C:\Documents and Settings\Administrator\Impostazioni locali\Temp\GoogleToolbarInstaller_it.exe"
138168 9 Sep 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 16 Nov 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
14348 22 Jan 2008 "C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
57344 3 Jul 2001 "C:\Programmi\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"

[bdoriano]

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[giT]

ComboFix 08-02-12.1 - Administrator 2008-02-11 22.54.30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.117 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\MyWay
C:\Programmi\WinBudget
C:\Programmi\WinBudget\bin\matrix.dll
C:\Programmi\WinBudget\bin\matrix.dll.1202470564.old
C:\Programmi\WinBudget\bin\tempzor

.
((((((((((((((((((((((((( Files Creati Da 2008-01-12 al 2008-02-12 )))))))))))))))))))))))))))))))))))
.

2008-02-04 21:05 . 2008-02-04 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Aliasworlds
2008-02-02 13:53 . 2008-02-02 13:53 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-02 13:53 . 2008-02-02 13:53 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-02 12:04 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-02 12:04 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-02 12:04 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-02 12:03 . 2008-02-02 12:03 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-02-02 11:56 . 2008-02-02 11:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-02 11:56 . 2008-02-02 12:00 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-29 22:29 . 2008-01-29 22:33 <DIR> d-------- C:\Programmi\DAEMON Tools Lite
2008-01-29 22:29 . 2008-01-29 22:29 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\DAEMON Tools
2008-01-29 22:26 . 2008-01-29 22:26 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-22 21:46 . 2008-01-22 21:46 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-22 21:46 . 2008-01-22 21:46 <DIR> d-------- C:\WINDOWS\bak
2008-01-19 22:00 . 2008-01-19 22:00 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Oberon Games
2008-01-19 21:58 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-01-19 21:23 . 2008-01-19 21:55 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\GetRightToGo
2008-01-18 22:52 . 2008-01-18 22:52 <DIR> d-------- C:\Programmi\THQ
2008-01-18 22:17 . 2008-01-18 22:17 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Ace
2008-01-18 22:15 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-01-14 10:06 . 2008-01-14 10:06 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Template

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 09:54 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\uTorrent
2008-02-10 14:52 --------- d-----w C:\Programmi\eMule
2008-02-05 10:50 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Skype
2008-02-04 20:10 --------- d-----w C:\Programmi\Zylom Games
2008-02-04 20:05 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Zylom
2008-01-29 21:00 --------- d-----w C:\Programmi\Oberon Media
2008-01-27 17:50 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-01-22 20:53 --------- d-----w C:\Programmi\Winamp
2008-01-22 20:53 --------- d-----w C:\Programmi\REGSHAVE
2008-01-22 20:51 14,348 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2008-01-22 20:51 14,348 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-22 20:51 14,348 ----a-w C:\WINDOWS\NCLAUNCH.EXe
2008-01-19 21:00 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-19 21:00 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Oberon Games
2008-01-13 20:23 --------- d-----w C:\Programmi\File comuni\ToolSicuro
2008-01-13 20:21 --------- d-----w C:\Programmi\Adverts
2007-12-26 18:31 --------- d-----w C:\Programmi\TomTom HOME
2007-12-22 09:27 --------- d-----w C:\Programmi\Messenger Plus! Live
2007-12-20 16:45 --------- d-----w C:\Programmi\Windows Live
2007-12-20 16:41 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-20 16:32 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-20 16:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-14 21:10 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Home Sweet Home
2007-12-08 20:50 53,462 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-12-08 20:50 5,806 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-17 18:14 197,168 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\setup_it[1].exe
2007-09-12 13:17 0 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\wklnhst.dat
2001-08-31 11:00 94,816 --sh--w C:\WINDOWS\twain.dll
2004-08-19 13:39 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-19 13:39 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-19 13:39 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-19 13:39 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 13:39 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:29 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-19 13:39 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-19 13:39 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 79,224 2007-09-06 10:06:09 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\ashDisp.exe

----a-w 68,856 2007-11-16 18:50:15 C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
----a-w 14,348 2008-01-22 20:51:49 C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

----a-w 57,344 2001-07-03 07:11:52 C:\Programmi\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe
----a-w 14,348 2008-01-22 20:51:49 C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

----a-w 53,248 2002-02-04 21:32:10 C:\Programmi\REGSHAVE\bak\REGSHAVE.EXE
----a-w 14,348 2008-01-22 20:51:49 C:\Programmi\REGSHAVE\REGSHAVE.EXE

----a-w 35,328 2006-11-21 17:38:22 C:\Programmi\Winamp\bak\winampa.exe
----a-w 14,348 2008-01-22 20:51:49 C:\Programmi\Winamp\winampa.exe

----a-w 40,960 2007-09-09 16:44:53 C:\WINDOWS\bak\NCLAUNCH.EXe
----a-w 14,348 2008-01-22 20:51:49 C:\WINDOWS\NCLAUNCH.EXe

----a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 14,348 2008-01-22 20:51:49 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2001-07-09 08:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w 14,348 2008-01-22 20:51:49 C:\WINDOWS\system32\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 21:51 14348]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 21:51 14348]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Free Download Manager"="C:\Programmi\Free Download Manager\fdm.exe" [ ]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2008-01-22 21:51 14348]
"DAEMON Tools Lite"="C:\Programmi\DAEMON Tools Lite\daemon.exe" [2008-01-17 17:51 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2008-01-22 21:51 14348]
"Share-to-Web Namespace Daemon"="C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2008-01-22 21:51 14348]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-22 21:51 14348]
"REGSHAVE"="C:\Programmi\REGSHAVE\REGSHAVE.exe" [2008-01-22 21:51 14348]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-22 21:51 14348]

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14 155648]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-09-08 18:17:10 212992]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 20:05:26 29696]
Exif Launcher.lnk - C:\Programmi\FinePixViewer\QuickDCF.exe [2002-01-09 21:53:14 200704]
HPAiODevice(hp psc 700 series) - 1.lnk - C:\Programmi\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-04-24 00:28:32 487484]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-08-17 22:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59581282-66c8-11dc-aaa3-00c095ee4da6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{837fceb6-612a-11dc-aa9a-00c095ee4da6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffce0461-71e1-11dc-aabc-00c095ee4da6}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 22:56:28
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

**************************************************************************
.
Ora fine scansione: 2008-02-12 22.58.06
ComboFix-quarantined-files.txt 2008-02-12 21:57:02
.
2008-02-03 19:20:40 --- E O F ---

[giT]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wgvkjtbv

*******************

Script file located at: \??\C:\WINDOWS\twtvjjyc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\NCLAUNCH.exe deleted successfully.
File C:\Programmi\REGSHAVE\REGSHAVE.exe deleted successfully.
File C:\Programmi\Winamp\winampa.exe deleted successfully.
File C:\WINDOWS\system32\ctfmon.exe deleted successfully.
File C:\WINDOWS\system32\NeroCheck.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe deleted successfully.
File move operation C:\WINDOWS\bak\NCLAUNCH.exe|C:\WINDOWS\NCLAUNCH.exe completed successfully.
File move operation C:\Programmi\REGSHAVE\bak\REGSHAVE.exe|C:\Programmi\REGSHAVE\REGSHAVE.exe completed successfully.
File move operation C:\Programmi\Winamp\bak\winampa.exe|C:\Programmi\Winamp\winampa.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe completed successfully.
File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe completed successfully.
File move operation C:\Programmi\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe|C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.




Logfile of HijackThis v1.99.1
Scan saved at 23.16.35, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\FinePixViewer\QuickDCF.exe
C:\Programmi\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.676\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programmi\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Programmi\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.it/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

[giT]

ma ora va bene?? posso disinstallare tutti i programmi combofix,findawf,hijackthis,deldomains?

grazie ciao!!

[bdoriano]

Ciao giT,

se non riscontri problemi, puoi disinstallare i programmi che non servono più.

[giT]

ok grazie