Ciao a tutti... sono incappato per la seconda volta in win 32 dialer... mi ero già rivolto a voi qualche mese fa' con successo eliminando il dialer dalle chiavi di registro. Oggi aprendo il sito
www.viaggiareliberi.it mi si sono aperte un paio di finestre con il solito programmino da installare (e che chiaramente non ho installato). Credo però, e Virl lo ha confermato, che si sia infettato il registro di sistema. Vi allego la scansione di Hijack... nella speranza possiate aiutarmi.
Grazie in anticipo.
Gabriele.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.49.49, on 10/01/2009
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAMMI\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAMMI\D-TOOLS\DAEMON.EXE
C:\VEXPLITE\MONLITE.EXE
C:\PROGRAMMI\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAMMI\DNA\BTDNA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAMMI\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\PROGRAMMI\PDFCREATOR TOOLBAR\V3.3.0.1\PDFCREATOR_TOOLBAR.DLL
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\PROGRAMMI\ASKBARDIS\BAR\BIN\ASKBAR.DLL
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAMMI\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\PROGRAMMI\PDFCREATOR TOOLBAR\V3.3.0.1\PDFCREATOR_TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\PROGRAMMI\ASKBARDIS\BAR\BIN\ASKBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [PASSWOR] C:\WINDOWS\PASSWORD.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAMMI\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\PROGRAMMI\DNA\BTDNA.EXE"
O4 - HKUS\.DEFAULT\..\Run: [SUPERAntiSpyware] C:\PROGRAMMI\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [BitTorrent DNA] "C:\PROGRAMMI\DNA\BTDNA.EXE" (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .ps: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} -
http://vs.mcafeeasap.com/MC/ITA/VS40/bin/myCioAgt.20060505013257.cabO16 - DPF: {BD0D1F18-5561-11DC-A0D9-692F56D89593} -
http://gwumj.myprogdom.info/code/2029.exeO20 - Winlogon Notify: !SASWinLogon - C:\PROGRAMMI\SUPERANTISPYWARE\SASWINLO.DLL
--
End of file - 4955 bytes