Ciao e GRAZIE Alfonso, ho fatto tutto come mi hai detto con Hijack This, SpyBot, Ad-Ware e l’antivirus, tutto in modalità provvisoria; nella scansione con SpyBot è stato trovato “Alexa Related e DSO Exploit”, mentre con Ad-Ware ho trovato:
ArchiveData(p.bckp)
======================================================
ALEXA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
TRACKING COOKIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[1]=File : c:\windows\cookies\darisa_giuseppe@cgi-bin[1].txt
obj[2]=File : c:\windows\cookies\darisa_giuseppe@giuseppe@as1.falkag[1].txt
obj[3]=File : c:\windows\cookies\anyuser@cgi-bin[1].txt
obj[4]=File : c:\windows\cookies\anyuser@as1.falkag[2].txt
L’antivirus invece non ha trovato nulla.
Questo è il nuovo log:
Logfile of HijackThis v1.99.1
Scan saved at 23.16.37, on 03/03/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\F-SECURE\COMMON\FSMA32.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMMI\F-SECURE\COMMON\FSMB32.EXE
C:\PROGRAMMI\F-SECURE\COMMON\FCH32.EXE
C:\PROGRAMMI\F-SECURE\COMMON\FNRB32.EXE
C:\PROGRAMMI\F-SECURE\COMMON\FAMEH32.EXE
C:\PROGRAMMI\F-SECURE\COMMON\FSGK32.EXE
C:\PROGRAMMI\F-SECURE\COMMON\FIH32.EXE
C:\PROGRAMMI\F-SECURE\ANTI-VIRUS\FSAV32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\F-SECURE\COMMON\FSM32.EXE
C:\PROGRAMMI\RAM IDLE\RAMIDLE.EXE
C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMMI\FILE COMUNI\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAMMI\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMI\STOPDIALERS\STOPDIALER.EXE
C:\PROGRAMMI\LIBERO 6X\LIBEROACCEL.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\1040\MSOFFICE.EXE
C:\PROGRAMMI\INCREDIMAIL\BIN\IMAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
D:\ANTIVIRUS\ANTIVIRUS HIJACK THIS 1.99\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tiscali.it/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRAMMI\LIBERO 6X\PBHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [RAM Idle] C:\Programmi\RAM Idle\RAMIdle.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [fsaa] C:\Programmi\F-Secure\Common\fsaa.exe
O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Programmi\F-Secure\Common\FSMA32.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3.2 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialer.exe
O4 - Startup: Libero Web Accelerator.lnk = C:\Programmi\Libero 6x\liberoaccel.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll