Ieri notavo che non riuscivo tramite outlook express a ricevere e inviare messaggi, poi ho fatto una scansione con Avast antivirus che mi ha trovato il worm Win32 Netsky P, in 2 files dentro la cartella Application Data di Windows alla voce Identities. Purtroppo però non è riuscito a cancellarlo. Premetto che uso windows 98 e questo è il log di Hijack:
Logfile of HijackThis v1.98.0
Scan saved at 19.27.01, on 17/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\SYSTEM\TABLET.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAMMI\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAMMI\SPYBOT - SEARCH and DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\CALCHECK.EXE
C:\PROGRAMMI\RVS\WCOM\SYSTEM\CCUI.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\RVS\WCOM\SYSTEM\CCSRV.EXE
C:\PROGRAMMI\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.it"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\yzwtcvn3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C:3A:5CPROGRAMMI:5Csearchplugins:5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\yzwtcvn3.slt\prefs.js)
O3 - Toolbar: andRadio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search and Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [CommCenter] C:\Programmi\RVS\WCOM\SYSTEM\ccui.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Program Files\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Apri immagine in andMicrosoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\OFFICE\1040\PHDINTL.DLL/phdContext.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) -
http://www.memolink.com/CFIDE/classes/CFJava.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.es/activescan/as/asinst.cabGrazie