Stellar Blade Un'esclusiva PS5 che sta facendo discutere per l'eccessiva bellezza della protagonista. Vieni a parlarne su Award & Oscar!

AESSENET.ORG - Forum
	Internet e Software
		Sicurezza & Reti
			HijackThis

Rispondi

Registrati

Pagina precedente | 1 | Pagina successiva

Stampa | Notifica email

« Discussione Precedente | Lista | Discussione Successiva »

Autore

HijackThis

Ultimo Aggiornamento: 04/06/2008 13:44

ser4

OFFLINE

Post: 532

Utente Senior

raga buongiorno e un saluto a tutto il forum dopo tanto tempo che non mi facevo vivo mi potete fare un controllo su questo C:\WINDOWS\SYSTEM\MSTASK.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.27.12, on 01/06/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAMMI\CONITECH\CN405WLUSB54.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAMMI\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?rls=ig
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

--
End of file - 2810 bytes

VEDI NAPOLI E POI MUORI (toto')

01/06/2008 10:33

00#1

boyuniversity

OFFLINE

Post: 12.377

Maestro

il log è incompleto comunque se vuoi se sapere se è un virus controlla questa pagina qua

01/06/2008 11:58

00#2

ser4

OFFLINE

Post: 532

Utente Senior

Re:

ser4, 01/06/2008 10.33:
raga buongiorno e un saluto a tutto il forum dopo tanto tempo che non mi facevo vivo mi potete fare un controllo su questo C:\WINDOWS\SYSTEM\MSTASK.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.27.12, on 01/06/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAMMI\CONITECH\CN405WLUSB54.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAMMI\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?rls=ig
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

--
End of file - 2810 bytes

ciao boy ai ragione questo e il log completo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.43.24, on 01/06/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAMMI\CONITECH\CN405WLUSB54.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\SETUP\AVAST.SETUP
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?rls=ig
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

--
End of file - 2950 bytes

ma dala pagina che mi ai postato non riesco a capire se e un virus comunque grazie

VEDI NAPOLI E POI MUORI (toto')

01/06/2008 13:40

00#3

boyuniversity

OFFLINE

Post: 12.378

Maestro

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run "mstask" = %WinDir%\mstask.exe

The worm creates a new section in the WIN.INI file:
[msappfont]
value=%value%
font=%value%
style=%value%

01/06/2008 14:52

00#4

ser4

OFFLINE

Post: 533

Utente Senior

Re:

boyuniversity, 01/06/2008 14.52:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run "mstask" = %WinDir%\mstask.exe

The worm creates a new section in the WIN.INI file:
[msappfont]
value=%value%
font=%value%
style=%value%

boy cosa devo fare elimino mstask e le altre voci da te citate?

VEDI NAPOLI E POI MUORI (toto')

02/06/2008 09:51

00#5

boyuniversity

OFFLINE

Post: 12.380

Maestro

Re: Re:

ser4, 02/06/2008 9.51:

boy cosa devo fare elimino mstask e le altre voci da te citate?

no devi solo guardare se in start->esegui->regedit->esiste questa voce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run "mstask" = %WinDir%\mstask.exe SE ESISTE CANCELLALA

oppure sempre con lo stesso procedimento se esiste questa voce

HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\mqbkup = "C:\%WINFOLDER%\MQBKUP.EXE" SE ESISTE CANCELLALA

[Modificato da boyuniversity 02/06/2008 10:58]

02/06/2008 10:48

00#6

ser4

OFFLINE

Post: 534

Utente Senior

Re: Re: Re:

boyuniversity, 02/06/2008 10.48:

no devi solo guardare se in start->esegui->regedit->esiste questa voce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run "mstask" = %WinDir%\mstask.exe SE ESISTE CANCELLALA

no boy non ce quindi e apposto grazie
ho fatto anche la scansione online con mcafee ed e tutto apposto

[Modificato da ser4 02/06/2008 11:03]

VEDI NAPOLI E POI MUORI (toto')

02/06/2008 11:02

00#7

boyuniversity

OFFLINE

Post: 12.381

Maestro

Re: Re: Re: Re:

ser4, 02/06/2008 11.02:

no boy non ce quindi e apposto grazie
ho fatto anche la scansione online con mcafee ed e tutto apposto

ok perfetto

ciao

02/06/2008 23:27

00#8

Arkantos01

OFFLINE

Post: 7.816

Maestro

Moderatore

1. Mettere dei titoli che siano adatti al problema e non generici.
2. Postare solo le voci sospette su cui si è incerti.

Consiglio una (ri)lettura del regolamento.
Grazie.

PS: Chiudo questa discussione visto che ha terminato ogni sua utilità.

"Mi berrò un cicchetto con il diavolo, ma non passerò dalla sua parte" (Bono, U2)
"Le opinioni, si sà, sono come i coglioni... Ognuno ha i suoi" (Giorgio Gaber)
«Ogni tanto mi chiedo cosa stiamo aspettando...»
Silenzio.
«Che sia troppo tardi, madame.»
(A. Baricco, Oceano Mare)

04/06/2008 13:44