Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 2 1 2 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 11

Discussione: Virus,help!

  1. 22-07-2005, 15:17 #1
    stupidcupid
    stupidcupid non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2005
    Messaggi
    13

    Virus,help!

    ho fatto tutte le scansioni aggiornate ma il pc si disconnette,scusate devo fare in fretta,grazie in anticipo:
    questo il log:

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAMMI\FILE COMUNI\EPSON\EBAPI\SAGENT2.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\PDESK.EXE
    C:\WINDOWS\SYSTEM\FMCTRL.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\AVSOFT.EXE
    C:\PROGRAM FILES\PXBYJQF\OJXRZD.EXE
    C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\AVSOFT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\DOCUMENTI\DOWNLOADS\HI\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [HDAudio Driver] C:\WINAMP.EXE
    O4 - HKLM\..\Run: [firewall] C:\WINDOWS\avsoft.exe /i
    O4 - HKLM\..\Run: [HDAudio Driver 1.0] C:\WINAMP.EXE
    O4 - HKLM\..\Run: [HDAudio Driver 2.0] C:\WINDOWS\SYSTEM\MOOFMQ.EXE
    O4 - HKLM\..\Run: [Uektrq] C:\PROGRAM FILES\PXBYJQF\OJXRZD.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\DiskeeperWorkstation\DkService.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
    O15 - Trusted Zone: www.redfunny.com
    O15 - Trusted Zone: www.skymasters.biz
    O15 - Trusted Zone: www.archiviosex.net
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    aiuto!
  2. 22-07-2005, 15:27 #2
    stupidcupid
    stupidcupid non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2005
    Messaggi
    13
    credo ke il mio problema siano dei processi chiamati:

    svcohos e moofmq

    non so che siano aiutatemi perkè non sono un esperto!ditemi tutto passo passo!grazie
  3. 22-07-2005, 15:36 #3
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    Scaricati questo file, poi ti servirà.
    http://www.mvps.org/winhelp2002/DelDomains.inf

    Per cortesia metti l'eseguibile di HijackThis all'interno di una nuova cartella in C:\ o C:\Programmi

    Esegui un nuovo log ed inserisci nel post anche la prima parte.

    Un favore, sempre per poter dare un servizio migliore a tutti gli utenti, mandami (zippati ) questi file a questo indirizzo

    analisimalware@email.it

    C:\WINAMP.EXE
    C:\WINDOWS\avsoft.exe
    C:\WINDOWS\SYSTEM\MOOFMQ.EXE
    C:\PROGRAM FILES\PXBYJQF\OJXRZD.EXE
    ==
    Visita il mio blog SuspectFile.com
    ==
  4. 22-07-2005, 15:42 #4
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    altra cosa importante da sapere è che alcuni di questi file terminano processi associati a prodotti per la sicurezza (antivirus e firewall ad es.), quindi una volta fatta la nuova scansione con HijackThis e postato il nuovo log, scaricato il file che ti ho indicato e dopo avermi mandato i file, disconnettiti, dammi un attimo e ti scrivo le procedure
    ==
    Visita il mio blog SuspectFile.com
    ==
  5. 22-07-2005, 15:50 #5
    stupidcupid
    stupidcupid non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2005
    Messaggi
    13
    ecco il nuovo log:

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAMMI\FILE COMUNI\EPSON\EBAPI\SAGENT2.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\PDESK.EXE
    C:\WINDOWS\SYSTEM\FMCTRL.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\AVSOFT.EXE
    C:\PROGRAM FILES\PXBYJQF\OJXRZD.EXE
    C:\WINDOWS\AVSOFT.EXE
    C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
    C:\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [HDAudio Driver] C:\WINAMP.EXE
    O4 - HKLM\..\Run: [firewall] C:\WINDOWS\avsoft.exe /i
    O4 - HKLM\..\Run: [HDAudio Driver 1.0] C:\WINAMP.EXE
    O4 - HKLM\..\Run: [HDAudio Driver 2.0] C:\WINDOWS\SYSTEM\MOOFMQ.EXE
    O4 - HKLM\..\Run: [Uektrq] C:\PROGRAM FILES\PXBYJQF\OJXRZD.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\DiskeeperWorkstation\DkService.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
    O15 - Trusted Zone: www.redfunny.com
    O15 - Trusted Zone: www.skymasters.biz
    O15 - Trusted Zone: www.archiviosex.net
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

    di quei files ke mi hai indicati ora me ne risultano 2, ho provato un altro antivirus e forse qualke effetto lo ha avuto.ma di solito ricompaiono subito.
  6. 22-07-2005, 16:11 #6
    stupidcupid
    stupidcupid non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2005
    Messaggi
    13
    scusa non avevo messo l'hijack this in una nuova cartella ma semplicemente in C:
    Magari ti serve questo log di hijack this messo in C: ma in una cartella a parte:

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAMMI\FILE COMUNI\EPSON\EBAPI\SAGENT2.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\PDESK.EXE
    C:\WINDOWS\SYSTEM\FMCTRL.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\AVSOFT.EXE
    C:\PROGRAM FILES\PXBYJQF\OJXRZD.EXE
    C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\AVSOFT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [HDAudio Driver] C:\WINAMP.EXE
    O4 - HKLM\..\Run: [firewall] C:\WINDOWS\avsoft.exe /i
    O4 - HKLM\..\Run: [HDAudio Driver 1.0] C:\WINAMP.EXE
    O4 - HKLM\..\Run: [HDAudio Driver 2.0] C:\WINDOWS\SYSTEM\MOOFMQ.EXE
    O4 - HKLM\..\Run: [Uektrq] C:\PROGRAM FILES\PXBYJQF\OJXRZD.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\DiskeeperWorkstation\DkService.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
    O15 - Trusted Zone: www.redfunny.com
    O15 - Trusted Zone: www.skymasters.biz
    O15 - Trusted Zone: www.archiviosex.net
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab


    ti ho mandato i 2files ke ora mi rileva il pc!
  7. 22-07-2005, 16:13 #7
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    Allora, procediamo con ordine se no qui non ci capiamo.

    Il log deve essere completo, in tutte e due i casi non hai inserito la prima parte relativa alle informazioni sul sistema operativo (avrai 98 o ME) ed Internet Explorer.
    I file che trovi (
    C:\WINDOWS\AVSOFT.EXE
    C:\PROGRAM FILES\PXBYJQF\OJXRZD.EXE
    zippali e mandameli a
    analisimalware@email.it

    ricordati di scaricarti il file
    http://www.mvps.org/winhelp2002/DelDomains.inf
    poi ti spiegherò come usarlo

    Dovresti anche scaricarti questo programma (metti i due file all'interno di una cartella), magari da un altro pc, e copiare il tutto su un cd.
    http://www.trendmicro.com/ftp/products/tsc/sysclean.com
    http://www.trendmicro.com/ftp/produc...ern/lpt741.zip



    N.B.
    Vorrei precisare che la richiesta dei file da analizzare è fatta esclusivamente per dare in futuro un servizio sempre migliore verso tutti gli utenti di questo o di un altro forum, quindi la richiesta non è fine a se stessa.
    ==
    Visita il mio blog SuspectFile.com
    ==
  8. 22-07-2005, 16:19 #8
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    i file non li ho ancora ricevuti
    ==
    Visita il mio blog SuspectFile.com
    ==
  9. 22-07-2005, 16:21 #9
    stupidcupid
    stupidcupid non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2005
    Messaggi
    13
    ho scaricato tutto, quei due files te li ho mandati
    questo è il log completo:

    Logfile of HijackThis v1.99.1
    Scan saved at 16.07.58, on 22/06/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAMMI\FILE COMUNI\EPSON\EBAPI\SAGENT2.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\PDESK.EXE
    C:\WINDOWS\SYSTEM\FMCTRL.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\AVSOFT.EXE
    C:\PROGRAM FILES\PXBYJQF\OJXRZD.EXE
    C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\AVSOFT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [HDAudio Driver] C:\WINAMP.EXE
    O4 - HKLM\..\Run: [firewall] C:\WINDOWS\avsoft.exe /i
    O4 - HKLM\..\Run: [HDAudio Driver 1.0] C:\WINAMP.EXE
    O4 - HKLM\..\Run: [HDAudio Driver 2.0] C:\WINDOWS\SYSTEM\MOOFMQ.EXE
    O4 - HKLM\..\Run: [Uektrq] C:\PROGRAM FILES\PXBYJQF\OJXRZD.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\DiskeeperWorkstation\DkService.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
    O15 - Trusted Zone: www.redfunny.com
    O15 - Trusted Zone: www.skymasters.biz
    O15 - Trusted Zone: www.archiviosex.net
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
  10. 22-07-2005, 16:29 #10
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    Metti sul desktop la cartella con i due file salvati e dezippa il file delle definizioni all'interno della stessa.

    Riavvia in mod. provvisoria fai lo scan metti la spunta al fianco dei valori, clicca su Fix checked:

    O4 - HKLM\..\Run: [HDAudio Driver] C:\WINAMP.EXE
    O4 - HKLM\..\Run: [firewall] C:\WINDOWS\avsoft.exe /i
    O4 - HKLM\..\Run: [HDAudio Driver 1.0] C:\WINAMP.EXE
    O4 - HKLM\..\Run: [HDAudio Driver 2.0] C:\WINDOWS\SYSTEM\MOOFMQ.EXE
    O4 - HKLM\..\Run: [Uektrq] C:\PROGRAM FILES\PXBYJQF\OJXRZD.EXE
    O15 - Trusted Zone: www.redfunny.com
    O15 - Trusted Zone: www.skymasters.biz
    O15 - Trusted Zone: www.archiviosex.net

    sempre dalla provvisoria elimina:
    C:\WINAMP.EXE
    C:\WINDOWS\avsoft.exe
    C:\WINDOWS\SYSTEM\MOOFMQ.EXE
    C:\PROGRAM FILES\PXBYJQF \OJXRZD.EXE <===la cartella

    sempre dalla provvisoria apri la cartella dove hai salvato i due file (sysclean.com e il file dezippato), esegui il file sysclean.com
    finita la scansione riavvia in mod. normale.

    Clicca di dx sul file DelDomains.inf seleziona installa.
    Riavvia in provvisoria ed effettua una nuova scansione con sysclean.com, riavvia posta un nuovo log di HijackThis
    ==
    Visita il mio blog SuspectFile.com
    ==
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.