Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 3 di 3 primaprima 1 2 3
Visualizzazione dei risultati da 21 a 22 su 22

Discussione: sito intruso!!

  1. 30-12-2004, 02:05 #21
    elisabetta74
    elisabetta74 non è in linea
    Utente di HTML.it L'avatar di elisabetta74
    Registrato dal
    Feb 2004
    Messaggi
    209
    come si fa a fare la risposta con scritto QUOTE?!

    guarda se qs volta c'ho azzeccato, armati di pazienza xkè sono un po' DE COCCIO

    Logfile of HijackThis v1.99.0
    Scan saved at 1.01.34, on 30/12/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\crypserv.exe
    C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
    C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
    C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
    C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
    C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
    C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Elisabetta\Dati applicazioni\ettl.exe
    C:\WINDOWS\System32\alg.exe
    C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\HJthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...C01&lc=0410&ac
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/r...search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...search&ap=b204
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/...C01&lc=0410&ac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: (no name) - {05EDEA5C-28E9-7C63-9C69-58A7683B95BF} - C:\WINDOWS\system32\fgj.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
    O4 - HKCU\..\Run: [Crdp] C:\Documents and Settings\Elisabetta\Dati applicazioni\ettl.exe
    O4 - HKCU\..\Run: [Doenicwq] C:\WINDOWS\system32\t?skmgr.exe
    O4 - HKCU\..\RunServices: [Windows 32 Update] Windows-Update.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet4_94.dll' missing
    O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.celebritaspoglie.net/all.exe
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://control.dialerbroker.com/dialers/2/qlcv-it-y.exe
    O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://movie.cinemastream.net/sc.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094759163263
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1014693.exe
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...84/mcfscan.cab
    O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Unknown - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Panda Firewall Service - Unknown - C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
    O23 - Service: Panda Function Service - Unknown - C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
    O23 - Service: Panda Pavkre - Unknown - C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
    O23 - Service: Panda PavProt - Unknown - C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
    O23 - Service: Panda anti-virus service - Unknown - C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
    O23 - Service: Panda Preventium+ Service - Unknown - C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
    O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Programmi\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
    Rispondi quotando Rispondi quotando
  2. 30-12-2004, 02:26 #22
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    le operazioni di rimozione vanno fatte dalla modalità provvisoria

    Dalla provvisoria apri HJT, clicca su Scan, metti la spunta al fianco dei valori, chiudi tutte le finestre degli altri programmi, HJT dev'essere l'unico aperto, clicca su Fix checked

    O2 - BHO: (no name) - {05EDEA5C-28E9-7C63-9C69-58A7683B95BF} - C:\WINDOWS\system32\fgj.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
    O4 - HKCU\..\Run: [Crdp] C:\Documents and Settings\Elisabetta\Dati applicazioni\ettl.exe
    O4 - HKCU\..\Run: [Doenicwq] C:\WINDOWS\system32\t?skmgr.exe
    O4 - HKCU\..\RunServices: [Windows 32 Update] Windows-Update.exe
    O10 - Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet4_94.dll' missing
    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.celebritaspoglie.net/all.exe
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://control.dialerbroker.com/dialers/2/qlcv-it-y.exe
    O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://movie.cinemastream.net/sc.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1014693.exe
    O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)

    sempre dalla provvisoria elimina se presenti

    C:\WINDOWS\system32\fgj.dll
    ettl.exe
    C:\WINDOWS\system32\t?skmgr.exe
    Windows-Update.exe

    svuota il contenuto delle cartelle TEMP, Temporary internet files e cookies

    riavvia e fai una scansione online.
    Gli indirizzi li trovi in rilievo -links utili-
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.