Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » dirotttamento sito BNL

dirotttamento sito BNL Opzioni
Topic Precedente · Topic Sucessivo
ciriby
Inviato: Tuesday, November 29, 2005 2:56:58 AM
Rank: Member

Iscritto dal : 11/29/2005
Posts: 0
ciao a tutti ...oggi mi è capitato ke mentre cercavo di entrare nel sito bnl mi dirottava da un'altra parte,ma simile al sito bnl..mi scompariva anke l'icona a forma di luk nella barra in basso...cosa devo o posso fare?...grazie...aiutatemi<img src=icon_smile_sad.gif border=0 align=middle>
Torna in alto
 
Sponsor
Inviato: Tuesday, November 29, 2005 2:56:58 AM

 
Torna in alto
 
alfonso
Inviato: Tuesday, November 29, 2005 11:41:37 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Scarica questo programma e leggi le istruzioni per inserire il tuo log
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175

Collaboratore Aiutamici
Torna in alto
 
ciriby
Inviato: Tuesday, November 29, 2005 2:49:49 PM
Rank: Member

Iscritto dal : 11/29/2005
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 14.47.23, on 29/11/2005
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec

Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON

~4\GHOSTS~2.EXE
C:\WINDOWS\system32\drivers\Kodak

CCS.exe
C:\Programmi\Norton

SystemWorks\Norton

Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON

~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\NORTON

~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec

Shared\ccEvtMgr.exe
C:\Programmi\LifeView

TVR\Remote.exe
C:\Programmi\LifeView

TVR\RecSche.exe
C:\Programmi\File comuni\Symantec

Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Symantec\Web

Tools\CKA.exe
C:\Programmi\File comuni\Symantec

Shared\Security Center\SymWSC.exe
C:\Programmi\Norton

SystemWorks\Norton

Antivirus\SAVScan.exe
C:\Programmi\Internet

Explorer\iexplore.exe
C:\Programmi\Messenger\msmsgs.exe
D:\PC -VARIE\HijackThis.exe

R0 -

HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =

Collegamenti
O1 - Hosts: 205.238.40.2

www.winmx.com
O1 - Hosts: 205.238.40.2

err.winmx.com
O1 - Hosts: 205.238.40.2

c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20

c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50

c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159

c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36

c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20

c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50

c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159

c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2

c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20

c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50

c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159

c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36

c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20

c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50

c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159

c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20

c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3312.z1303.winmx.com
O1 - Hosts: 82.43.224.20

c3313.z1303.winmx.com
O1 - Hosts: 67.18.233.36

c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1303.winmx.com
O1 - Hosts: 82.43.224.20

c3316.z1303.winmx.com
O1 - Hosts: 67.18.233.36

c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3318.z1303.winmx.com
O1 - Hosts: 82.43.224.20

c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20

c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50

c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159

c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36

c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20

c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50

c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159

c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2

c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20

c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50

c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159

c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36

c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20

c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50

c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159

c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2

c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20

c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50

c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159

c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36

c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20

c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50

c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159

c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2

c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36

c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20

c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50

c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159

c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2

c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36

c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20

c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50

c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159

c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2

c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36

c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20

c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50

c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159

c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2

c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36

c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20

c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50

c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159

c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2

c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36

c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20

c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50

c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159

c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36

c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20

c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50

c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159

c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36

c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20

c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50

c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159

c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2

c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36

c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20

c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50

c3528.z1304.winmx.com
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D

6BE0B3} -

C:\Programmi\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class -

{BDF3E430-B101-42AD-A544-FADC6B

084872} - C:\Programmi\Norton

SystemWorks\Norton

Antivirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint -

{327C2873-E90D-4c37-AA9D-10AC9B

ABA46C} -

C:\Programmi\Canon\Easy-WebPrint\T

oolband.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF0

0B1D6} - C:\Programmi\Norton

SystemWorks\Norton

Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvSt

artup
O4 - HKLM\..\Run: [Remote]

C:\Programmi\LifeView

TVR\Remote.exe
O4 - HKLM\..\Run: [RecSche]

"C:\Programmi\LifeView

TVR\RecSche.exe"
O4 - HKLM\..\Run: [ccApp]

"C:\Programmi\File comuni\Symantec

Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SymKeepAlive]

C:\Programmi\Symantec\Web

Tools\CKA.exe
O8 - Extra context menu item: Aggiungi

all'elenco di stampa Easy-WebPrint -

res://C:\Programmi\Canon\Easy-WebPri

nt\Resource.dll/RC_AddToList.html
O8 - Extra context menu item:

Anteprima Easy-WebPrint -

res://C:\Programmi\Canon\Easy-WebPri

nt\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa

ad alta velocità Easy-WebPrint -

res://C:\Programmi\Canon\Easy-WebPri

nt\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa

Easy-WebPrint -

res://C:\Programmi\Canon\Easy-WebPri

nt\Resource.dll/RC_Print.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} -

C:\Programmi\Java\j2re1.4.2_01\bin\npj

pi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} -

C:\Programmi\Java\j2re1.4.2_01\bin\npj

pi142_01.dll
O9 - Extra button: Messenger -

{4528BBE0-4E08-11D5-AD55-00010333

D0AD} -

C:\PROGRA~1\Yahoo!\Common\yhexb

mesit.dll
O9 - Extra 'Tools' menuitem: Yahoo!

Messenger -

{4528BBE0-4E08-11D5-AD55-00010333

D0AD} -

C:\PROGRA~1\Yahoo!\Common\yhexb

mesit.dll
O9 - Extra button: Organizzatore

ricerche -

{9455301C-CF6B-11D3-A266-00C04F68

9C50} - C:\Programmi\File

comuni\Microsoft Shared\Encarta

Researcher\EROPROJ.DLL
O9 - Extra button: (no name) -

{B205A35E-1FC4-4CE3-818B-899DBBB

3388C} - C:\Programmi\File

comuni\Microsoft Shared\Encarta

Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795

683} -

C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795

683} -

C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .mov:

C:\Programmi\Internet

Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg:

C:\Programmi\Internet

Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF:

{17492023-C23A-453E-A040-C7C580B

BF700} (Windows Genuine Advantage

Validation Tool) -

http://go.microsoft.com/fwlink/?linkid

=39204
O16 - DPF:

{2BC66F54-93A8-11D3-BEB6-00105AA

9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/Shar

edContent/vc/bin/AvSniff.cab
O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1d4f56a

2ab} (YInstStarter Class) -

C:\Programmi\Yahoo!\Common\yinsthe

lper.dll
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33

E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsu

pdate/v6/V5Controls/en/x86/client/wu

web_site.cab?1131124957843
O16 - DPF:

{644E432F-49D3-41A1-8DD5-E099162E

EEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/Shar

edContent/common/bin/cabsa.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{6

E589B13-630B-4D4A-88BE-B5B123D10

ED6}: NameServer = 151.99.125.2

151.99.125.3
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Programmi\File comuni\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password

Validation (ccPwdSvc) - Symantec

Corporation - C:\Programmi\File

comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings

Manager (ccSetMgr) - Symantec

Corporation - C:\Programmi\File

comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService -

Symantec Corporation -

C:\PROGRA~1\NORTON~1\NORTON

~4\GHOSTS~2.EXE
O23 - Service: Kodak Camera

Connection Software (KodakCCS) -

Eastman Kodak Company -

C:\WINDOWS\system32\drivers\Kodak

CCS.exe
O23 - Service: Servizio Norton

AntiVirus Auto-Protect (navapsvc) -

Symantec Corporation -

C:\Programmi\Norton

SystemWorks\Norton

Antivirus\navapsvc.exe
O23 - Service: Norton Unerase

Protection (NProtectService) - Symantec

Corporation -

C:\PROGRA~1\NORTON~1\NORTON

~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper

Service (NVSvc) - NVIDIA Corporation

- C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec

Corporation - C:\Programmi\Norton

SystemWorks\Norton

Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service

(SBService) - Symantec Corporation -

C:\PROGRA~1\FILECO~1\SYMANT~1
SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown

owner -

C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network

Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Programmi\File

comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service -

Symantec Corporation -

C:\PROGRA~1\NORTON~1\NORTON

~2\SPEEDD~1\NOPDB.EXE
O23 - Service: STI Simulator -

Unknown owner -

C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SymWMI Service

(SymWSC) - Symantec Corporation -

C:\Programmi\File comuni\Symantec

Shared\Security Center\SymWSC.exe
Torna in alto
 
ciriby
Inviato: Tuesday, November 29, 2005 2:50:26 PM
Rank: Member

Iscritto dal : 11/29/2005
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 14.47.23, on 29/11/2005
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec

Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON

~4\GHOSTS~2.EXE
C:\WINDOWS\system32\drivers\Kodak

CCS.exe
C:\Programmi\Norton

SystemWorks\Norton

Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON

~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\NORTON

~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec

Shared\ccEvtMgr.exe
C:\Programmi\LifeView

TVR\Remote.exe
C:\Programmi\LifeView

TVR\RecSche.exe
C:\Programmi\File comuni\Symantec

Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Symantec\Web

Tools\CKA.exe
C:\Programmi\File comuni\Symantec

Shared\Security Center\SymWSC.exe
C:\Programmi\Norton

SystemWorks\Norton

Antivirus\SAVScan.exe
C:\Programmi\Internet

Explorer\iexplore.exe
C:\Programmi\Messenger\msmsgs.exe
D:\PC -VARIE\HijackThis.exe

R0 -

HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =

Collegamenti
O1 - Hosts: 205.238.40.2

www.winmx.com
O1 - Hosts: 205.238.40.2

err.winmx.com
O1 - Hosts: 205.238.40.2

c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20

c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50

c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159

c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36

c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20

c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50

c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159

c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2

c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20

c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50

c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159

c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36

c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20

c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50

c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159

c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20

c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3312.z1303.winmx.com
O1 - Hosts: 82.43.224.20

c3313.z1303.winmx.com
O1 - Hosts: 67.18.233.36

c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1303.winmx.com
O1 - Hosts: 82.43.224.20

c3316.z1303.winmx.com
O1 - Hosts: 67.18.233.36

c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3318.z1303.winmx.com
O1 - Hosts: 82.43.224.20

c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20

c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50

c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159

c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36

c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20

c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50

c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159

c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2

c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20

c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50

c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159

c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36

c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20

c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50

c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159

c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2

c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36

c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20

c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50

c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159

c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2

c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36

c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20

c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50

c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159

c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2

c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36

c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20

c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50

c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159

c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2

c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36

c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20

c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50

c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159

c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2

c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36

c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20

c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50

c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159

c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2

c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36

c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20

c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50

c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159

c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2

c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36

c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20

c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50

c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159

c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36

c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20

c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50

c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159

c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2

c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36

c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20

c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50

c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159

c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2

c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36

c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20

c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50

c3528.z1304.winmx.com
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D

6BE0B3} -

C:\Programmi\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class -

{BDF3E430-B101-42AD-A544-FADC6B

084872} - C:\Programmi\Norton

SystemWorks\Norton

Antivirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint -

{327C2873-E90D-4c37-AA9D-10AC9B

ABA46C} -

C:\Programmi\Canon\Easy-WebPrint\T

oolband.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF0

0B1D6} - C:\Programmi\Norton

SystemWorks\Norton

Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvSt

artup
O4 - HKLM\..\Run: [Remote]

C:\Programmi\LifeView

TVR\Remote.exe
O4 - HKLM\..\Run: [RecSche]

"C:\Programmi\LifeView

TVR\RecSche.exe"
O4 - HKLM\..\Run: [ccApp]

"C:\Programmi\File comuni\Symantec

Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SymKeepAlive]

C:\Programmi\Symantec\Web

Tools\CKA.exe
O8 - Extra context menu item: Aggiungi

all'elenco di stampa Easy-WebPrint -

res://C:\Programmi\Canon\Easy-WebPri

nt\Resource.dll/RC_AddToList.html
O8 - Extra context menu item:

Anteprima Easy-WebPrint -

res://C:\Programmi\Canon\Easy-WebPri

nt\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa

ad alta velocità Easy-WebPrint -

res://C:\Programmi\Canon\Easy-WebPri

nt\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa

Easy-WebPrint -

res://C:\Programmi\Canon\Easy-WebPri

nt\Resource.dll/RC_Print.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} -

C:\Programmi\Java\j2re1.4.2_01\bin\npj

pi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} -

C:\Programmi\Java\j2re1.4.2_01\bin\npj

pi142_01.dll
O9 - Extra button: Messenger -

{4528BBE0-4E08-11D5-AD55-00010333

D0AD} -

C:\PROGRA~1\Yahoo!\Common\yhexb

mesit.dll
O9 - Extra 'Tools' menuitem: Yahoo!

Messenger -

{4528BBE0-4E08-11D5-AD55-00010333

D0AD} -

C:\PROGRA~1\Yahoo!\Common\yhexb

mesit.dll
O9 - Extra button: Organizzatore

ricerche -

{9455301C-CF6B-11D3-A266-00C04F68

9C50} - C:\Programmi\File

comuni\Microsoft Shared\Encarta

Researcher\EROPROJ.DLL
O9 - Extra button: (no name) -

{B205A35E-1FC4-4CE3-818B-899DBBB

3388C} - C:\Programmi\File

comuni\Microsoft Shared\Encarta

Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795

683} -

C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795

683} -

C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .mov:

C:\Programmi\Internet

Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg:

C:\Programmi\Internet

Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF:

{17492023-C23A-453E-A040-C7C580B

BF700} (Windows Genuine Advantage

Validation Tool) -

http://go.microsoft.com/fwlink/?linkid

=39204
O16 - DPF:

{2BC66F54-93A8-11D3-BEB6-00105AA

9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/Shar

edContent/vc/bin/AvSniff.cab
O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1d4f56a

2ab} (YInstStarter Class) -

C:\Programmi\Yahoo!\Common\yinsthe

lper.dll
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33

E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsu

pdate/v6/V5Controls/en/x86/client/wu

web_site.cab?1131124957843
O16 - DPF:

{644E432F-49D3-41A1-8DD5-E099162E

EEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/Shar

edContent/common/bin/cabsa.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{6

E589B13-630B-4D4A-88BE-B5B123D10

ED6}: NameServer = 151.99.125.2

151.99.125.3
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Programmi\File comuni\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password

Validation (ccPwdSvc) - Symantec

Corporation - C:\Programmi\File

comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings

Manager (ccSetMgr) - Symantec

Corporation - C:\Programmi\File

comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService -

Symantec Corporation -

C:\PROGRA~1\NORTON~1\NORTON

~4\GHOSTS~2.EXE
O23 - Service: Kodak Camera

Connection Software (KodakCCS) -

Eastman Kodak Company -

C:\WINDOWS\system32\drivers\Kodak

CCS.exe
O23 - Service: Servizio Norton

AntiVirus Auto-Protect (navapsvc) -

Symantec Corporation -

C:\Programmi\Norton

SystemWorks\Norton

Antivirus\navapsvc.exe
O23 - Service: Norton Unerase

Protection (NProtectService) - Symantec

Corporation -

C:\PROGRA~1\NORTON~1\NORTON

~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper

Service (NVSvc) - NVIDIA Corporation

- C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec

Corporation - C:\Programmi\Norton

SystemWorks\Norton

Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service

(SBService) - Symantec Corporation -

C:\PROGRA~1\FILECO~1\SYMANT~1
SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown

owner -

C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network

Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Programmi\File

comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service -

Symantec Corporation -

C:\PROGRA~1\NORTON~1\NORTON

~2\SPEEDD~1\NOPDB.EXE
O23 - Service: STI Simulator -

Unknown owner -

C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SymWMI Service

(SymWSC) - Symantec Corporation -

C:\Programmi\File comuni\Symantec

Shared\Security Center\SymWSC.exe
Torna in alto
 
ciriby
Inviato: Tuesday, November 29, 2005 2:59:08 PM
Rank: Member

Iscritto dal : 11/29/2005
Posts: 0
grazie Alfonso x l'interesse...ho fatto quello ke mi hai detto<img src=icon_smile_approve.gif border=0 align=middle> se puoi darmi qualke indicazione su questo log te ne sarei grato........grazie...ma cmq x sicurezza ho avvertito la BNL spiegando loro quello ke mi è successo...mi hanno detto di stare tranquillo xkè sarà stato un problema di aggiornamento della pag..BNL..grazie ciao!!<img src=icon_smile.gif border=0 align=middle>
Torna in alto
 
alfonso
Inviato: Tuesday, November 29, 2005 6:56:49 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
E' tutto spezzettato, non hai copiato il testo dal Blocco Note per incollarlo nel forum?

Inseriscilo nuovamente e se non utilizzi il blocco note, apri il file <font color=red>hijackthis.log</font id=red> con il blocco note e copia il testo da li, altrimenti é difficile da interpretare in quanto le righe non sono continue.
Collaboratore Aiutamici
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » dirotttamento sito BNL


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.