|
| HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. | NEI PREFERITI | .:: | RSS Forum | RSS News | NEWS web | NEWS software | |
| PUBBLICITA' | | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | | CERCA nel FORUM » | |
14-09-2004, 13.10.29 | #1 |
Hero Member
Registrato: 10-01-2002
Loc.: Catania
Messaggi: 1.495
|
LSASS
Rientrato dalle ferie, il sistema si arrestava : NT Autority System - LSASS.EXE Avendo già disattivato il ripristino del RPC, ho lanciato vari FixTool ed il NAV aggiornato ma nulla veniva rilevato. Incredibilmente, stamattina tutto sembra tornato alla normalità !!! Mi date un'occhiata al log di HijackThis così mi tranquillizzo ? Grazie in anticipo Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINNT\System32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\mgabg.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\regsvc.exe C:\Programmi\MegaTec\UPSilon 2000\Rupsmon.exe C:\WINNT\system32\MSTask.exe C:\Programmi\MegaTec\UPSilon 2000\usbmate.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\PDesk\PDesk.exe C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\MegaTec\UPSilon 2000\Monw32.exe C:\Programmi\ATnotes\ATnotes.exe C:\Programmi\Rainlendar\Rainlendar.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\Programmi\United Devices\ud_mon.exe C:\WINNT\System32\cidaemon.exe C:\Programmi\United Devices\UD.exe C:\Programmi\United Devices\ud_7174683.exe C:\Programmi\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe C:\WINNT\system32\ntvdm.exe F:\Install\Sicurezza\AntiSpy\HijackThis\HijackThis .exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lasicilia.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts: 208.170.149.150 statsman.org O1 - Hosts: 208.170.149.150 www.statsman.org O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programmi\FreshDevices\FreshDownload\fdcatch.dl l O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe" O4 - Startup: ATnotes.lnk = C:\Programmi\ATnotes\ATnotes.exe O4 - Startup: Rainlendar.lnk = C:\Programmi\Rainlendar\Rainlendar.exe O4 - Global Startup: Rupsmon Daemon.lnk = C:\Programmi\MegaTec\UPSilon 2000\Monw32.exe O8 - Extra context menu item: Download &All by FD - file://C:\Programmi\FreshDevices\FreshDownload\fdiectx2.h tm O8 - Extra context menu item: Download with &FD - file://C:\Programmi\FreshDevices\FreshDownload\fdiectx.ht m O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\path.mht!http://195.225.176.5/d/brphbny/ubghm...::/painter.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://195.225.176.5/d/brphbny/ubghm...qp/painter.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A06A48-E9F8-466A-9A2E-7D7C3B66E90F}: NameServer = 217.141.250.206 151.99.125.1 O19 - User stylesheet: (file missing) Ultima modifica di Jekol : 14-09-2004 alle ore 17.00.35 |
14-09-2004, 13.19.35 | #2 |
Gold Member
Top Poster
Registrato: 03-12-2001
Loc.: Bari
Messaggi: 7.369
|
hai provato a clikkare su questo?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.c... edito, quel link spara trojan a mitraglia. edita anche tu, caso mai cliccasse qualcuno senza av nè fw bYe Ultima modifica di Gigi75 : 14-09-2004 alle ore 13.26.00 |
14-09-2004, 14.33.11 | #3 |
Gold Member
Top Poster
Registrato: 20-08-2002
Loc.: Mestre
Messaggi: 3.563
|
Cancella tutte queste voci dal log,fatti una bella scansione online con panda antivirus http://www.pandasoftware.com/actives..._principal.htm
e butta via norton che non vale niente come antivirus R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://lookfor.cc/sp.php?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lookfor.cc/sp.php?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://lookfor.cc/sp.php?pin=29126 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lookfor.cc?pin=29126 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts: 208.170.149.150 statsman.org O1 - Hosts: 208.170.149.150 www.statsman.org O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\path.mht!http://195.225.176.5/d/brphbny/ubgh...m::/painter.exe O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://195.225.176.5/d/brphbny/ubgh...gqp/painter.exe |
14-09-2004, 16.31.39 | #4 | |
Hero Member
Registrato: 10-01-2002
Loc.: Catania
Messaggi: 1.495
|
Quota:
Ho editato ... dalle tue risatine penso di aver capito ... e stasera una persona di mia consocenza avrà un bel cazziatone :argue: |
|
14-09-2004, 16.34.53 | #5 | ||
Hero Member
Registrato: 10-01-2002
Loc.: Catania
Messaggi: 1.495
|
Quota:
Quota:
putroppo, l'ho comprato e ora ... |
||
14-09-2004, 16.58.58 | #6 |
Hero Member
Registrato: 10-01-2002
Loc.: Catania
Messaggi: 1.495
|
Bene ... tutto sembra procedere
Non ho segato questi due perchè li conosco: O1 - Hosts: 208.170.149.150 statsman.org O1 - Hosts: 208.170.149.150 www.statsman.org Grazie ancora Alla prox _____________________________________ |
Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti) | |
Strumenti discussione | |
|
|
Discussioni simili | ||||
Discussione | Autore discussione | Forum | Risposte | Ultimo messaggio |
Hard Disk continua a macinare: processi di XP? | Gioia | Windows 7/Vista/XP/ 2003 | 33 | 20-04-2009 13.15.20 |
errore lsass su w | sacarde | Windows 7/Vista/XP/ 2003 | 4 | 27-04-2005 18.09.09 |
ADSL & Lsass | Raby | Internet e Reti locali | 7 | 17-11-2004 17.54.28 |
Incoming LSASS buffer overflow exploit attempt detected | Enrico204 | Sicurezza&Privacy | 4 | 25-08-2004 13.43.33 |
Kerio - Svchost, Lsass, tcpip driver | sberla54 | Sicurezza&Privacy | 8 | 20-11-2003 22.16.18 |