Condividi:        

HijackThis nn mi sta aiutando

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

HijackThis nn mi sta aiutando

Postdi Senile » 07/08/05 22:21

Logfile of HijackThis v1.99.1
Scan saved at 23.19.09, on 07/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuamk032.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\rpclocator.exe
C:\WINDOWS\System32\Netmon.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\MSDOS.PIF
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Netlib.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Momosa_Special\Desktop\hijackthus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Update Proxy Class - {6E28339B-7A2A-47B6-AEB2-46BA53782375} - C:\WINDOWS\System32\dllcache\msupdprx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

applicazioni ke ilsuto di hijackthis mi dice di eliminare si rigenerano sempre come il netlib e gli altri!kome devo fare?scusate se sono stato ripetitivo ma forse sono stato io a nn capire niente :(
Senile
Newbie
 
Post: 4
Iscritto il: 07/08/05 07:50

Sponsor
 

Re: HijackThis nn mi sta aiutando

Postdi Senile » 07/08/05 22:49

Senile ha scritto:Logfile of HijackThis v1.99.1
Scan saved at 23.19.09, on 07/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuamk032.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\rpclocator.exe
C:\WINDOWS\System32\Netmon.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\MSDOS.PIF
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Netlib.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Momosa_Special\Desktop\hijackthus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Update Proxy Class - {6E28339B-7A2A-47B6-AEB2-46BA53782375} - C:\WINDOWS\System32\dllcache\msupdprx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

applicazioni ke il sito di hijackthis mi dice di eliminare si rigenerano sempre come il netlib e gli altri!kome devo fare?scusate se sono stato ripetitivo ma forse sono stato io a nn capire niente :(
e con virIt nn mi apre ne il file netlib.exe e ne il file dxdmain.exe P.S un ultima kosa facendo lo scan kon Hijackthis mi sono usciti molti di questi Host ke mi dice di cancellarli ma si rigenerano sempre...
O1 - Hosts: 69.15.98.210 www3.aibgbonline.co.uk
O1 - Hosts: 69.15.98.210 http://www.bank.alliance-leicester.co.uk
e ne sono a decine.... midevo preoccupare ke qualkuno sta usando la mia connessione? :eeh:
Senile
Newbie
 
Post: 4
Iscritto il: 07/08/05 07:50

Postdi toni84 » 07/08/05 22:54

ciao posta il log completo dato che manca qualcosina al tuo e ti aiuto altrimenti non elimini tutto!! ;) ciao ciao
toni84
Utente Senior
 
Post: 218
Iscritto il: 06/06/05 23:54

Postdi Dylan666 » 08/08/05 09:50

Questi sono tutti pezzi di virus.

C:\WINDOWS\System32\Netmon.exe

C:\WINDOWS\System32\Netlib.exe

C:\WINDOWS\System32\wuamk032.exe

C:\WINDOWS\System32\rpclocator.exe


Quindi mettiti un antivirus aggiornato, un firewall (dato che alcuni sono worm) e fai tutti i Windows Update.
Avatar utente
Dylan666
Moderatore
 
Post: 39988
Iscritto il: 18/11/03 16:46

Postdi Senile » 08/08/05 19:21

gfile of HijackThis v1.99.1
Scan saved at 19.52.10, on 08/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\dxdmain.exe
C:\WINDOWS\System32\rpclocator.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\System32\Netlib.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\Netmon.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
D:\SCRIPT E P2P\mIRC\mirc.exe
C:\Programmi\Winamp3\winamp3.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\microsoft.exe
C:\WINDOWS\System32\MSDOS.PIF
C:\WINDOWS\System32\dumprep.exe
C:\Documents and Settings\Momosa_Special\Desktop\hijackthus\HijackThis.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
O1 - Hosts: 69.15.98.210 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 69.15.98.210 www3.aibgbonline.co.uk
O1 - Hosts: 69.15.98.210 http://www.bank.alliance-leicester.co.uk
O1 - Hosts: 69.15.98.210 login.iblogin.com
O1 - Hosts: 69.15.98.210 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 69.15.98.210 inet.barclays.co.uk
O1 - Hosts: 69.15.98.210 iibank.barclays.co.uk
O1 - Hosts: 69.15.98.210 iibank.cahoot.com
O1 - Hosts: 69.15.98.210 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 69.15.98.210 ww.hsbc.co.uk
O1 - Hosts: 69.15.98.210 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 69.15.98.210 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 69.15.98.210 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ob2.nationet.com
O1 - Hosts: 69.15.98.210 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 69.15.98.210 ww1.nwolb.com
O1 - Hosts: 69.15.98.210 ww1.onlinebanking.iombank.com
O1 - Hosts: 69.15.98.210 ww1.www.rbsdigital.com
O1 - Hosts: 69.15.98.210 welcome.smile.co.uk
O1 - Hosts: 69.15.98.210 login.365online.com
O1 - Hosts: 69.15.98.210 wvw.citizensbankonline.com
O1 - Hosts: 69.15.98.210 esecure.regionsnet.com
O1 - Hosts: 69.15.98.210 rollb.associatedbank.com
O1 - Hosts: 69.15.98.210 upb.unionplanters.com
O1 - Hosts: 69.15.98.210 http://www.onlinebanking.huntington.com
O1 - Hosts: 69.15.98.210 inet.southtrustonlinebanking.com
O1 - Hosts: 69.15.98.210 logon.personal.wamu.com
O1 - Hosts: 69.15.98.210 login.compassweb.com
O1 - Hosts: 69.15.98.210 logon.firstmeritib.com
O1 - Hosts: 69.15.98.210 login.ccfcuonline.org
O1 - Hosts: 69.15.98.210 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 69.15.98.210 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 69.15.98.210 wvw.totallyfreebanking.com
O1 - Hosts: 69.15.98.210 http://www.online.wellsfargo.com
O1 - Hosts: 69.15.98.210 http://www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 69.15.98.210 accounts4.keybank.com
O1 - Hosts: 69.15.98.210 logon.bankone.com
O1 - Hosts: 69.15.98.210 http://www.secure.tdbanknorth.com
O1 - Hosts: 69.15.98.210 http://www.secure.mvnt4.com
O1 - Hosts: 69.15.98.210 ww.mynfbonline.com
O1 - Hosts: 69.15.98.210 login.forumcuonline.com
O1 - Hosts: 69.15.98.210 http://www.eds.usersonlnet.com
O1 - Hosts: 69.15.98.210 http://www.onlineid.bankofamerica.com
O1 - Hosts: 69.15.98.210 wvw.e-gold.com
O1 - Hosts: 69.15.98.210 pcbs.peoples.com
O1 - Hosts: 69.15.98.210 http://www.global1.onlinebank.com
O1 - Hosts: 69.15.98.210 ww2.mybranch.lafcu.com
O1 - Hosts: 69.15.98.210 login.webbanking.comerica.com
O1 - Hosts: 69.15.98.210 web.banking.firsttennessee.com
O1 - Hosts: 69.15.98.210 logon.members1st.org
O1 - Hosts: 69.15.98.210 http://www.cib.ibanking-services.com
O1 - Hosts: 69.15.98.210 http://www.miwebbusbank.ebanking-services.com
O1 - Hosts: 69.15.98.210 wvw.paypal.com
O1 - Hosts: 69.15.98.210 http://www.signin.ebay.com
O1 - Hosts: 69.15.98.210 wvw.etrade.com
O1 - Hosts: 69.15.98.210 ww4.fleethomelink.fleet.com
O1 - Hosts: 69.15.98.210 ww3.connect.skyfi.com
O1 - Hosts: 69.15.98.210 www6.usbank.com
O1 - Hosts: 69.15.98.210 http://www.bvi.bancodevalencia.es
O1 - Hosts: 69.15.98.210 extrant.banesto.es
O1 - Hosts: 69.15.98.210 banesnt.banesto.es
O1 - Hosts: 69.15.98.210 activia.caixagalicia.es
O1 - Hosts: 69.15.98.210 http://www.bancae.caixapenedes.com
O1 - Hosts: 69.15.98.210 login.caixasabadell.net
O1 - Hosts: 69.15.98.210 oii.cajamadrid.es
O1 - Hosts: 69.15.98.210 login.cajamar.es
O1 - Hosts: 69.15.98.210 login.ccm.es
O1 - Hosts: 69.15.98.210 ww.unicaja.es
O1 - Hosts: 69.15.98.210 www5.bancopopular.es
O1 - Hosts: 69.15.98.210 ww3.bbvanet.com
O1 - Hosts: 69.15.98.210 ww.bayernlb.de
O1 - Hosts: 69.15.98.210 ww2.berliner-volksbank.de
O1 - Hosts: 69.15.98.210 ww7.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 portal09.commerzbanking.de
O1 - Hosts: 69.15.98.210 http://www.meine.deutsche-bank.de
O1 - Hosts: 69.15.98.210 ww2.dresdner-privat.de
O1 - Hosts: 69.15.98.210 ww.e-banking.helaba.de
O1 - Hosts: 69.15.98.210 ww.hsh-nordbank.de
O1 - Hosts: 69.15.98.210 http://www.my.hypovereinsbank.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 http://www.banking.lbbw.de
O1 - Hosts: 69.15.98.210 lrp.sparkasse-banking.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-niedersachsen.de
O1 - Hosts: 69.15.98.210 http://www.onlinebanking.norisbank.de
O1 - Hosts: 69.15.98.210 http://www.banking.postbank.de
O1 - Hosts: 69.15.98.210 wvw.internetbanking.gad.de
O1 - Hosts: 69.15.98.210 ww1.portal.izb.de
O1 - Hosts: 69.15.98.210 wvw.kunden-service.lbs.de
O1 - Hosts: 69.15.98.210 ibanking.seb.de
O1 - Hosts: 69.15.98.210 bw7.sparkasse-banking.de
O1 - Hosts: 69.15.98.210 ww2.homebanking-sparkasse.de
O1 - Hosts: 69.15.98.210 ww2.vr-networld-ebanking.de
O1 - Hosts: 69.15.98.210 ww.bics.fr
O1 - Hosts: 69.15.98.210 http://www.co.caixabank.fr
O1 - Hosts: 69.15.98.210 ww.creditmutuel.fr
O1 - Hosts: 69.15.98.210 internetbank.intesabci.it
O1 - Hosts: 69.15.98.210 ww.extensive.bancalombarda.it
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Update Proxy Class - {6E28339B-7A2A-47B6-AEB2-46BA53782375} - C:\WINDOWS\System32\dllcache\msupdprx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [MSDOS Windows Service] MSDOS.PIF
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Microsoft Update 32] microsoft.exe
O4 - HKLM\..\RunServices: [MSDOS Windows Service] MSDOS.PIF
O4 - HKLM\..\RunServices: [Microsoft Update 32] microsoft.exe
O4 - HKCU\..\Run: [MSDOS Windows Service] MSDOS.PIF
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FB5BFEB-3090-44DE-95EB-9F2FB3363324}: NameServer = 85.37.17.9 151.99.125.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DirectX Graphics (dxdmain) - Unknown owner - C:\WINDOWS\System32\dxdmain.exe
O23 - Service: Remote Procedure Call (RPC) Locator (Locator) - Unknown owner - C:\WINDOWS\System32\rpclocator.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe
O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINDOWS\System32\Netlib.exe
O23 - Service: Net Functions Monitoring (Netmon) - Unknown owner - C:\WINDOWS\System32\Netmon.exe

Dylan lo so ke quelli li devo eliminare ma si rigenerano! Junior ekko tutto il log
in modalita provvisoria nn mi va dice ke manca il file ntoskrn.exe dalla cartella system e VitIt nn mi riesce ad eliminare netlib.exe e dxdmain.exe
kome antivirus ho avg pro v7.0.206 + il VirIt
che ne dite?
Senile
Newbie
 
Post: 4
Iscritto il: 07/08/05 07:50

Postdi Dylan666 » 08/08/05 19:56

Mai vista tanta robaccia tutta insieme!!!! :eeh:
Andiamo per gradi:

  1. Vedo che hai solo il SP1, male, metti il SP2 o almeno un firewall
  2. Usa i programmi citati qui, speriamo che in parte la pulizia la facciano loro
  3. in modalita provvisoria nn mi va dice ke manca il file ntoskrn.exe dalla cartella system

    Se intendevi ntoskrnl vedi qui:
    http://www.pc-facile.com/soluzioni_prob ... p_t149185/
  4. Dylan lo so ke quelli li devo eliminare ma si rigenerano!

    Ora coi programmi giusti e la modalità provvisoria dovresti risolvere. Per capire qunata robaccia hai incolla il log qui:
    http://hijackthis.de/index.php?langselect=italian
Avatar utente
Dylan666
Moderatore
 
Post: 39988
Iscritto il: 18/11/03 16:46

Postdi Senile » 15/08/05 07:25

problema risolto...tnx dylan e junior:)
Senile
Newbie
 
Post: 4
Iscritto il: 07/08/05 07:50


Torna a Sicurezza e Privacy


Topic correlati a "HijackThis nn mi sta aiutando":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 4
Pc lento e Hijackthis
Autore: Flopez
Forum: Assistenza Hardware
Risposte: 3
HijackThis
Autore: franco58
Forum: Sistemi Operativi Windows
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 102 ospiti