|
| HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. | NEI PREFERITI | .:: | RSS Forum | RSS News | NEWS web | NEWS software | |
| PUBBLICITA' | | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | | CERCA nel FORUM » | |
02-09-2007, 15.05.47 | #1 |
Senior Member
Registrato: 22-01-2001
Messaggi: 304
|
Log di Hijackthis : qualcuno puo' controllare ?
ogni tanto sygate mi informa su applicazioni che vorrebbero infiltrarsi, spero di aver fatto sempre le giuste scelte anche se preferisco postarvi il log di Hijackthis in modo da farvelo controllare. Grazie C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programmi\Eset\nod32krn.exe C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Sygate\SPF\smc.exe C:\Programmi\Eset\nod32kui.exe C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programmi\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\pgjnwa.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Azureus\Azureus.exe C:\Programmi\Mozilla Thunderbird\thunderbird.exe C:\Programmi\FreePOPs\freepopsd.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\user\Documenti\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe " O4 - HKLM\..\Run: [Microsoft Update Machine] pgjnwa.exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] pgjnwa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Microsoft Update Machine] pgjnwa.exe O4 - Global Startup: BTTray.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{07CCFB42-2C42-41F6-A411-D49C2F79665E}: NameServer = 85.37.17.15 85.38.28.74 O17 - HKLM\System\CS1\Services\Tcpip\..\{07CCFB42-2C42-41F6-A411-D49C2F79665E}: NameServer = 85.37.17.15 85.38.28.74 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
___________________________________
www.tormento.it |
02-09-2007, 17.47.20 | #2 |
Gold Member
Top Poster
Registrato: 20-08-2002
Loc.: Mestre
Messaggi: 3.563
|
Qualcosa è passato lo stesso
O4 - HKLM\..\Run: [Microsoft Update Machine] pgjnwa.exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] pgjnwa.exe elimina le righe e sopratutto il file. Nod non dice niente di questo file?
___________________________________
Solo gli operai sanno quanto vale il tempo; se lo fanno sempre pagare. |
04-09-2007, 17.51.54 | #3 |
Newbie
Registrato: 16-10-2005
Messaggi: 14
|
Ciao supertraz,
Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria esegui hijackthis clicca su do a system scan only metti il segno di spunta a queste voci: O4 - HKLM\..\Run: [Microsoft Update Machine] pgjnwa.execlicca fix checked Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo PS: ti conviene cambiare Sygate, è una vita che non viene più aggiornato. |
06-09-2007, 22.51.52 | #4 |
Senior Member
Registrato: 22-01-2001
Messaggi: 304
|
Grazie dei consigli,
ho riformattato per un virus balordo, dopo posto il log di hijack cosi' se potete mi date qualche altra dritta. Saluti
___________________________________
www.tormento.it |
06-09-2007, 22.57.11 | #5 |
Senior Member
Registrato: 22-01-2001
Messaggi: 304
|
Ecco il nuovo e grazie per l'aiuto :-)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programmi\PC Connectivity Solution\ServiceLayer.exe C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe C:\Programmi\PC Connectivity Solution\NclBTHandler.exe C:\Programmi\FreePOPs\freepopsd.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\svchost.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Mozilla Thunderbird\thunderbird.exe C:\Documents and Settings\Simone\Desktop\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe " O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{0568427E-6E42-4AE1-9896-8B7F9485BB5F}: NameServer = 85.37.17.15 85.38.28.74 O17 - HKLM\System\CS1\Services\Tcpip\..\{0568427E-6E42-4AE1-9896-8B7F9485BB5F}: NameServer = 85.37.17.15 85.38.28.74 O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sistema Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
___________________________________
www.tormento.it |
Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti) | |
Strumenti discussione | |
|
|
Discussioni simili | ||||
Discussione | Autore discussione | Forum | Risposte | Ultimo messaggio |
Qualcuno mi aiuti per favore | mikemike | Sicurezza&Privacy | 2 | 26-10-2006 00.59.35 |
Controllare pc windows in remoto | GiulioCesare | Internet e Reti locali | 1 | 26-08-2006 16.45.13 |
qualcuno conosce questo film? (titolo) | top gun | Chiacchiere in libertà | 10 | 15-07-2006 14.09.32 |
router sitecom wl-108 come controllare i parametri di linea adsl | s.foca | Internet e Reti locali | 0 | 17-11-2005 08.38.32 |
log di hijackthis | joey | Software applicativo | 8 | 04-09-2005 09.41.14 |