Telefonino.net network
 
| HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. NEI PREFERITI .:: | RSS Forum | RSS News | NEWS web | NEWS software |
| PUBBLICITA' | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | CERCA nel FORUM » |

Torna indietro   WinTricks Forum > Antivirus&Sicurezza > Sicurezza&Privacy

Notices

Rispondi
 
Strumenti discussione
Vecchio 02-09-2007, 15.05.47   #1
supertraz
Senior Member
 
Registrato: 22-01-2001
Messaggi: 304
supertraz promette bene
Log di Hijackthis : qualcuno puo' controllare ?

Ciao,
ogni tanto sygate mi informa su applicazioni che vorrebbero infiltrarsi, spero di aver fatto sempre le giuste scelte anche se preferisco postarvi il log di Hijackthis in modo da farvelo controllare. Grazie

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\pgjnwa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Azureus\Azureus.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Documenti\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [Microsoft Update Machine] pgjnwa.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] pgjnwa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Microsoft Update Machine] pgjnwa.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{07CCFB42-2C42-41F6-A411-D49C2F79665E}: NameServer = 85.37.17.15 85.38.28.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{07CCFB42-2C42-41F6-A411-D49C2F79665E}: NameServer = 85.37.17.15 85.38.28.74
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
___________________________________

www.tormento.it
supertraz non è collegato   Rispondi citando
Vecchio 02-09-2007, 17.47.20   #2
crazy.cat
Gold Member
Top Poster
 
L'avatar di crazy.cat
 
Registrato: 20-08-2002
Loc.: Mestre
Messaggi: 3.563
crazy.cat promette bene
Qualcosa è passato lo stesso
O4 - HKLM\..\Run: [Microsoft Update Machine] pgjnwa.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] pgjnwa.exe
elimina le righe e sopratutto il file.
Nod non dice niente di questo file?
___________________________________

Solo gli operai sanno quanto vale il tempo; se lo fanno sempre pagare.
crazy.cat non è collegato   Rispondi citando
Vecchio 04-09-2007, 17.51.54   #3
Logan999
Newbie
 
Registrato: 16-10-2005
Messaggi: 14
Logan999 promette bene
Ciao supertraz,

Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
O4 - HKLM\..\Run: [Microsoft Update Machine] pgjnwa.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] pgjnwa.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] pgjnwa.exe
clicca fix checked
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo

PS: ti conviene cambiare Sygate, è una vita che non viene più aggiornato.
Logan999 non è collegato   Rispondi citando
Vecchio 06-09-2007, 22.51.52   #4
supertraz
Senior Member
 
Registrato: 22-01-2001
Messaggi: 304
supertraz promette bene
Grazie dei consigli,
ho riformattato per un virus balordo, dopo posto il log di hijack cosi' se potete mi date qualche altra dritta.
Saluti
___________________________________

www.tormento.it
supertraz non è collegato   Rispondi citando
Vecchio 06-09-2007, 22.57.11   #5
supertraz
Senior Member
 
Registrato: 22-01-2001
Messaggi: 304
supertraz promette bene
Ecco il nuovo e grazie per l'aiuto :-)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\PC Connectivity Solution\NclBTHandler.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Simone\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0568427E-6E42-4AE1-9896-8B7F9485BB5F}: NameServer = 85.37.17.15 85.38.28.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{0568427E-6E42-4AE1-9896-8B7F9485BB5F}: NameServer = 85.37.17.15 85.38.28.74
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sistema Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
___________________________________

www.tormento.it
supertraz non è collegato   Rispondi citando
Rispondi


Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti)
 
Strumenti discussione

Regole di scrittura
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is ON
Gli smilies sono ON
[IMG] è ON
Il codice HTML è OFF

Vai al forum

Discussioni simili
Discussione Autore discussione Forum Risposte Ultimo messaggio
Qualcuno mi aiuti per favore mikemike Sicurezza&Privacy 2 26-10-2006 00.59.35
Controllare pc windows in remoto GiulioCesare Internet e Reti locali 1 26-08-2006 16.45.13
qualcuno conosce questo film? (titolo) top gun Chiacchiere in libertà 10 15-07-2006 14.09.32
router sitecom wl-108 come controllare i parametri di linea adsl s.foca Internet e Reti locali 0 17-11-2005 08.38.32
log di hijackthis joey Software applicativo 8 04-09-2005 09.41.14

Orario GMT +2. Ora sono le: 13.41.56.


E' vietata la riproduzione, anche solo in parte, di contenuti e grafica.
Copyright © 1999-2017 Edizioni Master S.p.A. p.iva: 02105820787 • Tutti i diritti sono riservati
L'editore NON si assume nessuna responsabilità dei contenuti pubblicati sul forum in quanto redatti direttamente dagli utenti.
Questi ultimi sono responsabili dei contenuti da loro riportati nelle discussioni del forum
Powered by vBulletin - 2010 Copyright © Jelsoft Enterprises Limited.