View Full Version : problema con sygate...
...ciao...ho istallato sygate personal firewall pro...ed ho fatto il test firewall...esattamente stealth scan....il quale mi ha datto come responso...
SSH
22
OPEN
Secure Shell, a encrypted type of Telnet. If misconfigured it can allow for brute-force attacks on your administration account.
..cioè mi ha trovato aperta la porta 22...come fare a chiuderla?...grazie a chi mi risponderà...ciao...
ma la domanda è: perchè è aperta??
usi sql ? ssh?
la porta è quella dell'interfaccia ssh
sygate può sicuramente bloccare l'accesso ma è meglio se chiudi il servizio da SO
...già ma come si fa a chiuderlo?....te lo sai?....non so cosa sia sto ssh?..boh... :help:
ma tu hai installato qualche cosa di recente???
prova a vedere con currports se ti rimane aperta in listening la porta 22
..che è currports ? un programma? :confused:
una piccola utility
monitora le connessioni che sono presenti sul pc e le porte "in ascolto"
..mi ha dato questo
==================================================
Process Name : alg.exe
Process ID : 2112
Protocol : TCP
Local Port : 1029
Local Port Name :
Local Address : 127.0.0.1
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\alg.exe
Product Name : Microsoft® Windows® Operating System
File Description : Application Layer Gateway Service
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.47
User Name :
Process Services : ALG
Process Attributes: A
==================================================
==================================================
Process Name : firefox.exe
Process ID : 1028
Protocol : TCP
Local Port : 1076
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 1077
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Programmi\Mozilla Firefox\firefox.exe
Product Name : Firefox
File Description : Firefox
File Version : 1.8.0.2: 2006030804
Company : Mozilla Corporation
Process Created On: 14/04/2006 13.48.25
User Name : ANDREA-1ML8Y5LR\andrea
Process Services :
Process Attributes: A
==================================================
==================================================
Process Name : firefox.exe
Process ID : 1028
Protocol : TCP
Local Port : 1077
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 1076
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Programmi\Mozilla Firefox\firefox.exe
Product Name : Firefox
File Description : Firefox
File Version : 1.8.0.2: 2006030804
Company : Mozilla Corporation
Process Created On: 14/04/2006 13.48.25
User Name : ANDREA-1ML8Y5LR\andrea
Process Services :
Process Attributes: A
==================================================
==================================================
Process Name : firefox.exe
Process ID : 1028
Protocol : TCP
Local Port : 1192
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Programmi\Mozilla Firefox\firefox.exe
Product Name : Firefox
File Description : Firefox
File Version : 1.8.0.2: 2006030804
Company : Mozilla Corporation
Process Created On: 14/04/2006 13.48.25
User Name : ANDREA-1ML8Y5LR\andrea
Process Services :
Process Attributes: A
==================================================
==================================================
Process Name : inetinfo.exe
Process ID : 224
Protocol : TCP
Local Port : 25
Local Port Name : smtp
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\inetsrv\inetinfo.exe
Product Name : Internet Information Services
File Description : Internet Information Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.41
User Name : NT AUTHORITY\SYSTEM
Process Services : IISADMIN, SMTPSVC, W3SVC
Process Attributes: A
==================================================
==================================================
Process Name : inetinfo.exe
Process ID : 224
Protocol : TCP
Local Port : 80
Local Port Name : http
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\inetsrv\inetinfo.exe
Product Name : Internet Information Services
File Description : Internet Information Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.41
User Name : NT AUTHORITY\SYSTEM
Process Services : IISADMIN, SMTPSVC, W3SVC
Process Attributes: A
==================================================
==================================================
Process Name : inetinfo.exe
Process ID : 224
Protocol : TCP
Local Port : 443
Local Port Name : https
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\inetsrv\inetinfo.exe
Product Name : Internet Information Services
File Description : Internet Information Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.41
User Name : NT AUTHORITY\SYSTEM
Process Services : IISADMIN, SMTPSVC, W3SVC
Process Attributes: A
==================================================
==================================================
Process Name : inetinfo.exe
Process ID : 224
Protocol : TCP
Local Port : 1026
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\inetsrv\inetinfo.exe
Product Name : Internet Information Services
File Description : Internet Information Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.41
User Name : NT AUTHORITY\SYSTEM
Process Services : IISADMIN, SMTPSVC, W3SVC
Process Attributes: A
==================================================
==================================================
Process Name : inetinfo.exe
Process ID : 224
Protocol : UDP
Local Port : 3456
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\System32\inetsrv\inetinfo.exe
Product Name : Internet Information Services
File Description : Internet Information Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.41
User Name : NT AUTHORITY\SYSTEM
Process Services : IISADMIN, SMTPSVC, W3SVC
Process Attributes: A
==================================================
==================================================
Process Name : lsass.exe
Process ID : 920
Protocol : UDP
Local Port : 500
Local Port Name : isakmp
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\lsass.exe
Product Name : Microsoft® Windows® Operating System
File Description : LSA Shell (Export Version)
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.36
User Name : NT AUTHORITY\SYSTEM
Process Services : NtLmSsp, PolicyAgent, ProtectedStorage, SamSs
Process Attributes: A
==================================================
==================================================
Process Name : lsass.exe
Process ID : 920
Protocol : UDP
Local Port : 4500
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\lsass.exe
Product Name : Microsoft® Windows® Operating System
File Description : LSA Shell (Export Version)
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.36
User Name : NT AUTHORITY\SYSTEM
Process Services : NtLmSsp, PolicyAgent, ProtectedStorage, SamSs
Process Attributes: A
==================================================
==================================================
Process Name : mqsvc.exe
Process ID : 1328
Protocol : TCP
Local Port : 1028
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\mqsvc.exe
Product Name : Microsoft Message Queue
File Description : Message Queuing Service
File Version : 5.01.1108
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.44
User Name : NT AUTHORITY\SYSTEM
Process Services : MSMQ
Process Attributes: A
==================================================
==================================================
Process Name : mqsvc.exe
Process ID : 1328
Protocol : TCP
Local Port : 1801
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\mqsvc.exe
Product Name : Microsoft Message Queue
File Description : Message Queuing Service
File Version : 5.01.1108
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.44
User Name : NT AUTHORITY\SYSTEM
Process Services : MSMQ
Process Attributes: A
==================================================
==================================================
Process Name : mqsvc.exe
Process ID : 1328
Protocol : TCP
Local Port : 2103
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\mqsvc.exe
Product Name : Microsoft Message Queue
File Description : Message Queuing Service
File Version : 5.01.1108
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.44
User Name : NT AUTHORITY\SYSTEM
Process Services : MSMQ
Process Attributes: A
==================================================
==================================================
Process Name : mqsvc.exe
Process ID : 1328
Protocol : TCP
Local Port : 2105
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\mqsvc.exe
Product Name : Microsoft Message Queue
File Description : Message Queuing Service
File Version : 5.01.1108
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.44
User Name : NT AUTHORITY\SYSTEM
Process Services : MSMQ
Process Attributes: A
==================================================
==================================================
Process Name : mqsvc.exe
Process ID : 1328
Protocol : TCP
Local Port : 2107
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\mqsvc.exe
Product Name : Microsoft Message Queue
File Description : Message Queuing Service
File Version : 5.01.1108
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.44
User Name : NT AUTHORITY\SYSTEM
Process Services : MSMQ
Process Attributes: A
==================================================
==================================================
Process Name : mqsvc.exe
Process ID : 1328
Protocol : UDP
Local Port : 1027
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\System32\mqsvc.exe
Product Name : Microsoft Message Queue
File Description : Message Queuing Service
File Version : 5.01.1108
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.44
User Name : NT AUTHORITY\SYSTEM
Process Services : MSMQ
Process Attributes: A
==================================================
==================================================
Process Name : mqsvc.exe
Process ID : 1328
Protocol : UDP
Local Port : 3527
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\System32\mqsvc.exe
Product Name : Microsoft Message Queue
File Description : Message Queuing Service
File Version : 5.01.1108
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.44
User Name : NT AUTHORITY\SYSTEM
Process Services : MSMQ
Process Attributes: A
==================================================
==================================================
Process Name : onspeedcore.exe
Process ID : 2324
Protocol : TCP
Local Port : 1111
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 1112
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Programmi\ONSPEED\onspeedcore.exe
Product Name : SlipStream SP
File Description : Accelerator Core Services
File Version : 4.0.1
Company : SlipStream Data Inc.
Process Created On: 14/04/2006 13.44.47
User Name : ANDREA-1ML8Y5LR\andrea
Process Services :
Process Attributes: A
==================================================
==================================================
Process Name : onspeedcore.exe
Process ID : 2324
Protocol : TCP
Local Port : 1112
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 1111
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Programmi\ONSPEED\onspeedcore.exe
Product Name : SlipStream SP
File Description : Accelerator Core Services
File Version : 4.0.1
Company : SlipStream Data Inc.
Process Created On: 14/04/2006 13.44.47
User Name : ANDREA-1ML8Y5LR\andrea
Process Services :
Process Attributes: A
==================================================
==================================================
Process Name : onspeedcore.exe
Process ID : 2324
Protocol : TCP
Local Port : 5400
Local Port Name :
Local Address : 127.0.0.1
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\Programmi\ONSPEED\onspeedcore.exe
Product Name : SlipStream SP
File Description : Accelerator Core Services
File Version : 4.0.1
Company : SlipStream Data Inc.
Process Created On: 14/04/2006 13.44.47
User Name : ANDREA-1ML8Y5LR\andrea
Process Services :
Process Attributes: A
==================================================
==================================================
Process Name : onspeedcore.exe
Process ID : 2324
Protocol : TCP
Local Port : 5400
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 1192
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Programmi\ONSPEED\onspeedcore.exe
Product Name : SlipStream SP
File Description : Accelerator Core Services
File Version : 4.0.1
Company : SlipStream Data Inc.
Process Created On: 14/04/2006 13.44.47
User Name : ANDREA-1ML8Y5LR\andrea
Process Services :
Process Attributes: A
==================================================
==================================================
Process Name : onspeedcore.exe
Process ID : 2324
Protocol : TCP
Local Port : 1136
Local Port Name :
Local Address : 151.80.10.138
Remote Port : 7000
Remote Port Name :
Remote Address : 212.100.243.192
Remote Host Name :
State : Established
Process Path : C:\Programmi\ONSPEED\onspeedcore.exe
Product Name : SlipStream SP
File Description : Accelerator Core Services
File Version : 4.0.1
Company : SlipStream Data Inc.
Process Created On: 14/04/2006 13.44.47
User Name : ANDREA-1ML8Y5LR\andrea
Process Services :
Process Attributes: A
==================================================
==================================================
Process Name : smc.exe
Process ID : 1232
Protocol : UDP
Local Port : 1025
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\Programmi\Sygate\SPF\smc.exe
Product Name : Sygate® Security Agent and Personal Firewall
File Description : Sygate Agent Firewall
File Version : 5.5.00.2637
Company : Sygate Technologies, Inc.
Process Created On: 14/04/2006 13.44.37
User Name : NT AUTHORITY\SYSTEM
Process Services : SmcService
Process Attributes: A
==================================================
==================================================
Process Name : smc.exe
Process ID : 1232
Protocol : UDP
Local Port : 1068
Local Port Name :
Local Address : 127.0.0.1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\Programmi\Sygate\SPF\smc.exe
Product Name : Sygate® Security Agent and Personal Firewall
File Description : Sygate Agent Firewall
File Version : 5.5.00.2637
Company : Sygate Technologies, Inc.
Process Created On: 14/04/2006 13.44.37
User Name : NT AUTHORITY\SYSTEM
Process Services : SmcService
Process Attributes: A
==================================================
==================================================
Process Name : svchost.exe
Process ID : 1140
Protocol : TCP
Local Port : 135
Local Port Name : epmap
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.37
User Name :
Process Services : RpcSs
Process Attributes: A
==================================================
==================================================
Process Name : svchost.exe
Process ID : 2532
Protocol : TCP
Local Port : 1808
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.48
User Name : ANDREA-1ML8Y5LR\andrea
Process Services :
Process Attributes: A
==================================================
==================================================
Process Name : svchost.exe
Process ID : 2532
Protocol : TCP
Local Port : 1155
Local Port Name :
Local Address : 151.80.10.138
Remote Port : 5190
Remote Port Name :
Remote Address : 205.209.179.11
Remote Host Name :
State : Established
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.48
User Name : ANDREA-1ML8Y5LR\andrea
Process Services :
Process Attributes: A
==================================================
==================================================
Process Name : svchost.exe
Process ID : 1400
Protocol : UDP
Local Port : 1062
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.38
User Name :
Process Services : Dnscache
Process Attributes: A
==================================================
==================================================
Process Name : svchost.exe
Process ID : 1400
Protocol : UDP
Local Port : 1067
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.38
User Name :
Process Services : Dnscache
Process Attributes: A
==================================================
==================================================
Process Name : svchost.exe
Process ID : 1192
Protocol : UDP
Local Port : 123
Local Port Name : ntp
Local Address : 127.0.0.1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.37
User Name : NT AUTHORITY\SYSTEM
Process Services : AudioSrv, BITS, Browser, CryptSvc, Dhcp, dmserver, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule
Process Attributes: A
==================================================
==================================================
Process Name : svchost.exe
Process ID : 1540
Protocol : UDP
Local Port : 1900
Local Port Name :
Local Address : 127.0.0.1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.39
User Name :
Process Services : LmHosts, SSDPSRV, upnphost, WebClient
Process Attributes: A
==================================================
==================================================
Process Name : svchost.exe
Process ID : 1192
Protocol : UDP
Local Port : 123
Local Port Name : ntp
Local Address : 151.80.10.138
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.37
User Name : NT AUTHORITY\SYSTEM
Process Services : AudioSrv, BITS, Browser, CryptSvc, Dhcp, dmserver, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule
Process Attributes: A
==================================================
==================================================
Process Name : svchost.exe
Process ID : 1540
Protocol : UDP
Local Port : 1900
Local Port Name :
Local Address : 151.80.10.138
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.39
User Name :
Process Services : LmHosts, SSDPSRV, upnphost, WebClient
Process Attributes: A
==================================================
==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 445
Local Port Name : microsoft-ds
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : System
Process ID : 280
Protocol : TCP
Local Port : 1110
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 14/04/2006 13.44.41
User Name : NT AUTHORITY\SYSTEM
Process Services : kavsvc
Process Attributes:
==================================================
==================================================
Process Name : System
Process ID : 280
Protocol : TCP
Local Port : 1125
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 14/04/2006 13.44.41
User Name : NT AUTHORITY\SYSTEM
Process Services : kavsvc
Process Attributes:
==================================================
==================================================
Process Name : System
Process ID : 4
Protocol : UDP
Local Port : 445
Local Port Name : microsoft-ds
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : tcpsvcs.exe
Process ID : 508
Protocol : TCP
Local Port : 7
Local Port Name : echo
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\tcpsvcs.exe
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Services Application
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.42
User Name : NT AUTHORITY\SYSTEM
Process Services : SimpTcp
Process Attributes: A
==================================================
==================================================
Process Name : tcpsvcs.exe
Process ID : 508
Protocol : TCP
Local Port : 9
Local Port Name : discard
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\tcpsvcs.exe
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Services Application
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.42
User Name : NT AUTHORITY\SYSTEM
Process Services : SimpTcp
Process Attributes: A
==================================================
==================================================
Process Name : tcpsvcs.exe
Process ID : 508
Protocol : TCP
Local Port : 13
Local Port Name : daytime
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\tcpsvcs.exe
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Services Application
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.42
User Name : NT AUTHORITY\SYSTEM
Process Services : SimpTcp
Process Attributes: A
==================================================
==================================================
Process Name : tcpsvcs.exe
Process ID : 508
Protocol : TCP
Local Port : 17
Local Port Name : qotd
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\tcpsvcs.exe
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Services Application
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.42
User Name : NT AUTHORITY\SYSTEM
Process Services : SimpTcp
Process Attributes: A
==================================================
==================================================
Process Name : tcpsvcs.exe
Process ID : 508
Protocol : TCP
Local Port : 19
Local Port Name : chargen
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\tcpsvcs.exe
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Services Application
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.42
User Name : NT AUTHORITY\SYSTEM
Process Services : SimpTcp
Process Attributes: A
==================================================
==================================================
Process Name : tcpsvcs.exe
Process ID : 508
Protocol : UDP
Local Port : 7
Local Port Name : echo
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\System32\tcpsvcs.exe
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Services Application
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.42
User Name : NT AUTHORITY\SYSTEM
Process Services : SimpTcp
Process Attributes: A
==================================================
==================================================
Process Name : tcpsvcs.exe
Process ID : 508
Protocol : UDP
Local Port : 9
Local Port Name : discard
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\System32\tcpsvcs.exe
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Services Application
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.42
User Name : NT AUTHORITY\SYSTEM
Process Services : SimpTcp
Process Attributes: A
==================================================
==================================================
Process Name : tcpsvcs.exe
Process ID : 508
Protocol : UDP
Local Port : 13
Local Port Name : daytime
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\System32\tcpsvcs.exe
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Services Application
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.42
User Name : NT AUTHORITY\SYSTEM
Process Services : SimpTcp
Process Attributes: A
==================================================
==================================================
Process Name : tcpsvcs.exe
Process ID : 508
Protocol : UDP
Local Port : 17
Local Port Name : qotd
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\System32\tcpsvcs.exe
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Services Application
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.42
User Name : NT AUTHORITY\SYSTEM
Process Services : SimpTcp
Process Attributes: A
==================================================
==================================================
Process Name : tcpsvcs.exe
Process ID : 508
Protocol : UDP
Local Port : 19
Local Port Name : chargen
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\System32\tcpsvcs.exe
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Services Application
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Process Created On: 14/04/2006 13.44.42
User Name : NT AUTHORITY\SYSTEM
Process Services : SimpTcp
Process Attributes: A
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1179
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1183
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1184
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1186
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1187
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1189
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1190
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1191
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1193
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1194
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1195
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1196
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5400
Remote Port Name :
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
==================================================
...e chi ci capisce qualcosa...te lo sai leggere?.. :help:
sei un colabrodo
ma perchè hai tutti quei servizi in listening??
hai tutta una serie di files di xp che io non ho... ma che versione è?
xp?
potresti postare solo lo screen shot di quello che vedi su currports appena lo apri? chiudendo browser e atri programmi che vanno sulla rete prima?
e altra cosa, a questo punto: posta un log di hijackthis nel thread in rilievo
è xp professional...boh...
sembra che il tuo pc sia stato configurato come server...
fai una scansione con ewido www.ewido.net e posta DOPO un log di hijackthis
..ewido non mi ha trovato nulla...hitga..ecc ecc.mi ha trovato questo..
StartupList report, 14/04/2006, 15.39.26
StartupList version: 1.52.2
Started from : C:\DOCUME~1\andrea\IMPOST~1\Temp\Rar$EX22.656\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ONSPEED\onspeedcore.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\ONSPEED\onspeedgui.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\andrea\IMPOST~1\Temp\Rar$EX22.656\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\andrea\Menu Avvio\Programmi\Esecuzione automatica]
OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ONSPEED.lnk = C:\Programmi\ONSPEED\onspeedgui.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
SlipStream = "C:\Programmi\ONSPEED\onspeedcore.exe"
QuickTime Task = "C:\Programmi\QuickTime\qttask.exe" -atboottime
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
Persistence = C:\WINDOWS\system32\igfxpers.exe
High Definition Audio Property Page Shortcut = HDAShCut.exe
AzMixerSel = C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
RTHDCPL = RTHDCPL.EXE
Alcmtr = ALCMTR.EXE
SynTPLpr = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
.nvsvc = C:\WINDOWS\system\smss.exe /w
SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer = C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Programmi\ONSPEED\PBHelper.dll - {4115122B-85FF-4DD3-9515-F075BEDE5EB5}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #4: C:\WINDOWS\system32\wshbth.dll
Protocol #1: C:\PROGRA~1\ONSPEED\sliplsp.dll
Protocol #2: C:\PROGRA~1\ONSPEED\sliplsp.dll
Protocol #3: C:\PROGRA~1\ONSPEED\sliplsp.dll
Protocol #4: C:\PROGRA~1\ONSPEED\sliplsp.dll
Protocol #5: C:\PROGRA~1\ONSPEED\sliplsp.dll
Protocol #14: C:\PROGRA~1\ONSPEED\sliplsp.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
--------------------------------------------------
End of report, 5.848 bytes
Report generated in 0,156 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
vBulletin® v3.6.4, Copyright ©2000-2026, Jelsoft Enterprises Ltd.