Ciao a tutti!
Ringrazio in anticipo quanti potranno aiutarmi.
Da un po' di giorni, da quando il mio Norton AV mi ha segnalato la presenza di un trojan Jackposh, ho un po' di problemi!!
In pratica se cerco di fare una scansione anche in modalità provvisoria con SPybotS&D, Norton, e simili e se solo vado con il mouse sulla cartella system32, il mio pc va in crash e si riavvia eseguendo il controllo di coerenza dell'hard disk
A ottobre ho gia estirpato Hacktool rootkit ma con questo sembra non ci si a niente da fare!
Vi posto un log di Hijackthis
Logfile of HijackThis v1.99.0
Scan saved at 21.23.10, on 13/02/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\HiJackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programmi\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: BHRP - Sysinternals - www.sysinternals.com - C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\BHRP.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: DAJAOCMDHI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\DAJAOCMDHI.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EQMAEHOZP - Sysinternals - www.sysinternals.com - C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\EQMAEHOZP.exe
O23 - Service: FreePOPs - Unknown - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: HNTFEWWU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\HNTFEWWU.exe
O23 - Service: IDIM - Sysinternals - www.sysinternals.com - C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\IDIM.exe
O23 - Service: IZEPBCCBOWA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\IZEPBCCBOWA.exe
O23 - Service: LANJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\LANJ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PD - Sysinternals - www.sysinternals.com - C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\PD.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SZIPQGH - Sysinternals - www.sysinternals.com - C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\SZIPQGH.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
O23 - Service: YWH - Sysinternals - www.sysinternals.com - C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\YWH.exe
Queste sono invece le finestre che compaiono al riavvio
Identificativo:
BCCode : 44 BCP1 : 81309C38 BCP2 : 00000D60 BCP3 : 00000000
BCP4 : 00000000 OSVer : 5_1_2600 SP : 0_0 Product : 768_1
Nella sgnalazione errori verranno inclusi I seguenti file:
C:\WINDOWS\Minidump\Mini021707-01.dmp
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\WER16.tmp.dir00 \sysdata.xml
Da un utente o da un programma sono state richieste informazioni da 81.29.241.233. Quale connessione utilizzare?
grazie a tutti coloro che mi faranno evitare il format c:!!!!!!
Rispondi quotando
