|
|||||||
|
|
|
 |
|
|
Strumenti |
06-10-2007, 09:16
|
#1 |
|
Junior Member
Iscritto dal: Oct 2007
Messaggi: 5
|
winjrs32 file sospetto?
Ciao a tutti sono nuova su questo forum.
Ho un problema o penso di averlo potreste aiutarmi a risolverlo? Questo file mi dice di essere in C\windows ma in pratica se vado a ricercarlo non c'è come mai? e cmq sia è un file sospetto? Vi posto log di Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 9.50.32, on 06/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe C:\Programmi\File comuni\Teleca Shared\Generic.exe C:\Documents and Settings\Claudia\Documenti\Programmi\HijackThis.exe C:\Programmi\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = NOT USED (OK) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [zSPGuard] c:\programmi\pjw\spguard\spguard.exe /s /r O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" O4 - Global Startup: DSLMON.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - O17 - HKLM\System\CCS\Services\Tcpip\..\{881A2912-132F-4DEB-8098-F7C409228649}: NameServer = 193.70.152.15 193.70.152.25 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Grazie per l'aiuto Ciao buona giornata 
|
|
|
|
06-10-2007, 09:26
|
#2 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Fixa:
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\ Disattiva ripristino configurazione sistema, se non sai come fare leggi la guida del Supporto Tecnico Microsoft http://support.microsoft.com/kb/310405/it Scarica CCleaner per la pulizia dei file temporanei da qui: http://www.filehippo.com/download/83...b540/download/ installalo senza la toolbar di Yahoo, lancialo, clicca su opzione, avanzate, spunta la casella "Cancella file Windows Temp solo se più vecchi di 48 ore" e avvia la pulizia. Scarica a-squared free da qui: http://www.emsisoft.it/it/software/download/ installalo, lancialo, aggiornalo e fagli fare una "Deep scan" Scarica SysClean da qui: http://it.trendmicro-europe.com/file...c/sysclean.com per praticità salvalo sul DeskTop in un cartella che chiamerai SysClean Scarica le definizioni dei virus da qui: http://it.trendmicro-europe.com/ente...rt/pattern.php scompatta all'interno della cartella creata il file compresso contenente le definizioni Riavvia il PC in modalità provvisoria F8, esegui SysClean, copi ed incolli il log nel prossimo post
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 06-10-2007 alle 09:32. |
|
|
|
|
06-10-2007, 11:25
|
#3 |
|
Junior Member
Iscritto dal: Oct 2007
Messaggi: 5
|
fatto tutto...
questo è il log di Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 12.24.52, on 06/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\a-squared Free\a2service.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe C:\Programmi\File comuni\Teleca Shared\Generic.exe C:\Documents and Settings\Claudia\Documenti\Programmi\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = NOT USED (OK) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [zSPGuard] c:\programmi\pjw\spguard\spguard.exe /s /r O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: DSLMON.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe che ne pensi??? |
|
|
|
|
06-10-2007, 11:26
|
#4 |
|
Junior Member
Iscritto dal: Oct 2007
Messaggi: 5
|
ah.. e questo è il log de sysclean
/--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2006, Trend Micro, Inc. | | http://www.antivirus.com | \--------------------------------------------------------------/ 2007-10-06, 11:27:48, Auto-clean mode specified. 2007-10-06, 11:27:48, Running scanner "C:\Documents and Settings\Claudia\Desktop\SysClean\TSC.BIN"... 2007-10-06, 11:31:51, Scanner "C:\Documents and Settings\Claudia\Desktop\SysClean\TSC.BIN" has finished running. 2007-10-06, 11:31:51, TSC Log: 2007-10-06, 11:32:48, An error was detected on "C:\System Volume Information\*.*": Accesso negato. 2007-10-06, 12:15:34, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/6/2007 11:33:16 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 759 (234961 Patterns) (2007/10/04) (475900) Command Line: C:\Documents and Settings\Claudia\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Claudia\Desktop\SysClean 40379 files have been read. 40379 files have been checked. 37605 files have been scanned. 91728 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/6/2007 12:15:33 ---------*---------*---------*---------*---------*---------*---------*---------* 2007-10-06, 12:15:34, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/6/2007 11:33:15 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 759 (234961 Patterns) (2007/10/04) (475900) Command Line: C:\Documents and Settings\Claudia\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Claudia\Desktop\SysClean 40379 files have been read. 40379 files have been checked. 37605 files have been scanned. 91728 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/6/2007 12:15:33 42 minutes 17 seconds (2537.22 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2007-10-06, 12:15:34, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/6/2007 11:33:16 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 759 (234961 Patterns) (2007/10/04) (475900) Command Line: C:\Documents and Settings\Claudia\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Claudia\Desktop\SysClean 40379 files have been read. 40379 files have been checked. 37605 files have been scanned. 91728 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/6/2007 12:15:33 42 minutes 17 seconds (2537.22 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2007-10-06, 12:15:34, Scanner "C:\Documents and Settings\Claudia\Desktop\SysClean\VSCANTM.BIN" has finished running. |
|
|
|
|
06-10-2007, 11:38
|
#5 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Sembra OK, ancora problemi?
__________________
Try again and you will be luckier.
|
|
|
|
|
06-10-2007, 11:48
|
#6 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 29028
|
si tratta di un trojan.
probabilmente se abiliti da pannello di controllo/opzioni cartella/visualizzazione l'opzione "visualizza file nascosti" potrai vederlo pure te. strano piuttosto che non si avvi con windows,probabilmente gli hai dato un nega accesso con avast piuttosto che un elimina/sposta in quarantena |
|
|
|
|
06-10-2007, 11:55
|
#7 |
|
Junior Member
Iscritto dal: Oct 2007
Messaggi: 5
|
Nessun problema! e di quel file + nessuna traccia.
Grazie ancora per avermi aiutata
|
|
|
|
|
06-10-2007, 15:15
|
#8 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 19:21.
