virus: csrcs.exe usbdrv.exe

**silvia_rm** · 21-03-2010, 12:57

ciao ragazzi vi chiedo una mano grande grande!
giorni fa mi si è aperto un messaggio di errore "impossibile aprire csrcs.exe" ho passato AVG e mi ha trovato dei virus, ho passato malwaresbytes e mi ha trovato 7 infezioni che ho cancellato... dopodichè ho ripassato AVG e malwarebytes e non mi ha trovato niente.
Oggi andando ad aprire C: mi si è aperto un messaggio di errore su usbdrv.exe
come devo fare? (vi chiedo solo di non farmi usare kasperspy che l'ultima volta mi ha fatto impazzire il pc )
il mio computer è collegato in rete ad altri due + una stampante non è che mi si infetta tutto ?

GRAZIE GRAZIE

Silvia

**menatwork** · 21-03-2010, 13:07

BUONGIORNO

per sicurezza scollega il pc dagli altri

scarica hijackthis

lancia il programma cliccando l’eseguibile e avvia la scansione, scegliendo la voce "Do a system scan and save a logfile"

Ricordati di mettere HIJACKTHIS in una cartella a lui dedicata (in Programmi o Documenti), l'importante è che non si trovi sul desktop o in cartelle temporanee è importante se vuoi salvare i backup

Posta il log che rilascia

**silvia_rm** · 21-03-2010, 13:55

scusa ma non so come allegarlo :

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:48:51, on 21/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\AVG\AVG9\avgchsvx.exe
D:\Programmi\AVG\AVG9\avgrsx.exe
D:\Programmi\AVG\AVG9\avgcsrvx.exe
D:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Programmi\AVG\AVG9\avgwdsvc.exe
D:\Programmi\Java\jre6\bin\jqs.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\AVG\AVG9\avgnsx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Programmi\File comuni\Real\Update_OB\realsched.exe
D:\Programmi\iTunes\iTunesHelper.exe
D:\Programmi\Java\jre6\bin\jusched.exe
D:\Programmi\Epson Software\FAX Utility\FUFAXSTM.exe
D:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\WgaTray.exe
D:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIF JE.EXE
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIF JE.EXE
D:\Programmi\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
D:\Programmi\iPod\bin\iPodService.exe
D:\Programmi\PC Connectivity Solution\ServiceLayer.exe
D:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Programmi\AVG\AVG9\avgcsrvx.exe
D:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Programmi\Microsoft\Office Live\OfficeLiveSignIn.exe
D:\Programmi\Windows Live\Messenger\msnmsgr.exe
D:\Programmi\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\system32\msiexec.exe
D:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe
D:\Programmi\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - D:\Programmi\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - D:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - D:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - D:\Programmi\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - D:\Programmi\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - D:\Programmi\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - D:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] D:\Programmi\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [FUFAXSTM] "D:\Programmi\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] D:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [EPSON SX610FW Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIF JE.EXE /FU "D:\WINDOWS\TEMP\E_S62.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Epson Stylus SX610FW(Rete)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIF JE.EXE /FU "D:\WINDOWS\TEMP\E_S52.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = D:\Programmi\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kasperskyitalia.it/serviz...an_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176144854562
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-9cd9b86dd9b27642.spaces.l...d/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - D:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - D:\Programmi\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - D:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - D:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - D:\Programmi\OpenVPN\bin\openvpnserv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\Programmi\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\Programmi\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - D:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11719 bytes

**menatwork** · 21-03-2010, 14:17

volevo chiederti......il tuo S.O. e' in C:\ ?

Avvia Hijack e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - D:\Programmi\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - D:\Programmi\pdfforge Toolbar\WidgiToolbarIE.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - D:\Programmi\pdfforge Toolbar\SearchSettings.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - D:\Programmi\pdfforge Toolbar\WidgiToolbarIE.dll

O4 - HKLM\..\Run: [SearchSettings] D:\Programmi\pdfforge Toolbar\SearchSettings.exe

scarica combofix sul desktop ed eseguilo

(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

**silvia_rm** · 21-03-2010, 21:26

ComboFix 10-03-20.06 - silvia 21/03/2010 19:48:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.767.358 [GMT 1:00]
Eseguito da: d:\documents and settings\silvia\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

C:\Autorun.inf
d:\documents and settings\monti\Cookies\hpothb07.dat
d:\programmi\pdfforge Toolbar\SeARchsettings.dll
d:\windows\eSellerateEngine.dll
d:\windows\htpatch .exe
d:\windows\system32\ctfmon .exe
d:\windows\system32\nerocheck .exe
d:\windows\system32\reboot.txt

.
((((((((((((((((((((((((( Files Creati Da 2010-02-21 al 2010-03-21 )))))))))))))))))))))))))))))))))))
.

2010-03-21 11:43 . 2010-03-21 11:43 388096 ----a-r- d:\documents and settings\silvia\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-21 11:43 . 2010-03-21 11:43 -------- d-----w- d:\programmi\TrendMicro
2010-03-21 11:41 . 2010-03-21 11:41 1401344 ----a-w- d:\programmi\HijackThis.msi
2010-03-20 12:34 . 2010-02-23 13:04 1664256 ----a-w- d:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar\IEToolbar.dll
2010-03-20 09:29 . 2010-03-20 09:29 -------- d-----w- d:\documents and settings\silvia\Dati applicazioni\Malwarebytes
2010-03-20 09:29 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-03-20 09:28 . 2010-03-20 09:28 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-20 09:28 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-03-20 09:28 . 2010-03-20 09:29 -------- d-----w- d:\programmi\Malwarebytes' Anti-Malware
2010-03-19 18:57 . 2010-03-19 18:57 -------- d-----w- d:\documents and settings\silvia\Impostazioni locali\Dati applicazioni\AVG Security Toolbar
2010-03-19 18:22 . 2010-03-19 18:22 -------- d-----w- D:\$AVG
2010-03-19 18:05 . 2010-03-19 18:05 242696 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-03-19 18:05 . 2010-03-19 18:05 12464 ----a-w- d:\windows\system32\avgrsstx.dll
2010-03-19 18:05 . 2010-03-19 18:05 216200 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2010-03-19 18:05 . 2010-03-19 18:05 29512 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2010-03-19 18:05 . 2010-03-21 09:38 -------- d-----w- d:\windows\system32\drivers\Avg
2010-03-19 18:05 . 2010-03-20 12:34 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar
2010-03-19 18:04 . 2010-03-19 21:06 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\avg9
2010-03-15 10:43 . 2010-02-12 10:03 293376 ------w- d:\windows\system32\browserchoice.exe
2010-03-11 11:32 . 2009-10-23 15:28 3558912 -c----w- d:\windows\system32\dllcache\moviemk.exe
2010-03-09 09:17 . 2009-03-30 00:04 39424 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX610FW Series\Language\0410.E_HBE0J7.DLL
2010-03-09 08:34 . 2010-03-19 14:17 439816 ----a-w- d:\documents and settings\silvia\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-03-08 15:32 . 2010-03-08 15:32 439816 ----a-w- d:\documents and settings\monti\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-02-28 17:49 . 2010-02-28 17:50 -------- d-----w- d:\documents and settings\monti\Dati applicazioni\Epson
2010-02-28 17:17 . 2007-09-07 16:33 135168 ----a-w- d:\windows\system32\EEBAPI.dll
2010-02-28 17:17 . 2007-03-28 17:26 65536 ----a-w- d:\windows\system32\EEBUtil.dll
2010-02-28 17:17 . 2006-12-19 17:31 110592 ----a-w- d:\windows\system32\EEBDSCVR.dll
2010-02-28 17:17 . 2006-12-19 17:20 77824 ----a-w- d:\windows\system32\EBAPI.dll
2010-02-28 17:17 . 2003-12-17 00:01 55808 ----a-w- d:\windows\system32\EEBSDKIF.dll
2010-02-28 16:56 . 2008-11-13 07:04 296960 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX610FW Series\Language\0410.E_DIX0RE.DLL
2010-02-28 16:40 . 2009-03-30 05:04 60928 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX610FW Series\Language\0410.E_SBE0J7.DLL
2010-02-28 16:40 . 2007-12-17 04:00 143872 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40ST7.EXE
2010-02-28 16:40 . 2007-01-11 04:02 113664 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2010-02-28 16:39 . 2008-11-13 07:04 212992 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX610FW Series\Language\0410.E_DI0FAE.DLL
2010-02-28 16:39 . 2007-04-10 01:06 8192 ----a-w- d:\windows\system32\E_DCINST.DLL
2010-02-28 16:39 . 2008-11-12 03:00 93696 ----a-w- d:\windows\system32\E_FLBFJE.DLL
2010-02-28 16:39 . 2008-11-12 03:00 79360 ----a-w- d:\windows\system32\E_FD4BFJE.DLL
2010-02-28 16:39 . 2008-04-13 18:47 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2010-02-28 16:39 . 2008-04-13 18:47 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
2010-02-28 16:39 . 2008-04-13 18:45 32128 -c--a-w- d:\windows\system32\dllcache\usbccgp.sys
2010-02-28 16:39 . 2008-04-13 18:45 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys
2010-02-28 16:32 . 2010-02-28 16:32 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\UDL
2010-02-28 16:28 . 2010-02-28 16:29 -------- d-----w- d:\programmi\ABBYY FineReader 6.0 Sprint
2010-02-28 16:27 . 2010-02-28 16:37 -------- d-----w- d:\documents and settings\silvia\Dati applicazioni\Epson
2010-02-28 16:27 . 2010-02-28 17:12 -------- d-----w- d:\programmi\Epson Software
2010-02-28 16:26 . 2008-12-01 12:00 457611 ----a-w- d:\windows\system32\ensppui.dll
2010-02-28 16:26 . 2008-12-01 12:00 457611 ----a-w- d:\windows\system32\enppui.dll
2010-02-28 16:26 . 2008-12-01 11:58 474892 ----a-w- d:\windows\system32\ensppmon.dll
2010-02-28 16:26 . 2008-12-01 11:58 474892 ----a-w- d:\windows\system32\enppmon.dll
2010-02-28 16:26 . 2008-05-14 18:22 250368 ----a-w- d:\windows\system32\enspres.dll
2010-02-28 16:26 . 2008-05-14 18:22 250368 ----a-w- d:\windows\system32\enpres.dll
2010-02-28 16:26 . 2010-02-28 17:17 -------- d-----w- d:\programmi\File comuni\EPSON
2010-02-28 16:25 . 2010-02-28 16:26 -------- d-----w- d:\programmi\EpsonNet
2010-02-28 16:21 . 2010-02-28 16:40 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\EPSON
2010-02-28 16:21 . 2008-11-16 23:00 342016 ----a-w- d:\windows\system32\eswiaud.dll
2010-02-28 16:21 . 2006-08-25 00:00 9216 ----a-w- d:\windows\system32\escdev.dll
2010-02-28 15:50 . 2010-02-28 17:07 -------- d-----w- d:\programmi\EPSON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-03-21 19:05 . 2009-04-12 11:03 -------- d-----w- d:\programmi\pdfforge Toolbar
2010-03-19 18:04 . 2008-08-26 13:06 -------- d-----w- d:\programmi\AVG
2010-03-18 09:31 . 2008-01-11 15:16 -------- d-----w- d:\documents and settings\monti\Dati applicazioni\OpenOffice.org2
2010-03-11 11:34 . 2009-11-24 17:38 79488 ----a-w- d:\documents and settings\monti\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-09 08:34 . 2009-11-24 19:36 79488 ----a-w- d:\documents and settings\silvia\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-28 16:31 . 2007-04-09 10:25 -------- d--h--w- d:\programmi\InstallShield Installation Information
2010-02-28 16:30 . 2007-04-09 10:25 -------- d-----w- d:\programmi\File comuni\InstallShield
2010-02-28 16:22 . 2010-02-28 16:22 -------- d-----w- d:\documents and settings\silvia\Dati applicazioni\InstallShield
2010-02-28 16:01 . 2007-04-09 16:03 -------- d-----w- d:\programmi\Hewlett-Packard
2010-02-20 20:46 . 2007-04-10 21:26 28064 ----a-w- d:\documents and settings\monti\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-17 17:21 . 2007-04-09 13:42 28064 ----a-w- d:\documents and settings\silvia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-17 17:19 . 2010-01-10 12:57 -------- d-----w- d:\programmi\MSECache
2010-02-12 17:31 . 2010-02-12 17:31 50354 ----a-w- d:\documents and settings\silvia\Dati applicazioni\Facebook\uninstall.exe
2010-02-12 17:31 . 2010-02-12 17:31 -------- d-----w- d:\documents and settings\silvia\Dati applicazioni\Facebook
2010-02-06 19:28 . 2010-02-06 19:28 -------- d-----w- d:\documents and settings\silvia\Dati applicazioni\Kangourou
2010-02-05 21:17 . 2010-02-05 21:17 -------- d-----w- d:\documents and settings\monti\Dati applicazioni\Kangourou
2010-02-05 21:17 . 2010-02-05 21:17 -------- d-----w- d:\programmi\Kangourou
2010-02-05 19:05 . 2007-06-10 12:22 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-02-05 18:58 . 2007-06-09 12:51 -------- d-----w- d:\programmi\Messenger Plus! Live
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- d:\documents and settings\silvia\Dati applicazioni\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- d:\documents and settings\silvia\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
2010-01-24 15:52 . 2008-08-11 18:47 -------- d-----w- d:\programmi\Microsoft Silverlight
2009-12-31 16:50 . 2002-09-10 12:00 353792 ----a-w- d:\windows\system32\drivers\srv.sys
.

codice:

<pre>
d:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
</pre>

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PC Suite Tray"="d:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" [N/A]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"TkBellExe"="d:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-06-26 185784]
"QuickTime Task"="d:\programmi\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="d:\programmi\iTunes\iTunesHelper.e xe" [2007-09-26 267064]
"NWEReboot"="" [N/A]
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="d:\programmi\Java\jre6\bin\j usched.exe" [2009-03-09 148888]
"FUFAXSTM"="d:\programmi\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-05 843776]
"EEventManager"="d:\progra~1\EPSONS~1\EVENTM~1\EEv entManager.exe" [2009-01-12 669520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="d:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [N/A]

d:\documents and settings\monti\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.2.lnk - d:\programmi\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Belkin Wireless USB Utility.lnk - d:\programmi\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-19 18:05 12464 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

**silvia_rm** · 21-03-2010, 21:29

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite XIb\\RpcSandraSrv.exe"=
"d:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite XIb\\Win32\\RpcDataSrv.exe"=
"d:\\Programmi\\iTunes\\iTunes.exe"=
"d:\\Programmi\\eMule\\emule.exe"=
"d:\\Programmi\\OpenVPN\\bin\\openvpn.exe"=
"d:\\WINDOWS\\system32\\rtcshare.exe"=
"d:\\Programmi\\NetMeeting\\conf.exe"=
"d:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"d:\\Programmi\\Messenger\\msmsgs.exe"=
"d:\\Programmi\\Belkin\\USB F5D7050\\Wireless Utility\\Belkinwcui.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Programmi\\MATLAB\\R2008a\\bin\\win32\\MATLAB .exe"=
"d:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=
"d:\\Programmi\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"d:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"d:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [19/03/2010 19:05 216200]
R1 AvgTdiX;AVG Free Network Redirector;d:\windows\system32\drivers\avgtdix.sys [19/03/2010 19:05 242696]
R1 vcdrom;Virtual CD-ROM Device Driver;d:\apps\WinXPVirtualCdControlPanel\VCdRom.s ys [19/12/2001 10:45 8576]
R2 avg9wd;AVG Free WatchDog;d:\programmi\AVG\AVG9\avgwdsvc.exe [19/03/2010 19:04 308064]
R3 Ndisusb;GeneLink Network Driver;d:\windows\system32\drivers\genelan.sys [09/04/2007 14:50 12160]
R3 tap0801;TAP-Win32 Adapter V8;d:\windows\system32\drivers\tap0801.sys [01/10/2006 13:37 26624]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;d:\programmi\AVG\AVG9\Toolbar\ToolbarBroke r.exe [19/03/2010 19:05 369920]
S3 pwalker;Process Walker Driver;\??\d:\docume~1\silvia\IMPOST~1\Temp\nsaB.t mp\pwalker.sys --> d:\docume~1\silvia\IMPOST~1\Temp\nsaB.tmp\pwalker. sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\ScreamingBAudio. sys --> d:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 USBHSB;GeneLink USB Driver;d:\windows\system32\drivers\glkusb.sys [09/04/2007 14:50 10752]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-03 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-03-20 d:\windows\Tasks\Epson Printer Software Downloader.job
- d:\programmi\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 14:03]
.
.

------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - d:\documents and settings\silvia\Dati applicazioni\Mozilla\Firefox\Profiles\4lcs3cx2.def ault\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: d:\programmi\AVG\AVG9\Firefox\components\avgssff.d ll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\ components\IGeared_tavgp_xputils2.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\ components\IGeared_tavgp_xputils3.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\ components\IGeared_tavgp_xputils35.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\ components\xpavgtbapi.dll
FF - plugin: d:\documents and settings\silvia\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
FF - plugin: d:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\nprinera.dll
FF - plugin: d:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trued:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-WinImage - d:\documents and settings\andrea\Desktop\winima80\winimage.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 20:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="D?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
Ora fine scansione: 2010-03-21 20:15:59
ComboFix-quarantined-files.txt 2010-03-21 19:15

Pre-Run: 13.746.806.784 byte disponibili
Post-Run: 13.937.766.400 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - BE9D564B36E44EEC9438E018192E9856

**menatwork** · 21-03-2010, 21:52

il tuo S.O. in che unita' e'?

vai qui e analizza questi file , cerca di darmi il rapporto di tutti e tre facendo una distinzione

d:\windows\system32\E_FLBFJE.DLL

d:\windows\system32\EEBDSCVR.dll

d:\windows\system32\EEBSDKIF.dll

collegati in questo sito usando il browser Internet explorer e fai una scansione del sistema

posta il rapporto che rilascia

**silvia_rm** · 21-03-2010, 22:37

per questo file:
d:\windows\system32\E_FLBFJE.DLL

http://www.virustotal.com/it/analisi...c88-1269201389

d:\windows\system32\EEBDSCVR.dll

http://www.virustotal.com/it/analisi...7e8-1262534536

d:\windows\system32\EEBSDKIF.dll

http://www.virustotal.com/it/analisi...7e8-1262534536

poi ti posto il risultato di kaspersky
il s.o. ce lo dovrei avere in D

**menatwork** · 21-03-2010, 22:46

con kaspersky scansione l'unita' C: e D: vorrei il controllo di tutte e due le unita'

**silvia_rm** · 21-03-2010, 23:13

ci sta mettendo un'infinità...
:-(

Discussione: virus: csrcs.exe usbdrv.exe

Strumenti discussione

Ricerca discussione

Visualizza

virus: csrcs.exe usbdrv.exe

Permessi di invio