virus: csrcs.exe usbdrv.exe

**silvia_rm** · 21-03-2010, 21:26

ComboFix 10-03-20.06 - silvia 21/03/2010 19:48:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.767.358 [GMT 1:00]
Eseguito da: d:\documents and settings\silvia\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

C:\Autorun.inf
d:\documents and settings\monti\Cookies\hpothb07.dat
d:\programmi\pdfforge Toolbar\SeARchsettings.dll
d:\windows\eSellerateEngine.dll
d:\windows\htpatch .exe
d:\windows\system32\ctfmon .exe
d:\windows\system32\nerocheck .exe
d:\windows\system32\reboot.txt

.
((((((((((((((((((((((((( Files Creati Da 2010-02-21 al 2010-03-21 )))))))))))))))))))))))))))))))))))
.

2010-03-21 11:43 . 2010-03-21 11:43 388096 ----a-r- d:\documents and settings\silvia\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-21 11:43 . 2010-03-21 11:43 -------- d-----w- d:\programmi\TrendMicro
2010-03-21 11:41 . 2010-03-21 11:41 1401344 ----a-w- d:\programmi\HijackThis.msi
2010-03-20 12:34 . 2010-02-23 13:04 1664256 ----a-w- d:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar\IEToolbar.dll
2010-03-20 09:29 . 2010-03-20 09:29 -------- d-----w- d:\documents and settings\silvia\Dati applicazioni\Malwarebytes
2010-03-20 09:29 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-03-20 09:28 . 2010-03-20 09:28 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-20 09:28 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-03-20 09:28 . 2010-03-20 09:29 -------- d-----w- d:\programmi\Malwarebytes' Anti-Malware
2010-03-19 18:57 . 2010-03-19 18:57 -------- d-----w- d:\documents and settings\silvia\Impostazioni locali\Dati applicazioni\AVG Security Toolbar
2010-03-19 18:22 . 2010-03-19 18:22 -------- d-----w- D:\$AVG
2010-03-19 18:05 . 2010-03-19 18:05 242696 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-03-19 18:05 . 2010-03-19 18:05 12464 ----a-w- d:\windows\system32\avgrsstx.dll
2010-03-19 18:05 . 2010-03-19 18:05 216200 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2010-03-19 18:05 . 2010-03-19 18:05 29512 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2010-03-19 18:05 . 2010-03-21 09:38 -------- d-----w- d:\windows\system32\drivers\Avg
2010-03-19 18:05 . 2010-03-20 12:34 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar
2010-03-19 18:04 . 2010-03-19 21:06 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\avg9
2010-03-15 10:43 . 2010-02-12 10:03 293376 ------w- d:\windows\system32\browserchoice.exe
2010-03-11 11:32 . 2009-10-23 15:28 3558912 -c----w- d:\windows\system32\dllcache\moviemk.exe
2010-03-09 09:17 . 2009-03-30 00:04 39424 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX610FW Series\Language\0410.E_HBE0J7.DLL
2010-03-09 08:34 . 2010-03-19 14:17 439816 ----a-w- d:\documents and settings\silvia\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-03-08 15:32 . 2010-03-08 15:32 439816 ----a-w- d:\documents and settings\monti\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-02-28 17:49 . 2010-02-28 17:50 -------- d-----w- d:\documents and settings\monti\Dati applicazioni\Epson
2010-02-28 17:17 . 2007-09-07 16:33 135168 ----a-w- d:\windows\system32\EEBAPI.dll
2010-02-28 17:17 . 2007-03-28 17:26 65536 ----a-w- d:\windows\system32\EEBUtil.dll
2010-02-28 17:17 . 2006-12-19 17:31 110592 ----a-w- d:\windows\system32\EEBDSCVR.dll
2010-02-28 17:17 . 2006-12-19 17:20 77824 ----a-w- d:\windows\system32\EBAPI.dll
2010-02-28 17:17 . 2003-12-17 00:01 55808 ----a-w- d:\windows\system32\EEBSDKIF.dll
2010-02-28 16:56 . 2008-11-13 07:04 296960 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX610FW Series\Language\0410.E_DIX0RE.DLL
2010-02-28 16:40 . 2009-03-30 05:04 60928 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX610FW Series\Language\0410.E_SBE0J7.DLL
2010-02-28 16:40 . 2007-12-17 04:00 143872 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40ST7.EXE
2010-02-28 16:40 . 2007-01-11 04:02 113664 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2010-02-28 16:39 . 2008-11-13 07:04 212992 ----a-w- d:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX610FW Series\Language\0410.E_DI0FAE.DLL
2010-02-28 16:39 . 2007-04-10 01:06 8192 ----a-w- d:\windows\system32\E_DCINST.DLL
2010-02-28 16:39 . 2008-11-12 03:00 93696 ----a-w- d:\windows\system32\E_FLBFJE.DLL
2010-02-28 16:39 . 2008-11-12 03:00 79360 ----a-w- d:\windows\system32\E_FD4BFJE.DLL
2010-02-28 16:39 . 2008-04-13 18:47 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2010-02-28 16:39 . 2008-04-13 18:47 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
2010-02-28 16:39 . 2008-04-13 18:45 32128 -c--a-w- d:\windows\system32\dllcache\usbccgp.sys
2010-02-28 16:39 . 2008-04-13 18:45 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys
2010-02-28 16:32 . 2010-02-28 16:32 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\UDL
2010-02-28 16:28 . 2010-02-28 16:29 -------- d-----w- d:\programmi\ABBYY FineReader 6.0 Sprint
2010-02-28 16:27 . 2010-02-28 16:37 -------- d-----w- d:\documents and settings\silvia\Dati applicazioni\Epson
2010-02-28 16:27 . 2010-02-28 17:12 -------- d-----w- d:\programmi\Epson Software
2010-02-28 16:26 . 2008-12-01 12:00 457611 ----a-w- d:\windows\system32\ensppui.dll
2010-02-28 16:26 . 2008-12-01 12:00 457611 ----a-w- d:\windows\system32\enppui.dll
2010-02-28 16:26 . 2008-12-01 11:58 474892 ----a-w- d:\windows\system32\ensppmon.dll
2010-02-28 16:26 . 2008-12-01 11:58 474892 ----a-w- d:\windows\system32\enppmon.dll
2010-02-28 16:26 . 2008-05-14 18:22 250368 ----a-w- d:\windows\system32\enspres.dll
2010-02-28 16:26 . 2008-05-14 18:22 250368 ----a-w- d:\windows\system32\enpres.dll
2010-02-28 16:26 . 2010-02-28 17:17 -------- d-----w- d:\programmi\File comuni\EPSON
2010-02-28 16:25 . 2010-02-28 16:26 -------- d-----w- d:\programmi\EpsonNet
2010-02-28 16:21 . 2010-02-28 16:40 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\EPSON
2010-02-28 16:21 . 2008-11-16 23:00 342016 ----a-w- d:\windows\system32\eswiaud.dll
2010-02-28 16:21 . 2006-08-25 00:00 9216 ----a-w- d:\windows\system32\escdev.dll
2010-02-28 15:50 . 2010-02-28 17:07 -------- d-----w- d:\programmi\EPSON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-03-21 19:05 . 2009-04-12 11:03 -------- d-----w- d:\programmi\pdfforge Toolbar
2010-03-19 18:04 . 2008-08-26 13:06 -------- d-----w- d:\programmi\AVG
2010-03-18 09:31 . 2008-01-11 15:16 -------- d-----w- d:\documents and settings\monti\Dati applicazioni\OpenOffice.org2
2010-03-11 11:34 . 2009-11-24 17:38 79488 ----a-w- d:\documents and settings\monti\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-09 08:34 . 2009-11-24 19:36 79488 ----a-w- d:\documents and settings\silvia\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-28 16:31 . 2007-04-09 10:25 -------- d--h--w- d:\programmi\InstallShield Installation Information
2010-02-28 16:30 . 2007-04-09 10:25 -------- d-----w- d:\programmi\File comuni\InstallShield
2010-02-28 16:22 . 2010-02-28 16:22 -------- d-----w- d:\documents and settings\silvia\Dati applicazioni\InstallShield
2010-02-28 16:01 . 2007-04-09 16:03 -------- d-----w- d:\programmi\Hewlett-Packard
2010-02-20 20:46 . 2007-04-10 21:26 28064 ----a-w- d:\documents and settings\monti\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-17 17:21 . 2007-04-09 13:42 28064 ----a-w- d:\documents and settings\silvia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-17 17:19 . 2010-01-10 12:57 -------- d-----w- d:\programmi\MSECache
2010-02-12 17:31 . 2010-02-12 17:31 50354 ----a-w- d:\documents and settings\silvia\Dati applicazioni\Facebook\uninstall.exe
2010-02-12 17:31 . 2010-02-12 17:31 -------- d-----w- d:\documents and settings\silvia\Dati applicazioni\Facebook
2010-02-06 19:28 . 2010-02-06 19:28 -------- d-----w- d:\documents and settings\silvia\Dati applicazioni\Kangourou
2010-02-05 21:17 . 2010-02-05 21:17 -------- d-----w- d:\documents and settings\monti\Dati applicazioni\Kangourou
2010-02-05 21:17 . 2010-02-05 21:17 -------- d-----w- d:\programmi\Kangourou
2010-02-05 19:05 . 2007-06-10 12:22 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-02-05 18:58 . 2007-06-09 12:51 -------- d-----w- d:\programmi\Messenger Plus! Live
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- d:\documents and settings\silvia\Dati applicazioni\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- d:\documents and settings\silvia\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
2010-01-24 15:52 . 2008-08-11 18:47 -------- d-----w- d:\programmi\Microsoft Silverlight
2009-12-31 16:50 . 2002-09-10 12:00 353792 ----a-w- d:\windows\system32\drivers\srv.sys
.

codice:

<pre>
d:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
</pre>

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PC Suite Tray"="d:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" [N/A]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"TkBellExe"="d:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-06-26 185784]
"QuickTime Task"="d:\programmi\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="d:\programmi\iTunes\iTunesHelper.e xe" [2007-09-26 267064]
"NWEReboot"="" [N/A]
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="d:\programmi\Java\jre6\bin\j usched.exe" [2009-03-09 148888]
"FUFAXSTM"="d:\programmi\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-05 843776]
"EEventManager"="d:\progra~1\EPSONS~1\EVENTM~1\EEv entManager.exe" [2009-01-12 669520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="d:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [N/A]

d:\documents and settings\monti\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.2.lnk - d:\programmi\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Belkin Wireless USB Utility.lnk - d:\programmi\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-19 18:05 12464 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

Discussione: virus: csrcs.exe usbdrv.exe

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio