virus: csrcs.exe usbdrv.exe

**silvia_rm** · 21-03-2010, 21:29

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite XIb\\RpcSandraSrv.exe"=
"d:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite XIb\\Win32\\RpcDataSrv.exe"=
"d:\\Programmi\\iTunes\\iTunes.exe"=
"d:\\Programmi\\eMule\\emule.exe"=
"d:\\Programmi\\OpenVPN\\bin\\openvpn.exe"=
"d:\\WINDOWS\\system32\\rtcshare.exe"=
"d:\\Programmi\\NetMeeting\\conf.exe"=
"d:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"d:\\Programmi\\Messenger\\msmsgs.exe"=
"d:\\Programmi\\Belkin\\USB F5D7050\\Wireless Utility\\Belkinwcui.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Programmi\\MATLAB\\R2008a\\bin\\win32\\MATLAB .exe"=
"d:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=
"d:\\Programmi\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"d:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"d:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [19/03/2010 19:05 216200]
R1 AvgTdiX;AVG Free Network Redirector;d:\windows\system32\drivers\avgtdix.sys [19/03/2010 19:05 242696]
R1 vcdrom;Virtual CD-ROM Device Driver;d:\apps\WinXPVirtualCdControlPanel\VCdRom.s ys [19/12/2001 10:45 8576]
R2 avg9wd;AVG Free WatchDog;d:\programmi\AVG\AVG9\avgwdsvc.exe [19/03/2010 19:04 308064]
R3 Ndisusb;GeneLink Network Driver;d:\windows\system32\drivers\genelan.sys [09/04/2007 14:50 12160]
R3 tap0801;TAP-Win32 Adapter V8;d:\windows\system32\drivers\tap0801.sys [01/10/2006 13:37 26624]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;d:\programmi\AVG\AVG9\Toolbar\ToolbarBroke r.exe [19/03/2010 19:05 369920]
S3 pwalker;Process Walker Driver;\??\d:\docume~1\silvia\IMPOST~1\Temp\nsaB.t mp\pwalker.sys --> d:\docume~1\silvia\IMPOST~1\Temp\nsaB.tmp\pwalker. sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\ScreamingBAudio. sys --> d:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 USBHSB;GeneLink USB Driver;d:\windows\system32\drivers\glkusb.sys [09/04/2007 14:50 10752]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-03 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-03-20 d:\windows\Tasks\Epson Printer Software Downloader.job
- d:\programmi\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 14:03]
.
.

------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - d:\documents and settings\silvia\Dati applicazioni\Mozilla\Firefox\Profiles\4lcs3cx2.def ault\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: d:\programmi\AVG\AVG9\Firefox\components\avgssff.d ll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\ components\IGeared_tavgp_xputils2.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\ components\IGeared_tavgp_xputils3.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\ components\IGeared_tavgp_xputils35.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\ components\xpavgtbapi.dll
FF - plugin: d:\documents and settings\silvia\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
FF - plugin: d:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\nprinera.dll
FF - plugin: d:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trued:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-WinImage - d:\documents and settings\andrea\Desktop\winima80\winimage.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 20:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="D?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
Ora fine scansione: 2010-03-21 20:15:59
ComboFix-quarantined-files.txt 2010-03-21 19:15

Pre-Run: 13.746.806.784 byte disponibili
Post-Run: 13.937.766.400 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - BE9D564B36E44EEC9438E018192E9856

Discussione: virus: csrcs.exe usbdrv.exe

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio