Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

spooldr.sys infetto

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

spooldr.sys infetto

Postdi daviejones » 17/09/09 08:19

Salve a tutti
Ieri ho notato un avvio ed utilizzo anomalo della piattaforma Java in concomitanza con l'utilizzo del browser.
Poco dopo il sistema si è arrestato riportando nella blu screen "Stop: OxOOOOOOC5" .
Al riavvio mi è stato notificato che il problema risiede nel file spooldr.sys , quest'ultimo infettato dal Trojan.Packed.13 .

Ho eseguito un po' di scansioni con AVG e spybot ma non riesco a trovarlo. Ho iniziato a controllare anche con malwarebyte's e a-squared ma non sono andate a buon fine a causa di crash di sistema (per lo stesso errore)

Se mi poteste controllare i log di hijack e Sdfix... o magari indirizzarmi ad un tool specifico di rimozione

Grazie mille


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.22.33, on 16/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\NETGEAR\WN111v2\jswpsapi.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\NETGEAR\WN111v2\WN111V2.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\chillon\Desktop\sicurezza\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Programmi\NETGEAR\WN111v2\WN111V2.exe
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/dat ... _en_US.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2224921875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/on ... /fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E07ABC30-2CCF-48EB-9E90-8ACE9EA5647B}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Programmi\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9771 bytes




SDFix: Version 1.240
Run by Chillon on 16/09/2009 at 10.45

Microsoft Windows XP [Versione 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 11:11:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583c3973f]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fd,b6,68,a7,4d,82,5c,2e,21,7f,e1,c5,54,bc,83,9d,1e,38,56,b6,9b,..
"p0"="C:\Programmi\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,04,0b,59,5f,25,ba,41,2c,e4,0f,d1,0f,b8,f1,66,0c,8a,..
"khjeh"=hex:ec,b7,3c,fb,22,ca,8d,84,31,4c,9f,9a,f9,f4,77,48,20,bf,eb,b3,ee,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c3,12,d1,b0,b6,aa,f1,8a,2a,f6,22,25,1d,e6,0e,c3,14,57,69,9b,ab,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:01,6a,72,37,3b,bb,4f,fc,aa,8c,58,96,46,17,a5,bc,96,a3,dd,04,df,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583c3973f]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fd,b6,68,a7,4d,82,5c,2e,21,7f,e1,c5,54,bc,83,9d,1e,38,56,b6,9b,..
"p0"="C:\Programmi\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,04,0b,59,5f,25,ba,41,2c,e4,0f,d1,0f,b8,f1,66,0c,8a,..
"khjeh"=hex:ec,b7,3c,fb,22,ca,8d,84,31,4c,9f,9a,f9,f4,77,48,20,bf,eb,b3,ee,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c3,12,d1,b0,b6,aa,f1,8a,2a,f6,22,25,1d,e6,0e,c3,14,57,69,9b,ab,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:01,6a,72,37,3b,bb,4f,fc,aa,8c,58,96,46,17,a5,bc,96,a3,dd,04,df,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e7,8e,29,21,c3,1f,26,7e,0d,16,c5,38,80,1a,8c,ea,b6,51,57,e7,5b,..
"p0"="C:\Programmi\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,04,0b,59,5f,25,ba,41,2c,e4,0f,d1,0f,b8,f1,66,0c,8a,..
"khjeh"=hex:ec,b7,3c,fb,22,ca,8d,84,31,4c,9f,9a,f9,f4,77,48,20,bf,eb,b3,ee,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ae,c5,d2,df,34,61,80,2b,b5,ac,e0,54,74,6a,a6,c8,a4,5a,37,c3,ff,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:01,6a,72,37,3b,bb,4f,fc,aa,8c,58,96,46,17,a5,bc,96,a3,dd,04,df,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Windows Live\\Mail\\wlmail.exe"="C:\\Programmi\\Windows Live\\Mail\\wlmail.exe:*:Enabled:Windows Live Mail"
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programmi\\BitTorrent\\bittorrent.exe"="C:\\Programmi\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"="C:\\Programmi\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"="C:\\Programmi\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"="C:\\Programmi\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Programmi\\uTorrent\\uTorrent.exe"="C:\\Programmi\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 14 Apr 2008 60,416 A.SH. --- "C:\Programmi\Outlook Express\msimn.exe"
Mon 7 Sep 2009 1,570,648 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\advcheck.dll"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe"
Mon 11 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 20 Aug 2004 60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe"
Tue 5 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!
Davie Jones


...ho attraversato gli oceani del tempo per trovarti....
Avatar utente
daviejones
Utente Junior
 
Post: 17
Iscritto il: 24/01/08 19:30
Località: Torino

Sponsor
 

Re: spooldr.sys infetto

Postdi Luke57 » 17/09/09 18:24

Ciao, Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disconnettiti da internet e disattiva l'antivirus
Lascia lavorare il programma senza interferire (non installare la recovery console)
Allega il rapporto C:\ComboFix.txt nella tua risposta.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: spooldr.sys infetto

Postdi daviejones » 17/09/09 19:40

Ciao, grazie della risposta...
ecco il report di combofix:

ComboFix 09-09-16.05 - Chillon 17/09/2009 20.16.28.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1279.839 [GMT 2:00]
Eseguito da: c:\documents and settings\Chillon\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\4b4e8.msp
c:\windows\Installer\4b4fe.msp
c:\windows\Installer\eaf791.msp
c:\windows\Installer\eaf7a7.msp

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Creati Da 2009-08-17 al 2009-09-17 )))))))))))))))))))))))))))))))))))
.

2009-09-16 15:48 . 2009-09-16 15:51 -------- d-----w- c:\programmi\WinClamAVShield
2009-09-16 15:41 . 2009-09-16 15:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-09-16 15:41 . 2009-09-16 15:44 -------- d-----w- c:\documents and settings\Chillon\Dati applicazioni\Spyware Terminator
2009-09-16 15:40 . 2009-09-16 15:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-09-16 15:40 . 2009-09-17 07:09 -------- d-----w- c:\programmi\Spyware Terminator
2009-09-16 08:43 . 2009-09-16 08:43 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-09-16 08:40 . 2009-09-16 08:40 -------- d-----w- c:\windows\ERUNT
2009-09-16 08:39 . 2009-09-16 09:17 -------- d-----w- C:\SDFix
2009-09-13 15:10 . 2009-09-13 15:10 -------- d-----w- C:\c03acef07eb40c1d3e
2009-09-09 14:15 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\programmi\Patrician III - Impero dei Mari
2009-08-31 06:15 . 2009-08-31 06:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-30 19:26 . 2009-08-30 19:26 -------- d-----w- c:\programmi\Advanced IP Scanner
2009-08-30 18:56 . 2009-08-30 18:58 -------- d-----w- c:\documents and settings\Chillon\Dati applicazioni\GlarySoft
2009-08-30 18:56 . 2009-08-30 18:56 -------- d-----w- c:\programmi\Absolute Uninstaller
2009-08-28 12:12 . 2009-08-28 12:12 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-08-28 08:50 . 2007-12-14 02:31 57408 ----a-w- c:\windows\system32\drivers\wsimd.sys
2009-08-23 14:25 . 2009-08-23 14:25 -------- d-----w- c:\programmi\Atheros

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 10:58 . 2009-02-08 18:49 -------- d-----w- c:\programmi\a-squared Free
2009-09-16 14:50 . 2008-02-07 10:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-16 09:49 . 2008-09-06 09:18 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-09-16 07:40 . 2008-02-07 10:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-09-16 06:56 . 2008-08-23 20:30 -------- d-----w- c:\programmi\PeerGuardian2
2009-09-13 15:11 . 2008-02-05 21:50 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-13 15:09 . 2008-02-05 18:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-09-10 12:54 . 2008-09-06 09:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-09-06 09:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 11:06 . 2008-02-08 15:31 -------- d-----w- c:\documents and settings\Chillon\Dati applicazioni\uTorrent
2009-09-09 13:28 . 2008-10-03 13:52 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-09-08 11:18 . 2008-02-08 21:29 -------- d-----w- c:\programmi\KeePass Password Safe
2009-09-08 11:16 . 2008-02-08 16:19 -------- d-----w- c:\programmi\PhotoFiltre
2009-09-08 11:13 . 2008-02-21 12:10 -------- d--h--w- c:\programmi\FX Uninstall Information
2009-09-05 18:39 . 2008-03-01 08:05 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-09-05 18:38 . 2008-03-01 08:05 -------- d-----w- c:\programmi\SpywareBlaster
2009-08-31 06:14 . 2008-02-14 10:57 -------- d-----w- c:\programmi\Java
2009-08-29 12:43 . 2009-06-22 18:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 12:43 . 2009-06-22 18:31 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 12:43 . 2009-06-22 18:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-28 12:13 . 2008-03-28 16:51 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-08-28 12:13 . 2008-03-28 16:51 -------- d-----w- c:\documents and settings\Chillon\Dati applicazioni\SUPERAntiSpyware.com
2009-08-28 12:11 . 2008-02-09 09:30 -------- d-----w- c:\programmi\Sitecom
2009-08-28 10:59 . 2008-02-05 15:00 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-05 08:59 . 2003-04-08 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 09:43 . 2009-07-31 09:43 -------- d--h--r- c:\documents and settings\All Users\Dati applicazioni\Atheros
2009-07-31 09:38 . 2009-07-31 09:38 -------- d-----w- c:\programmi\NETGEAR
2009-07-31 09:38 . 2009-07-31 09:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NETGEAR
2009-07-29 18:18 . 2009-07-08 14:03 -------- d-----w- c:\programmi\Port Royale 2
2009-07-17 19:01 . 2003-04-08 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-19 22:39 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-13 13:08 . 2008-02-05 16:14 71968 ----a-w- c:\documents and settings\Chillon\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-06 19:34 . 2008-11-16 12:13 71968 ----a-w- c:\documents and settings\Anna\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-29 15:55 . 2006-06-23 12:28 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2009-04-29 17:15 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2003-04-08 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2003-04-08 12:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2003-04-08 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2003-04-08 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2003-04-08 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2003-04-08 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2003-04-08 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 18:31 . 2009-06-22 18:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2004-08-19 22:39 . 2008-02-07 18:09 60416 --sha-w- c:\windows\BricoPacks\SysFiles\80_msimn.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-18 981384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-29 2007832]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-09-16 2171904]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-11-11 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2008-6-14 805392]
NETGEAR WN111v2 Smart Wizard.lnk - c:\programmi\NETGEAR\WN111v2\WN111V2.exe [2009-3-25 1503290]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 12:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk]
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
backup=c:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cldjfogn
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gusvc"=3 (0x3)
"PnkBstrB"=2 (0x2)
"aawservice"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Mail\\wlmail.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:emule plus
"1756:TCP"= 1756:TCP:emule plus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/06/2009 20.31.51 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/06/2009 20.31.57 108552]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16.06.28 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16.06.28 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [16/09/2009 17.41.06 142592]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22/06/2009 20.31.33 297752]
R2 jswpsapi;Jumpstart Wifi Protected Setup;c:\programmi\NETGEAR\WN111v2\jswpsapi.exe [27/02/2008 11.54.52 360547]
R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [08/04/2003 14.00.00 14336]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 16.45.52 57440]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [28/08/2009 10.50.25 57408]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12.10.34 17149]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [06/09/2008 11.18.16 38224]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16.06.30 7408]
S3 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12.38.14 92008]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14/01/2009 2.23.00 458752]
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1844237615-725345543-1004Core.job
- c:\documents and settings\Chillon\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-02-28 12:06]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1844237615-725345543-1004UA.job
- c:\documents and settings\Chillon\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-02-28 12:06]

2009-09-17 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {E07ABC30-2CCF-48EB-9E90-8ACE9EA5647B} = 193.70.152.15,193.70.152.25
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Chillon\Dati applicazioni\Mozilla\Firefox\Profiles\4mv9ied9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Chillon\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 20:27
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1128)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2644)
c:\windows\system32\WININET.dll
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\acs.exe
c:\programmi\a-squared Free\a2service.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\snmp.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Ora fine scansione: 2009-09-17 20.35.47 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-09-17 18:35

Pre-Run: 95.523.848.192 byte disponibili
Post-Run: 95.522.324.480 byte disponibili

276 --- E O F --- 2009-08-26 14:00


Come mi devo muovere ora ?
Davie Jones


...ho attraversato gli oceani del tempo per trovarti....
Avatar utente
daviejones
Utente Junior
 
Post: 17
Iscritto il: 24/01/08 19:30
Località: Torino


Torna a Sicurezza e Privacy


Topic correlati a "spooldr.sys infetto":


Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti