Immediately I suspected a virus had installed in my computer - so I run the Combofix tool -
The message didn't pop up again after that - but, I want to be sure that the threat is removed -
Here is the LOG from the Combofix tool
ComboFix 10-11-09.02 - cpignatale 10/11/2010 12.40.48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2002.1126 [GMT 1:00]
Eseguito da: c:\documents and settings\CPignatale\Desktop\ComboFix.exe
AV: eTrust ITM *On-access scanning disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\CPignatale\Dati applicazioni\juzjf.exe
C:\install.exe
c:\programmi\Advanced IP Address Calculator 1.1\tbunsx14C.tmp\tbHElper.dll
c:\windows\nvsvc32.exe
c:\windows\system32\drivers\10CF_FUJITSU_FTS_LIFEBOOK S6420_PI_FUJITSU_FJNB1E6_Version 1.31_FSC - 1310000_Version 1.31 .MRK
c:\windows\system32\UNWISE.EXE
.
((((((((((((((((((((((((( Files Creati Da 2010-10-10 al 2010-11-10 )))))))))))))))))))))))))))))))))))
.
2010-11-10 09:36 . 2010-11-10 11:36 258 ----a-w- C:\jshd.exe
2010-11-09 15:24 . 2010-11-09 15:24 256 ----a-w- C:\2xhs.exe
2010-10-28 10:36 . 2010-10-28 10:36 -------- d-----w- c:\programmi\Microsoft
2010-10-28 10:35 . 2010-10-28 10:36 -------- d-----w- c:\programmi\Windows Live
2010-10-27 10:57 . 2010-10-27 10:57 -------- d-----w- c:\programmi\File comuni\Java
2010-10-11 12:08 . 2010-10-11 12:08 -------- d-----w- c:\documents and settings\CPignatale\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 02:50 . 2010-06-09 12:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2010-06-09 12:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\programmi\Advanced IP Address Calculator 1.1\tbunsx14C.tmp\tbcore3.dll" [2010-03-26 2550272]
[HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\programmi\Advanced IP Address Calculator 1.1\tbunsx14C.tmp\tbcore3.dll" [2010-03-26 2550272]
[HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Google Update"="c:\documents and settings\CPignatale\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-01-21 135664]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\programmi\Fingerprint Sensor\ATSwpNav -run" [X]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 141848]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1040384]
"PSUtility"="c:\addon\Fujitsu\PSUtility\TrayManager.exe" [2008-04-17 118784]
"TvOutSwitch"="c:\addon\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2008-04-02 102400]
"LoadFUJ02E3"="c:\programmi\Fujitsu\FUJ02E3\FUJ02E3.exe" [2008-01-31 88616]
"SSUtility"="c:\addon\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 233472]
"IndicatorUtility"="c:\programmi\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-20 90112]
"LoadFujitsuQuickTouch"="c:\addon\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 353792]
"LoadBtnHnd"="c:\programmi\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"Realtime Monitor"="c:\programmi\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-04-29 2221352]
"SclStart.exe"="c:\programmi\SmartCase Logon+\System\SclStart.exe" [2009-08-06 950336]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"LogMeIn Hamachi Ui"="c:\programmi\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-100000000002}\SC_Acrobat.exe [2010-1-22 25214]
VPN Client.lnk - c:\windows\Installer\{5EF5F1C4-DA0C-406C-A0DE-70A5216B773C}\Icon3E5562ED7.ico [2010-1-19 6144]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY]
2008-04-17 13:00 32768 ----a-r- c:\windows\system32\PSUWNP.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Programmi\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Programmi\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\CPignatale\\Documenti\\Downloads\\P17535732.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1198:TCP"= 1198:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [19/01/2010 11.00.47 15656]
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [18/01/2010 17.27.11 7168]
R1 Bios;Siemens BIOS Driver;c:\windows\system32\drivers\BIOS.SYS [26/11/2008 16.16.32 6332]
R1 fcrimg4;SecureDrive;c:\windows\system32\drivers\fcrimg4.sys [15/06/2009 13.03.18 34688]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [20/05/2009 1.46.07 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\programmi\Fingerprint Sensor\AtService.exe [31/07/2009 23.11.22 1807608]
R2 cmTCS Service;cmTCS Service;c:\windows\system32\cmTCS.exe [15/05/2008 12.33.28 229376]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programmi\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 10.16.12 1107336]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 Logonuser;Logonuser;c:\programmi\SmartCase Logon+\System\logonuser.exe [24/07/2009 9.07.00 239168]
R2 SmartCaseServer;SmartCaseServer;c:\programmi\SmartCase Logon+\Password Manager\SmartCaseServer.exe [01/07/2009 14.40.00 268352]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12.31.14 92008]
R2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [09/10/2008 0.25.40 62760]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [19/01/2010 11.01.10 659328]
R3 FscGabi;FscGabi;c:\windows\system32\drivers\FscGabi.sys [05/05/2009 21.09.36 12288]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [18/01/2010 17.21.51 4864]
R3 lvvflt;Logitech Video filter;c:\windows\system32\drivers\lvVFlt.sys [18/01/2010 17.31.42 43416]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [18/01/2010 17.21.52 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [18/01/2010 17.21.52 41560]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [15/04/2010 21.56.55 136176]
S2 LvIBTSvr;Logitech IBT Service;c:\programmi\File comuni\LogiShrd\LvIBTSvr\LvIBTSvr.exe [20/06/2008 10.01.18 76312]
S3 FscBapi;FscBapi;c:\windows\system32\drivers\FscBapi.sys [05/05/2009 21.08.40 11392]
S3 SmartyLogService;SmartyLogService;c:\programmi\SmartCase Logon+\System\SmartyLog.exe [12/03/2009 14.04.26 252480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
2010-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-15 20:56]
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-15 20:56]
2010-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-220523388-1801674531-1641Core.job
- c:\documents and settings\CPignatale\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-21 14:26]
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-220523388-1801674531-1641UA.job
- c:\documents and settings\CPignatale\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-21 14:26]
2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{3C14161C-C5F2-4AA2-A00A-A1F0BE221499}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{A466AC05-7728-4DDF-8625-86A9679D23B7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.alerion.it/
uInternet Settings,ProxyOverride = *.local
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
------- Associazioni dei file -------
.
.scr=AutoCADLTScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE
**************************************************************************
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1524)
c:\programmi\SmartCase Logon+\System\SICRYPT.dll
c:\programmi\SmartCase Logon+\System\LogonPlusPBA.dll
c:\programmi\SmartCase Logon+\System\SicryptBioAT8.dll
c:\programmi\SmartCase Logon+\System\FJFP_PBA.dll
c:\programmi\SmartCase Logon+\System\Fa1J.dll
c:\programmi\SmartCase Logon+\System\SccWin.dll
c:\programmi\SmartCase Logon+\System\smsw32.dll
c:\programmi\SmartCase Logon+\System\SmartyCSPHandler.dll
c:\programmi\SmartCase Logon+\System\SmartyDatabase.dll
c:\programmi\SmartCase Logon+\System\SmartyTimeBombing.dll
c:\windows\system32\WININET.dll
c:\programmi\SmartCase Logon+\System\SmartyConv.dll
c:\programmi\SmartCase Logon+\System\SmartyCrypt.dll
c:\programmi\SmartCase Logon+\System\SmartyUserSettings.dll
c:\programmi\SmartCase Logon+\System\sm_bios.dll
c:\programmi\SmartCase Logon+\System\sicry_uk.dll
c:\programmi\SmartCase Logon+\System\sicry_d.dll
c:\windows\system32\PSUWNP.dll
c:\windows\system32\msjetoledb40.dll
c:\windows\system32\msjet40.dll
c:\windows\system32\mswstr10.dll
c:\windows\system32\msjter40.dll
c:\windows\system32\MSJINT40.DLL
c:\programmi\SmartCase Logon+\System\dllt1.dll
c:\programmi\SmartCase Logon+\System\sicryptbio.dll
c:\programmi\SmartCase Logon+\System\diadllen.dll
c:\programmi\SmartCase Logon+\System\SmartyAds.dll
c:\programmi\SmartCase Logon+\System\sctpm.dll
c:\windows\system32\cmTsp.dll
c:\windows\system32\dnssd.dll
c:\windows\system32\igfxdev.dll
.
Ora fine scansione: 2010-11-10 12:45:39
ComboFix-quarantined-files.txt 2010-11-10 11:45
Pre-Run: 263.406.489.600 byte disponibili
Post-Run: 263.771.942.912 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 9AD428924EE6F873E04E90FAFC07689F
Sign In
Create Account
