Condividi:        

TR/Crypt.XPACK.Gen come eliminarlo?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi shel » 13/03/10 10:50

l'infezione e' ancora li' malwarebytes non l'ha eliminata

mi posti un log agggiornato di hijackthis?
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Sponsor
 

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 13/03/10 11:35

ECCOLO:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.34.36, on 13/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Eye-Fi\Eye-Fi Manager.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\HPQ\Shared\hpqwmi.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://java.com/it/download/help/index.xml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Eye-Fi] "C:\Programmi\Eye-Fi\Eye-Fi Manager.exe"
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\plusoptix\kqodhq.exe \u
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {E0841E96-BC13-454F-910C-498C510B03DD} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1432300468
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11711B0E-5FEE-4FA6-9E9E-9C02BEA12C38}: NameServer = 151.99.125.1,151.99.0.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{28F15375-1559-4121-A088-16814A30C81E}: NameServer = 85.37.17.57 85.38.28.80
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 7918 bytes
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi shel » 13/03/10 11:58

potremmo pulire a mano l'infezione ma non so se te la senti

apri hijackthis e fixa questa riga

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,

disattiva il tuo antivirus

scarica combofix

esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 13/03/10 12:06

Quando scarico combofix mi dice che non è possibile rinominare combofix come combofix[1]
Si prega di utilizzare un altro nome,preferibilmente composto da caratteri alfanumerici.
Grazie per la tua disponibilità.
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi shel » 13/03/10 12:18

disinstalla combofix con questo tool

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI

scarica nuovamente combofix da internet explorer e rinominalo prima del download in 123.exe
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 13/03/10 12:37

Sono riuscito a scaricare combofix leggendo un vecchio post in questa discussione salvando il file nel desktop rinominandolo in abc.exe e all' esecuzione, mi ha fatto tutti gli stage e mi ha eliminato alcuni file e alcune cartelle..
poi mi è comparsa una videata tutta blu, mi sono sparite tutte le icone.. e non mi è andato più avanti
ho fatto ctrl+alt+canc
e ho riavviato...
ti mando un log di hijackthis se potesse servire.... eccolo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.36.41, on 13/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Eye-Fi\Eye-Fi Manager.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\HPQ\Shared\hpqwmi.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://java.com/it/download/help/index.xml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Eye-Fi] "C:\Programmi\Eye-Fi\Eye-Fi Manager.exe"
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\plusoptix\kqodhq.exe \u
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {E0841E96-BC13-454F-910C-498C510B03DD} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1432300468
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11711B0E-5FEE-4FA6-9E9E-9C02BEA12C38}: NameServer = 151.99.125.1,151.99.0.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{28F15375-1559-4121-A088-16814A30C81E}: NameServer = 85.37.17.57 85.38.28.80
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 7813 bytes
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 13/03/10 12:38

Dimenticavo... ora l'icona di combofix è presente sul mio desktop !!
Grazie ancora per la disponibilità !!
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi Luke57 » 13/03/10 12:46

Ciao, Scarica SystemScan
http://www.suspectfile.com/systemscan

Disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, carica il rapporto che trovi sul desktop (file .zip)su freefilehosting o in altro sito di hosting (wikifortio, rapidshare ecc.)
http://www.freefilehosting.net/index.cfm

Posta il link che ti sarà fornito dopo l'upload del file (generalmente il primo link).
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 13/03/10 13:08

Purtroppo ora devo andare e non riesco a fare quello che mi hai detto...
comunque volevo chiderti come devo fare per CARICARE il rapporto con COPIA+INCOLLA ?
Grazie e scusa l'ignoranza....
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi Luke57 » 14/03/10 00:51

Ciao, vai qui:
http://www.wikifortio.com/
sulla finestra Upload a file premi sfoglia, cerca il file .zip sul desktop, poi premi upload. Ti sarà fornito il link per il download del file, copialo e incollalo in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 14/03/10 12:07

mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi Luke57 » 14/03/10 15:45

Ciao, il report non è completo, manca l'ultima parte, comunque apri hijackthis, premi "do a system scan only", cerca e spunta le voci seguenti:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\plusoptix\kqodhq.exe \u

premi fix checked.

Poi aggiorna malwarebytes e fai una scansione completa del computer, eliminando le eventuali infezioni trovate.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 14/03/10 18:31

Log di malwarebytes, trovato 1 file infetto che ho eliminato:
Malwarebytes' Anti-Malware 1.44
Versione del database: 3861
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

14/03/2010 18.23.22
mbam-log-2010-03-14 (18-23-22).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 176934
Tempo trascorso: 31 minute(s), 32 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 14/03/10 18:39

Approfitto poi della tua disponibilità per raccontarti un altro problema avuto con un altro computer e che non ho avuto risposta da gahan, per una questione presente in questa discussione in un post di qualche settimana fa...
in pratica ero in contatto con gahan per verificare una chiavetta usb infetta e tra un'operazione e l'altra ad un punto ho notato che non avevo più la connessione ad internet.. poi un mio amico esperto ha verificato il portatile e ha visto che le porte usb non funzionano più e qui ho il supporto con una penna wirless ..
lui ha visto in una cartella del computer che non ho più i DRIVER e li devo scaricare da un sito, ma lui non si ricordava quale.. forse mi puoi aiutare tu a mandarmi il log di un sito dove scaricare questi DRIVER ??
Il computer è un pò vecchiotto...
Sistema Microsoft Windows XP Home Edition Versione 2002 Service Pack 2 Registrato a nome di Windows
55717-OEM-0011903-00106
Prodotto da hp invent
Herwlettà-Packard HP Notebook PC Intel (R) III Mobile CPU
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 14/03/10 18:44

Scusa, se non sono stato chiaro ho trovato il percorso che mi ha verificato il mio amico...
Risorse del Computer - connessione remota - gestione periferiche - schede di rete - ci sono le voci
Alice G-132
Connessione di rete Intel (R) PRO/100
Driver del server di accesso all rete LAN Bluetooth
WAN Miniport (IP)
in tutte queste voci c'è un punto esclamativo dentro un tondino giallo
Spero di essere stato il più chiaro possibile e ti ringrazio ancora per il tempo che mi stai dedicando !!
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 12/04/10 13:22

Chi mi controlla questi due log di HijackThis e Malwarebytes ??
Ogni tanto infatti, mi capita che quando accedo ad interenet mi si aprono circa una decina di pagine di vari
siti internet dove magari ho navigato 10 giorni prima .
Grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.20.55, on 12/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Programmi\Cyberlink\Shared Files\brs.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Java\jre6\bin\jucheck.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.icmsoft.com/myhome.asp?cl=02 ... 0915021201
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.ez-tracks.com/?fromOMB=1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Programmi\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programmi\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ICMClient] C:\Programmi\ICMClient\ICMClient.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Programmi\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8750 bytes
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 12/04/10 14:08

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 3980

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/04/2010 15.06.59
mbam-log-2010-04-12 (15-06-59).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 151736
Tempo trascorso: 24 minuti, 19 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Voci infette nei dati di registro: 3
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi tibia 82 » 16/04/10 23:22

SALVE,SONO NUOVO DI QUESTO FORUM,DA QUALCHE GIORNO HO PRESO IL VIRUS "CAVALLO DI TROIA"TR/Crypt.XPACK.Gen,COME FACCIO AD ELIMINARLO?RINGRAZIO ANTICIPATAMENTE CHI MI AIUTA!!!!
tibia 82
Newbie
 
Post: 1
Iscritto il: 16/04/10 23:13

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi marco97pa » 16/09/10 09:47

Anche io sono stato infettato dal TR/Crypt.XPACK.Gen!
Ho fatto una scansione con ComboFix e questo è il report:
Codice: Seleziona tutto
ComboFix 10-09-15.01 - MARCO 16/09/2010  10.12.21.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1022.392 [GMT 2:00]
Eseguito da: c:\documents and settings\MARCO\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\MARCO\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {001300D4-0000-0000-1000-00007454927C}
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\page
c:\documents and settings\All Users\Dati applicazioni\page\page.ico
c:\documents and settings\All Users\Dati applicazioni\page\page.URL
c:\documents and settings\MARCO\AUTORUN.INF
c:\documents and settings\MARCO\Dati applicazioni\inst.exe
c:\programmi\\setup.exe
c:\programmi\Search Settings
c:\programmi\Search Settings\kb128\SeARchsettings.dll
c:\programmi\Search Settings\kb128\SearchSettingsRes409.dll
c:\programmi\Search Settings\SearchSettings.exe
c:\programmi\Setup.exe
c:\windows\system32\Cache
c:\windows\system32\vbzlib1.dll

La copia infetta di c:\windows\system32\midimap.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll

.
(((((((((((((((((((((((((   Files Creati Da 2010-08-16 al 2010-09-16  )))))))))))))))))))))))))))))))))))
.

2010-09-16 07:41 . 2010-09-16 07:41   --------   d-----w-   C:\VundoFix Backups
2010-09-13 09:19 . 2010-09-13 09:19   --------   d-----w-   c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\Electronic_Arts_Inc
2010-09-13 09:18 . 2010-09-13 09:18   --------   d-----w-   c:\programmi\Electronic Arts
2010-09-13 09:18 . 2010-09-13 09:18   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2010-09-13 06:45 . 2010-09-13 06:49   --------   d-----w-   C:\xdccMule
2010-09-04 08:08 . 2010-09-04 08:08   --------   d-----w-   c:\windows\system32\Adobe
2010-09-02 15:55 . 2010-09-02 15:55   --------   d-----w-   c:\documents and settings\MARCO\Dati applicazioni\Planetside Software
2010-09-02 15:07 . 2006-03-03 13:52   --------   d-----w-   c:\windows\system32\Mystify
2010-09-02 15:07 . 2006-03-01 03:37   --------   d-----w-   c:\windows\system32\Bubbles
2010-09-02 15:07 . 2006-03-01 03:25   --------   d-----w-   c:\windows\system32\Ribbons
2010-09-02 15:07 . 2006-03-01 03:25   --------   d-----w-   c:\windows\system32\Aurora
2010-09-02 15:00 . 2010-09-02 15:03   --------   d-----w-   c:\windows\VISTA_screensaver_XP
2010-09-02 14:55 . 2010-09-02 14:55   65536   ----a-w-   c:\windows\IFinst27.exe
2010-09-01 08:17 . 2010-09-01 08:17   --------   d-----w-   c:\programmi\Inpaint

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 08:23 . 2009-04-09 17:36   --------   d-----w-   c:\documents and settings\MARCO\Dati applicazioni\Orbit
2010-09-16 07:42 . 2010-02-14 18:08   --------   d-----w-   c:\documents and settings\MARCO\Dati applicazioni\uTorrent
2010-09-15 08:47 . 2009-04-10 11:07   --------   d-----w-   c:\programmi\Microsoft Silverlight
2010-09-13 07:10 . 2009-07-17 08:34   --------   d-----w-   c:\programmi\Lphant
2010-09-10 08:53 . 2009-09-07 14:01   --------   d-----w-   c:\programmi\COMODO
2010-09-09 17:11 . 2010-07-28 12:53   217428   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2010-09-09 17:11 . 2010-07-28 12:53   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2010-09-09 17:11 . 2010-07-28 12:53   217428   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2010-09-04 09:38 . 2010-02-14 18:09   --------   d-----w-   c:\programmi\uTorrent
2010-09-03 14:59 . 2009-03-25 20:15   97904   ----a-w-   c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-09-03 14:55 . 2009-12-30 13:04   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-09-02 17:22 . 2006-04-27 09:15   616726   ----a-w-   c:\windows\system32\perfh010.dat
2010-09-02 17:22 . 2006-04-27 09:15   123262   ----a-w-   c:\windows\system32\perfc010.dat
2010-09-02 15:55 . 2009-05-27 17:56   --------   d-----w-   c:\documents and settings\MARCO\Dati applicazioni\uk.co.planetside
2010-08-20 20:00 . 2009-03-26 17:16   --------   d-----w-   c:\programmi\Ashampoo
2010-08-20 19:34 . 2010-08-20 19:34   503808   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-20d5980f-n\msvcp71.dll
2010-08-20 19:34 . 2010-08-20 19:34   499712   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-20d5980f-n\jmc.dll
2010-08-20 19:34 . 2010-08-20 19:34   348160   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-20d5980f-n\msvcr71.dll
2010-08-20 19:33 . 2010-08-20 19:33   61440   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-261a75ad-n\decora-sse.dll
2010-08-20 19:33 . 2010-08-20 19:33   12800   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-261a75ad-n\decora-d3d.dll
2010-08-12 09:42 . 2009-04-10 09:47   --------   d-----w-   c:\programmi\Picasa2
2010-08-11 08:28 . 2010-03-23 15:58   --------   d-----w-   c:\documents and settings\MARCO\Dati applicazioni\Youtube Downloader HD
2010-08-11 08:05 . 2010-02-16 10:27   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX
2010-08-11 05:40 . 2010-02-16 10:31   1066936   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-08-11 05:32 . 2010-02-16 10:31   100280   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX\LGMLauncher.exe
2010-08-11 05:14 . 2010-02-16 10:31   106496   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2010-08-11 05:14 . 2010-02-16 10:31   524288   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-08-10 17:11 . 2010-07-28 09:39   --------   d-----w-   c:\programmi\MSECache
2010-08-10 09:23 . 2009-04-10 12:31   --------   d-----w-   c:\programmi\Messenger Plus! Live
2010-08-09 10:22 . 2010-02-09 11:17   --------   d-----w-   c:\documents and settings\MARCO\Dati applicazioni\TECNOS
2010-08-09 08:21 . 2009-07-27 15:02   --------   d-----w-   c:\programmi\TuneUp Utilities 2008
2010-08-06 12:31 . 2006-04-27 09:15   219648   ----a-w-   c:\windows\system32\uxtheme.dll
2010-08-05 08:59 . 2010-08-05 08:59   3691036   ----a-w-   c:\programmi\Youtube Downloader HD.zip
2010-08-05 08:44 . 2010-03-19 11:03   --------   d-----w-   c:\programmi\Youtube Downloader HD
2010-08-04 07:30 . 2010-08-04 07:18   --------   d-----w-   c:\documents and settings\MARCO\Dati applicazioni\U3
2010-07-30 09:08 . 2010-07-30 08:35   24760920   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Easeware\DriverEasy\drivers\z4jrbumc.i5a\Voodoo_SoundMax_Audio_XP32_5.10.01.6110.exe
2010-07-30 08:35 . 2010-07-30 08:35   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Ralink Driver
2010-07-30 08:30 . 2010-07-28 10:22   27918879   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Easeware\DriverEasy\drivers\j2bdfztb.fhy\IS_AP_STA_RT7x_D-1.3.5.0_VA-3.1.7.0_W7-4.0.3.0_RU-3.1.2.0_AU-3.0.3.0_082409_1.5.4.0_Free.exe
2010-07-28 12:53 . 2010-06-02 18:02   --------   d-----w-   c:\programmi\NVIDIA Corporation
2010-07-28 11:32 . 2010-07-28 11:32   503808   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d10f0f7-n\msvcp71.dll
2010-07-28 11:32 . 2010-07-28 11:32   499712   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d10f0f7-n\jmc.dll
2010-07-28 11:32 . 2010-07-28 11:32   348160   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d10f0f7-n\msvcr71.dll
2010-07-28 11:32 . 2010-07-28 11:32   61440   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4599999a-n\decora-sse.dll
2010-07-28 11:32 . 2010-07-28 11:32   12800   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4599999a-n\decora-d3d.dll
2010-07-28 11:14 . 2010-06-03 08:54   138968   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2010-07-28 11:14 . 2010-06-03 08:54   214592   ----a-w-   c:\windows\system32\PnkBstrB.exe
2010-07-28 09:51 . 2009-04-09 17:40   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-07-28 09:50 . 2009-04-09 17:40   --------   d-----w-   c:\programmi\Google
2010-07-28 09:36 . 2010-07-28 09:36   --------   d-----w-   c:\programmi\Easeware
2010-07-28 09:36 . 2010-07-28 09:35   1627139   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\Easeware\DriverEasy\updates\2.5.0.20920\DriverEasy_Setup.exe
2010-07-26 08:48 . 2010-07-26 07:54   --------   d-----w-   c:\programmi\TTVC
2010-07-19 17:56 . 2009-04-01 17:48   1   ----a-w-   c:\documents and settings\MARCO\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-19 17:55 . 2010-07-19 17:55   --------   d-----w-   c:\programmi\JRE
2010-07-19 17:55 . 2009-03-26 19:18   --------   d-----w-   c:\programmi\OpenOffice.org 3
2010-07-19 17:47 . 2009-03-26 19:18   --------   d-----w-   c:\programmi\File comuni\Java
2010-07-19 17:47 . 2010-07-19 17:47   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-19 17:47 . 2009-03-26 19:17   --------   d-----w-   c:\programmi\java
2010-07-19 15:45 . 2010-07-19 14:58   --------   d-----w-   c:\programmi\CamStudio
2010-07-18 17:12 . 2010-07-18 17:12   --------   d-----w-   c:\programmi\Genuitec
2010-07-18 17:12 . 2006-09-19 15:37   --------   d--h--w-   c:\programmi\InstallShield Installation Information
2010-07-18 17:03 . 2010-07-18 17:03   --------   d-----w-   c:\programmi\Windows Media Components
2010-07-18 17:00 . 2009-04-09 17:36   --------   d-----w-   c:\programmi\Orbitdownloader
2010-06-30 12:31 . 2006-04-27 09:15   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-25 14:05 . 2010-06-25 14:05   21361   ----a-w-   c:\windows\system32\drivers\AegisP.sys
2010-06-24 12:22 . 2006-04-27 09:15   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-04-27 09:15   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-04-27 09:15   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2008-09-30 17:42 . 2008-09-30 17:42   127852561   -c--a-w-   c:\programmi\openofficeorg1.cab
2008-09-30 17:09 . 2008-09-30 17:09   217   ----a-w-   c:\programmi\setup.ini
2008-09-30 17:09 . 2008-09-30 17:09   9776640   ----a-w-   c:\programmi\openofficeorg30.msi
2002-03-11 09:06 . 2002-03-11 09:06   1822520   ----a-w-   c:\programmi\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45   1708856   ----a-w-   c:\programmi\instmsia.exe
.

------- Sigcheck -------

[7] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-13 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-13 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2006-04-10 . BD11ECE6A5BD592FDDCF9545B4296D17 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-13 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-13 . 6B00176C49AD983527346A0CB3B29BD1 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-13 . 6B00176C49AD983527346A0CB3B29BD1 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-04-10 . BAA0F16E5C5BE20AC531FA7FAF97F80A . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2006-04-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[7] 2008-04-13 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-13 . 3E163C943AC3ECC44826954A579E0F87 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-13 . 3E163C943AC3ECC44826954A579E0F87 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2006-04-10 . FD8AE458F9D47E7819B272A3C15D4DDD . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-03 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-03 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2008-04-13 . 889676A942A232F349C9F8177CD9B782 . 1543168 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-13 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-13 . 889676A942A232F349C9F8177CD9B782 . 1543168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2006-04-10 . D009E427DE2E129FF87B03D87F349C73 . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-13 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-13 . 9C53CD8539F65CB380347F6689C8F188 . 1312256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-13 . 9C53CD8539F65CB380347F6689C8F188 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2006-04-10 . E7D73D967D096A22648236469AC4478C . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\ole32.dll
[-] 2005-07-26 . D5622B6D4CD43F2223718820C0A178AD . 1284608 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . FDCB65B500C748D9D36BCCD20156B7C5 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-29 . 7313DD91D93A33472E76D857EE7FFDE8 . 1284608 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-04-28 . 7E958544A86CDB308F849BAB7EC78908 . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-01-14 . 62942407E0568319942E28F9629F7DB8 . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
[-] 2005-01-14 . 1CFD33AAA3238DA1BB0309359E8C1186 . 1284608 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\ole32.dll

[7] 2008-04-13 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-13 . 7F4C43F75EBF781352DB3B5EF6BF8230 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-13 . 7F4C43F75EBF781352DB3B5EF6BF8230 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-04-10 . 33F14C55448FFA3E9DAE4854CC632D33 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[-] 2006-04-10 . BD55624B7BBB4AE0AAFAAD9D74AB3889 . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\programmi\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 40448]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2009-09-26 518040]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - c:\programmi\Orbitdownloader\orbitdm.exe [2009-4-9 1809680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^OfficeSAS.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Orbit.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MARCO^Menu Avvio^Programmi^Esecuzione automatica^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\MARCO\Menu Avvio\Programmi\Esecuzione automatica\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06   976832   ----a-w-   c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04   35760   ----a-w-   c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
2008-11-05 11:28   779104   ------w-   c:\programmi\Ashampoo\Ashampoo Magical Snap 2\ashsnap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2009-09-26 22:32   83312   ----a-w-   c:\programmi\Microsoft Office 2010\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 17:14   40448   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:38   1289000   ----a-w-   c:\programmi\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 09:01   319488   ----a-w-   c:\windows\PixArt\PAC207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-06-07 15:34   13902440   ----a-w-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-06-07 15:34   110696   ----a-w-   c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-06-02 22:48   1753192   ----a-w-   c:\programmi\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
2009-08-22 10:31   5148672   ----a-w-   c:\programmi\Rainlendar2\Rainlendar2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 22:35   716800   ----a-w-   c:\programmi\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 09:11   925696   ----a-w-   c:\programmi\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43   248040   ----a-w-   c:\programmi\File comuni\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-09 17:40   39408   ----a-w-   c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrive]
2008-06-15 07:18   253573   ----a-w-   c:\windows\vistadrive\Vdrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMSAccessU"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\wcescomm.exe"
"Vivaty"="c:\programmi\Vivaty\VivatyPlayer\vivaty.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CanonSolutionMenu"=c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
"ehTray"=c:\windows\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SearchSettings"=c:\programmi\Search Settings\SearchSettings.exe
"LanguageShortcut"=c:\programmi\CyberLink\PowerDVD\Language\Language.exe
"CanonMyPrinter"=c:\programmi\Canon\MyPrinter\BJMyPrt.exe /logon
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"YMailAdvisor"="c:\programmi\Yahoo!\Common\YMailAdvisor.exe"
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"B2C_AGENT"=c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\TmNationsForever\\TmForever.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Microsoft Office 2010\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office 2010\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\EA Sports\\FIFA Online\\NFE.exe"=
"c:\\Documents and Settings\\MARCO\\Impostazioni locali\\Dati applicazioni\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 DeviceManager;DeviceManager;c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start --> c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start [?]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 18.33.38 50704]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [30/07/2010 10.36.10 19072]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [07/10/2009 3.44.58 129856]
S2 gupdate1c9b9c158983dae;Servizio di Google Update (gupdate1c9b9c158983dae);c:\programmi\Google\Update\GoogleUpdate.exe [10/04/2009 11.47.17 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [11/02/2010 19.02.55 1527900]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [16/02/2010 12.42.44 16896]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [27/04/2010 18.36.42 30192]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [13/04/2009 19.05.17 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [13/04/2009 19.05.17 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [13/04/2009 19.05.17 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [13/04/2009 19.05.17 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [13/04/2009 19.05.18 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [13/04/2009 19.05.18 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [13/04/2009 19.05.18 109952]
S3 MsDepSvc;Web Deployment Agent Service;c:\programmi\IIS\Microsoft Web Deploy\MsDepSvc.exe [09/09/2009 13.13.26 55176]
S3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 5.28.22 4639136]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14/05/2007 10.26.10 508288]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [15/07/2009 19.07.57 103552]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [11/02/2010 19.02.37 544768]
S3 VL807;VL807 Filter;c:\windows\system32\drivers\VL807.sys [10/04/2009 12.28.54 22400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [07/10/2009 3.44.58 752984]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-09 17:18]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-10 09:47]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-10 09:47]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1138759736-1952282097-4113721478-1005Core.job
- c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-23 15:46]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1138759736-1952282097-4113721478-1005UA.job
- c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-23 15:46]

2010-09-16 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2010-09-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{7A460552-49E5-4982-B7AE-C6A886FBD971}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-09-16 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MI7967~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
Trusted Zone: microsoft.com\www
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-COMODO Internet Security - c:\programmi\COMODO\COMODO Internet Security\cfp.exe
AddRemove-VLC media player - j:\mojopac\Program Files\VLC\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 10:20
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MsDepSvc]
"ImagePath"="\"c:\programmi\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(872)
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\DeviceHelper\DeviceManager.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\RALINK\Common\RaRegistry.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\slmdmsr.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmi\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Ora fine scansione: 2010-09-16  10:29:31 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-09-16 08:29

Pre-Run: 226.975.989.760 byte disponibili
Post-Run: 228.385.607.680 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /TUTag=4NEL72

- - End Of File - - EDE69BEAE1825433B2F8AF38EB11AB23

Adesso che faccio???
marco97pa
Utente Junior
 
Post: 10
Iscritto il: 16/09/10 09:41

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "TR/Crypt.XPACK.Gen come eliminarlo?":


Chi c’è in linea

Visitano il forum: Nessuno e 81 ospiti

cron