TR/Crypt.XPACK.Gen3 [era: probabile virus]

**orata71** · 22-10-2010, 16:30

Da qualche giorno il mio antivirus Avast 5 mi segnala un recycler virus che viene eliminato apparentemente dall'antivurs che
lo sposta nel cestino dei virus e che poi si rigenera dopo ogni riavvio, inoltre nella cartella temp di window trovo dei file
di questo tipo TMP19.tmp, TMP3C.tmp, ecc, che vengono segnalati come virus Win32:Enistery [Sup], Perflib_Perfdata_1c0, ecc, T30DebugLogFile.

Ho provato a disinstallare Avast e ad installare Avira per vedere se fosse un falso positivo e Avira ha trovato TR/Crypt.XPACK.Gen3 che
penso di aver eliminato con ComboFix. Adesso ho renistallato Avast che mi segnala sempre lo stesso problema...

Sul Pc sono installati i seguenti programmi per la sicurezza: Avast 5, Malwarebytes' Anti-Malware, Spyware Doctor, Spybot - Search & Destroy,
SpywareBlaster, SUPERAntiSpyware Free Edition, CCleaner, Glary Utilities, TFC.

Potete aiutarmi a risolvere per favore il problema?

allego il file hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2.06.41, on 22/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\IObit\IObit Security 360\IS360srv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Arcade\PCMService.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia Internet Modem\wellphone2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Paolo\Desktop\Progrmma HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309 .3572\swg.dll
O2 - BHO: (no name) - {ecdc465a-cf20-4b82-9a26-47c9dc52fa32} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3039579F-48C8-4764-9774-2E5C773ED99A}: NameServer = 62.13.173.92 62.13.173.93
O17 - HKLM\System\CS1\Services\Tcpip\..\{3039579F-48C8-4764-9774-2E5C773ED99A}: NameServer = 62.13.173.92 62.13.173.93
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS360service - IObit - C:\Programmi\IObit\IObit Security 360\IS360srv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

grazie

**menatwork** · 22-10-2010, 16:36

ciao orata71

puoi postare il log della scansione fatta con combofix?

**orata71** · 22-10-2010, 16:42

No perchè l'ho cacellata, se vuoi posso rifarla ma devo riscaricare combofix. La scasione l'avevo fatta in modalità provvisoria, e durante la rimozione con OTC, e scomparso il suono di apertura delle cartelle...

**menatwork** · 22-10-2010, 16:49

No perchè l'ho cacellata

Male!!! Quando usi combofix mai cancellare le scansioni, molte volte ci sono altre eliminazioni da fare presenti nel log

vai in C: e controlla se vedi la cartella qoobox

**orata71** · 22-10-2010, 16:59

no il programma ha cancellato tutto comunue posso rifarla e postarla perchè i problemi che avevo prima sono ancora presenti

**menatwork** · 22-10-2010, 17:01

rieseguila avendo cura di non installare la recovery consolle quando te lo chiede

finita la scansione portati in C:\ e allega il rapporto C:\ComboFix.txt nella tua risposta.

**orata71** · 22-10-2010, 17:24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.510.162 [GMT 2:00]
Eseguito da: c:\documents and settings\Paolo\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012F2B4-5CE9-7C92-0300-000100000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {735C5357-DA0A-7C91-EB21-807CFFFFFFFF}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2010-09-22 al 2010-10-22 )))))))))))))))))))))))))))))))))))
.

2010-10-22 15:19 . 2010-10-22 15:19 53248 ----a-w- c:\temp\catchme.dll
2010-10-20 19:51 . 2010-10-20 19:51 -------- d-----w- c:\documents and settings\Paolo\DoctorWeb
2010-10-20 19:16 . 2010-10-20 19:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2010-10-20 17:07 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-20 16:10 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-20 16:10 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-20 16:10 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-20 16:09 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-20 16:09 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-20 16:09 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-20 16:09 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-20 16:08 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-20 16:08 . 2010-10-20 16:08 -------- d-----w- c:\programmi\Alwil Software
2010-10-20 16:08 . 2010-10-20 16:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-10-20 10:17 . 2010-10-20 10:17 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\GlarySoft
2010-10-20 10:09 . 2010-10-20 10:09 -------- d-----w- c:\programmi\Glary Utilities
2010-10-20 08:59 . 2010-10-20 09:00 -------- d-----w- c:\documents and settings\Administrator
2010-10-19 11:56 . 2010-10-20 15:29 -------- d-----w- c:\windows\system32\NtmsData
2010-10-18 15:21 . 2010-10-18 15:21 -------- d-----w- c:\programmi\MSXML 4.0
2010-10-18 15:20 . 2005-04-03 21:00 184320 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\iuser.dll
2010-10-18 15:20 . 2005-04-03 21:02 753664 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\iKernel.dll
2010-10-18 15:20 . 2005-04-03 21:02 69714 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\ctor.dll
2010-10-18 15:20 . 2005-04-03 21:01 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\iscript.dll
2010-10-18 15:20 . 2005-04-03 20:59 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\DotNetInstaller.exe
2010-10-18 15:20 . 2010-10-18 15:20 200836 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\iGdi.dll
2010-10-18 15:20 . 2010-10-18 15:20 331908 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\setup.dll
2010-10-18 15:19 . 2009-10-19 19:49 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-10-18 15:19 . 2009-05-22 11:26 630784 ----a-w- c:\windows\system32\vsflex8u.ocx
2010-10-18 15:19 . 2009-05-22 11:26 419240 ----a-w- c:\windows\system32\Vsflex7L.ocx
2010-10-18 15:18 . 2010-10-18 15:18 -------- d--h--w- c:\documents and settings\Paolo\Dati applicazioni\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2010-10-18 15:18 . 2010-10-18 15:18 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\LG Electronics
2010-10-18 15:08 . 2010-10-18 15:21 -------- d-----w- c:\programmi\LG Electronics
2010-10-13 23:25 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 23:25 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 23:24 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-02 23:34 . 2010-10-12 18:27 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\vlc
2010-10-02 23:19 . 2010-10-02 23:19 -------- d--h--w- c:\windows\PIF
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\programmi\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\programmi\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-09-18 10:23 . 1979-12-31 23:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 1979-12-31 23:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 1979-12-31 23:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 1979-12-31 23:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 1979-12-31 23:00 669696 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 1979-12-31 23:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 1979-12-31 23:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:13 . 1979-12-31 23:00 371200 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 1979-12-31 23:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 1979-12-31 23:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 1979-12-31 23:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 1979-12-31 23:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 1979-12-31 23:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 1979-12-31 23:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 1979-12-31 23:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 1979-12-31 23:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2004-03-01 12:25 . 2007-08-16 12:55 114688 ----a-w- c:\programmi\internet explorer\plugins\ChimeShim.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr. exe" [2004-05-20 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2004-05-20 532480]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-19 455168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2004-07-14 151552]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2004-09-01 2876416]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-19 59392]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-09-07 2838912]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2004-08-27 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-06-04 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-12 19:22 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-09-28 19:33 2407632 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-19 04:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
2010-06-11 16:14 1280344 ----a-w- c:\programmi\IObit\IObit Security 360\is360tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2009-11-18 11:47 1243088 ----a-w- c:\programmi\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2004-07-30 10:30 319488 ----a-w- c:\programmi\Launch Manager\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Internet Modem]
2009-03-06 18:05 1958552 ----a-w- c:\programmi\Nokia\Nokia Internet Modem\Wellphone2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage]
1998-11-19 10:20 44032 ----a-w- c:\programmi\Caere\OmniPagePro90\OPware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-10-02 22:12 2424560 ----a-w- c:\programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2005-08-08 12:49 1110016 ----a-w- c:\programmi\Webroot\Washer\wwDisp.exe

**orata71** · 22-10-2010, 17:25

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Acer\\eManager\\anbmServ.exe"=
"c:\\Programmi\\Synaptics\\SynTP\\SynTPLpr.exe "=
"c:\\WINDOWS\\system32\\wwSecure.exe"=
"c:\\Programmi\\File comuni\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Programmi\\ATI Technologies\\ATI Control Panel\\ATIPTAXX.EXE"=
"c:\\Programmi\\Launch Manager\\QtZgAcer.EXE"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [25/12/2009 14.27.06 207792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/10/2010 18.10.02 165584]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SA SDIFSV.SYS [10/10/2006 14.53.48 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SA SKUTIL.SYS [27/02/2007 13.39.26 67656]
R1 SMBHC;Driver del controller host del bus di gestione sistema Microsoft;c:\windows\system32\drivers\smbhc.sys [22/09/2004 13.14.55 6784]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [20/10/2010 18.10.03 17744]
R2 IS360service;IS360service;c:\programmi\IObit\IObit Security 360\is360srv.exe [22/06/2010 15.47.19 312152]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [07/02/2009 10.33.12 359624]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8.11.22 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8.11.20 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8.11.20 12928]
R3 SMBBATT;Driver di Microsoft Smart Battery;c:\windows\system32\drivers\smbbatt.sys [22/09/2004 13.15.10 16000]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 womhno;womhno; [x]
S1 55331401;55331401;c:\windows\system32\DRIVERS\5533 1401.sys --> c:\windows\system32\DRIVERS\55331401.sys [?]
S3 nokiacpo;Nokia Internet Stick CS-10 Wireless Modem Service Install;c:\windows\system32\drivers\nokiacpo.sys [03/03/2009 16.32.48 19072]
S3 nokiappo;Nokia Internet Stick CS-10 Wireless Modem Power Policy Service;c:\windows\system32\drivers\nokiappo.sys [03/03/2009 16.32.48 27008]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [01/01/1980 1.00.00 14336]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASE NUM.SYS [16/02/2006 18.51.08 12872]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-22 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-10-20 19:55]

2010-10-22 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 13:01]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Paolo\Dati applicazioni\Mozilla\Firefox\Profiles\35jq3wsd.def ault\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{ecdc465a-cf20-4b82-9a26-47c9dc52fa32} - (no file)

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3748)
c:\programmi\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\File comuni\SmartCom\DragnDropCopyHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-10-22 17:23:09
ComboFix-quarantined-files.txt 2010-10-22 15:23

Pre-Run: 13.737.750.528 byte disponibili
Post-Run: 13.801.226.240 byte disponibili

- - End Of File - - 017D3BC08FA91EA5BE875C6213493636

**orata71** · 22-10-2010, 17:28

non so che cosè la recovery consolle.
ho fatto la scansione ma non mi ha richiesto di installare nessuna recovery consolle.

**menatwork** · 22-10-2010, 17:32

hai troppi programmi di protezione installati dopo dovremo toglierne qualcuno

vai sull sito virus total e controllami questo file

c:\windows\system32\DRIVERS\55331401.sys

Discussione: TR/Crypt.XPACK.Gen3 [era: probabile virus]

Strumenti discussione

Ricerca discussione

Visualizza

probabile virus

problema virus

probabile virus

probabile virus

problema virus

Permessi di invio