TR/Crypt.XPACK.Gen3 [era: probabile virus]

**orata71** · 22-10-2010, 17:24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.510.162 [GMT 2:00]
Eseguito da: c:\documents and settings\Paolo\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012F2B4-5CE9-7C92-0300-000100000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {735C5357-DA0A-7C91-EB21-807CFFFFFFFF}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2010-09-22 al 2010-10-22 )))))))))))))))))))))))))))))))))))
.

2010-10-22 15:19 . 2010-10-22 15:19 53248 ----a-w- c:\temp\catchme.dll
2010-10-20 19:51 . 2010-10-20 19:51 -------- d-----w- c:\documents and settings\Paolo\DoctorWeb
2010-10-20 19:16 . 2010-10-20 19:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2010-10-20 17:07 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-20 16:10 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-20 16:10 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-20 16:10 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-20 16:09 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-20 16:09 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-20 16:09 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-20 16:09 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-20 16:08 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-20 16:08 . 2010-10-20 16:08 -------- d-----w- c:\programmi\Alwil Software
2010-10-20 16:08 . 2010-10-20 16:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-10-20 10:17 . 2010-10-20 10:17 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\GlarySoft
2010-10-20 10:09 . 2010-10-20 10:09 -------- d-----w- c:\programmi\Glary Utilities
2010-10-20 08:59 . 2010-10-20 09:00 -------- d-----w- c:\documents and settings\Administrator
2010-10-19 11:56 . 2010-10-20 15:29 -------- d-----w- c:\windows\system32\NtmsData
2010-10-18 15:21 . 2010-10-18 15:21 -------- d-----w- c:\programmi\MSXML 4.0
2010-10-18 15:20 . 2005-04-03 21:00 184320 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\iuser.dll
2010-10-18 15:20 . 2005-04-03 21:02 753664 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\iKernel.dll
2010-10-18 15:20 . 2005-04-03 21:02 69714 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\ctor.dll
2010-10-18 15:20 . 2005-04-03 21:01 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\iscript.dll
2010-10-18 15:20 . 2005-04-03 20:59 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\DotNetInstaller.exe
2010-10-18 15:20 . 2010-10-18 15:20 200836 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\iGdi.dll
2010-10-18 15:20 . 2010-10-18 15:20 331908 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\11\00\In tel32\setup.dll
2010-10-18 15:19 . 2009-10-19 19:49 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-10-18 15:19 . 2009-05-22 11:26 630784 ----a-w- c:\windows\system32\vsflex8u.ocx
2010-10-18 15:19 . 2009-05-22 11:26 419240 ----a-w- c:\windows\system32\Vsflex7L.ocx
2010-10-18 15:18 . 2010-10-18 15:18 -------- d--h--w- c:\documents and settings\Paolo\Dati applicazioni\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2010-10-18 15:18 . 2010-10-18 15:18 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\LG Electronics
2010-10-18 15:08 . 2010-10-18 15:21 -------- d-----w- c:\programmi\LG Electronics
2010-10-13 23:25 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 23:25 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 23:24 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-02 23:34 . 2010-10-12 18:27 -------- d-----w- c:\documents and settings\Paolo\Dati applicazioni\vlc
2010-10-02 23:19 . 2010-10-02 23:19 -------- d--h--w- c:\windows\PIF
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\programmi\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\programmi\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-09-18 10:23 . 1979-12-31 23:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 1979-12-31 23:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 1979-12-31 23:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 1979-12-31 23:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 1979-12-31 23:00 669696 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 1979-12-31 23:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 1979-12-31 23:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:13 . 1979-12-31 23:00 371200 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 1979-12-31 23:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 1979-12-31 23:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 1979-12-31 23:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 1979-12-31 23:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 1979-12-31 23:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 1979-12-31 23:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 1979-12-31 23:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 1979-12-31 23:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2004-03-01 12:25 . 2007-08-16 12:55 114688 ----a-w- c:\programmi\internet explorer\plugins\ChimeShim.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr. exe" [2004-05-20 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2004-05-20 532480]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-19 455168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2004-07-14 151552]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2004-09-01 2876416]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-19 59392]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-09-07 2838912]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2004-08-27 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-06-04 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-12 19:22 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-09-28 19:33 2407632 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-19 04:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
2010-06-11 16:14 1280344 ----a-w- c:\programmi\IObit\IObit Security 360\is360tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2009-11-18 11:47 1243088 ----a-w- c:\programmi\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2004-07-30 10:30 319488 ----a-w- c:\programmi\Launch Manager\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Internet Modem]
2009-03-06 18:05 1958552 ----a-w- c:\programmi\Nokia\Nokia Internet Modem\Wellphone2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage]
1998-11-19 10:20 44032 ----a-w- c:\programmi\Caere\OmniPagePro90\OPware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-10-02 22:12 2424560 ----a-w- c:\programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2005-08-08 12:49 1110016 ----a-w- c:\programmi\Webroot\Washer\wwDisp.exe

Discussione: TR/Crypt.XPACK.Gen3 [era: probabile virus]

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

probabile virus

Permessi di invio