TR/Crypt.XPACK.Gen3 [era: probabile virus]

**orata71** · 22-10-2010, 17:25

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Acer\\eManager\\anbmServ.exe"=
"c:\\Programmi\\Synaptics\\SynTP\\SynTPLpr.exe "=
"c:\\WINDOWS\\system32\\wwSecure.exe"=
"c:\\Programmi\\File comuni\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Programmi\\ATI Technologies\\ATI Control Panel\\ATIPTAXX.EXE"=
"c:\\Programmi\\Launch Manager\\QtZgAcer.EXE"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [25/12/2009 14.27.06 207792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/10/2010 18.10.02 165584]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SA SDIFSV.SYS [10/10/2006 14.53.48 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SA SKUTIL.SYS [27/02/2007 13.39.26 67656]
R1 SMBHC;Driver del controller host del bus di gestione sistema Microsoft;c:\windows\system32\drivers\smbhc.sys [22/09/2004 13.14.55 6784]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [20/10/2010 18.10.03 17744]
R2 IS360service;IS360service;c:\programmi\IObit\IObit Security 360\is360srv.exe [22/06/2010 15.47.19 312152]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [07/02/2009 10.33.12 359624]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8.11.22 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8.11.20 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8.11.20 12928]
R3 SMBBATT;Driver di Microsoft Smart Battery;c:\windows\system32\drivers\smbbatt.sys [22/09/2004 13.15.10 16000]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 womhno;womhno; [x]
S1 55331401;55331401;c:\windows\system32\DRIVERS\5533 1401.sys --> c:\windows\system32\DRIVERS\55331401.sys [?]
S3 nokiacpo;Nokia Internet Stick CS-10 Wireless Modem Service Install;c:\windows\system32\drivers\nokiacpo.sys [03/03/2009 16.32.48 19072]
S3 nokiappo;Nokia Internet Stick CS-10 Wireless Modem Power Policy Service;c:\windows\system32\drivers\nokiappo.sys [03/03/2009 16.32.48 27008]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [01/01/1980 1.00.00 14336]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASE NUM.SYS [16/02/2006 18.51.08 12872]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-22 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-10-20 19:55]

2010-10-22 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 13:01]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Paolo\Dati applicazioni\Mozilla\Firefox\Profiles\35jq3wsd.def ault\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{ecdc465a-cf20-4b82-9a26-47c9dc52fa32} - (no file)

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3748)
c:\programmi\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\File comuni\SmartCom\DragnDropCopyHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-10-22 17:23:09
ComboFix-quarantined-files.txt 2010-10-22 15:23

Pre-Run: 13.737.750.528 byte disponibili
Post-Run: 13.801.226.240 byte disponibili

- - End Of File - - 017D3BC08FA91EA5BE875C6213493636

Discussione: TR/Crypt.XPACK.Gen3 [era: probabile virus]

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio