Condividi:        

TR/Crypt.XPACK.Gen come eliminarlo?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

TR/Crypt.XPACK.Gen come eliminarlo?

Postdi lucagix » 30/07/09 12:50

scusate sono nuovo, spero di non aver fatto stupidate aprendo un nuovo topic e se fosse così chiudete pure
volevo dirvi che ho riscontrato questo virus e ogni tanto norton antivirus mi dice che sono infetto ma che non riesce ad eliminarlo.
ho provato un sacco di antyspyware e robe varie ma niente, non me lo trova
se ci fosse anche un programma che mi indicasse le chiavi di registro in cui si trova
se qualcuno mi vuole dare una mano ne sarei davvero riconoscente
grazie mille
lucagix
Newbie
 
Post: 5
Iscritto il: 29/07/09 18:17

Sponsor
 

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi Luke57 » 30/07/09 13:21

Ciao Scarica Combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disattiva il tuo antivirus e disconnettiti da internet
avvia combofix.exe
se hai vista tasto dx e scegli esegui come amministratore
(non installare la recovery console quando il programma lo propone)
Lascia lavorare il programma senza interferire, se spariscono le icone del desktop è normale
Al termine, allega il rapporto C:\ComboFix.txt nella tua risposta.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi lucagix » 30/07/09 13:38

Luke57 ha scritto:Ciao Scarica Combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disattiva il tuo antivirus e disconnettiti da internet
avvia combofix.exe
se hai vista tasto dx e scegli esegui come amministratore
(non installare la recovery console quando il programma lo propone)
Lascia lavorare il programma senza interferire, se spariscono le icone del desktop è normale
Al termine, allega il rapporto C:\ComboFix.txt nella tua risposta.



ok ora ci provo, appena posso ti mando il rapporto grazie mille
lucagix
Newbie
 
Post: 5
Iscritto il: 29/07/09 18:17

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi lucagix » 30/07/09 14:02


ok questo è il risultato della scansione


ComboFix 09-07-29.04 - Luca 30/07/2009 14.53.52.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3069.1908 [GMT 2:00]
Eseguito da: c:\users\Luca\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\pc\AppData\Local\gsmmq.dat
c:\users\pc\AppData\Local\gsmmq.exe
c:\users\pc\AppData\Local\gsmmq_nav.dat
c:\users\pc\AppData\Local\gsmmq_navps.dat
c:\users\pc\AppData\Local\scuemgm.dat
c:\users\pc\AppData\Local\scuemgm.exe
c:\users\pc\AppData\Local\scuemgm_nav.dat
c:\users\pc\AppData\Local\scuemgm_navps.dat
c:\windows\Installer\2e7d6.msi
c:\windows\Installer\WMEncoder.msi

.
((((((((((((((((((((((((( Files Creati Da 2009-06-28 al 2009-07-30 )))))))))))))))))))))))))))))))))))
.

2009-07-30 12:57 . 2009-07-30 12:57 -------- d-----w- c:\users\pc\AppData\Local\temp
2009-07-30 12:57 . 2009-07-30 12:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-07-30 12:57 . 2009-07-30 12:57 -------- d-----w- c:\users\Alice\AppData\Local\temp
2009-07-30 11:53 . 2009-07-30 12:38 -------- d-----w- c:\programdata\Lavasoft
2009-07-30 09:09 . 2009-07-30 09:09 -------- d-----w- c:\programdata\Fighters
2009-07-30 09:09 . 2009-07-30 11:30 -------- d-----w- c:\program files\Fighters
2009-07-30 08:59 . 2009-07-30 08:59 -------- d-----w- c:\programdata\Simply Super Software
2009-07-30 08:19 . 2009-07-30 12:39 1508896 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-30 08:15 . 2009-07-30 08:15 1915520 ----a-w- c:\users\Luca\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-30 08:05 . 2009-07-25 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090729.056\NAVENG.SYS
2009-07-30 08:05 . 2009-07-25 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090729.056\NAVEX15.SYS
2009-07-30 08:05 . 2009-07-25 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090729.056\NAVENG32.DLL
2009-07-30 08:05 . 2009-07-25 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090729.056\NAVEX32A.DLL
2009-07-30 08:04 . 2009-07-25 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090729.056\EECTRL.SYS
2009-07-30 08:04 . 2009-07-25 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090729.056\ECMSVR32.DLL
2009-07-30 08:04 . 2009-07-25 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090729.056\CCERASER.DLL
2009-07-30 08:04 . 2009-07-25 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090729.056\ERASER.SYS
2009-07-30 08:03 . 2009-07-30 11:41 -------- d-----w- c:\programdata\ParetoLogic
2009-07-30 08:03 . 2009-07-30 11:41 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-29 17:30 . 2009-07-29 17:30 -------- d-----w- c:\users\Luca\AppData\Roaming\Malwarebytes
2009-07-29 17:30 . 2009-07-29 17:30 -------- d-----w- c:\programdata\Malwarebytes
2009-07-29 12:07 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-29 12:00 . 2009-07-29 12:00 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-07-29 11:32 . 2009-07-29 13:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 11:32 . 2009-07-29 13:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-29 11:12 . 2009-07-29 11:12 -------- d-----w- c:\program files\Trend Micro
2009-07-29 09:03 . 2009-07-29 09:03 -------- d-----w- C:\Downloads
2009-07-28 19:59 . 2009-07-28 19:59 -------- d-----w- c:\programdata\Electronic Arts
2009-07-28 19:55 . 2009-07-29 16:50 -------- d-----w- c:\users\Luca\AppData\Local\Downloaded Installations
2009-07-28 19:55 . 2009-07-28 19:55 -------- d-----w- c:\users\Luca\AppData\Roaming\Leadertech
2009-07-28 19:43 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-07-28 19:43 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-07-28 19:43 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-07-28 19:43 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-07-28 19:43 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-07-28 12:03 . 2009-07-28 12:03 -------- d-----w- c:\program files\free-downloads.net
2009-07-28 12:03 . 2009-07-28 12:03 -------- d-----w- c:\program files\Conduit
2009-07-28 12:03 . 2009-07-28 12:03 -------- d-----w- c:\program files\Alcohol Soft
2009-07-28 10:22 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSXpx86.sys
2009-07-28 10:22 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSvix86.sys
2009-07-28 10:22 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\Scxpx86.dll
2009-07-28 10:22 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSxpx86.dll
2009-07-28 10:22 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSviA64.sys
2009-07-26 20:26 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-26 20:26 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-26 20:26 . 2009-07-26 20:26 -------- d-----w- c:\program files\iPod
2009-07-26 20:26 . 2009-07-26 20:26 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-26 20:26 . 2009-07-26 20:26 -------- d-----w- c:\program files\iTunes
2009-07-26 20:24 . 2009-07-26 20:24 -------- d-----w- c:\program files\QuickTime
2009-07-26 20:20 . 2009-07-26 20:20 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-26 17:25 . 2009-07-26 17:25 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-26 07:05 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 07:05 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 07:05 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-26 07:05 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-26 07:03 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys
2009-07-26 07:03 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys
2009-07-26 07:03 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\Scxpx86.dll
2009-07-26 07:03 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSxpx86.dll
2009-07-26 07:03 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSviA64.sys
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-10 17:32 . 2009-07-28 12:28 -------- d-----w- c:\program files\Any Video Converter
2009-07-10 17:12 . 2009-07-10 17:12 -------- d-----w- c:\users\pc\AppData\Local\Downloaded Installations
2009-07-09 20:51 . 2009-07-27 06:55 85 ----a-w- c:\users\pc\AppData\Local\yoascsy.bat
2009-07-09 15:52 . 2009-07-09 15:52 59992 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.463\English\setup.exe
2009-07-07 17:39 . 2009-07-27 07:08 -------- d-----w- c:\users\pc\AppData\Roaming\Free Download Manager
2009-07-07 17:39 . 2009-07-26 06:59 87 ----a-w- c:\users\pc\AppData\Local\saakyum.bat
2009-07-07 17:39 . 2009-07-07 17:39 -------- d-----w- c:\program files\Free Download Manager
2009-07-06 17:39 . 2009-07-06 17:39 -------- d-----w- c:\program files\WinPcap
2009-07-06 17:33 . 2009-07-29 09:08 -------- d-----w- c:\users\Luca\AppData\Roaming\GetRightToGo
2009-07-05 17:13 . 2009-07-05 17:13 -------- d-----w- c:\users\Luca\AppData\Local\WinZip
2009-07-05 17:12 . 2009-07-05 17:33 -------- d-----w- c:\programdata\WinZip
2009-07-05 14:14 . 2009-07-06 10:05 -------- d-----w- c:\program files\PMsn Paraiso
2009-07-05 13:32 . 2009-07-05 13:37 -------- d-----w- c:\users\Luca\AppData\Roaming\MessengerDiscovery 2
2009-07-05 13:31 . 2009-07-05 13:31 -------- d-----w- c:\users\pc\AppData\Roaming\MessengerDiscovery 2
2009-07-05 13:30 . 2009-07-05 13:30 -------- d-----w- c:\program files\MessengerDiscovery 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 12:48 . 2008-01-21 06:30 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-07-30 12:48 . 2008-01-21 06:30 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-07-30 12:39 . 2009-07-30 08:19 21284 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-30 12:05 . 2009-02-21 22:43 -------- d-----w- c:\programdata\Google Updater
2009-07-29 12:22 . 2008-07-03 12:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-29 12:22 . 2009-04-12 17:12 -------- d-----w- c:\program files\Electronic Arts
2009-07-28 21:12 . 2009-05-02 10:49 -------- d-----w- c:\users\Luca\AppData\Roaming\uTorrent
2009-07-28 19:55 . 2008-07-03 12:54 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-27 06:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-26 20:26 . 2009-02-14 20:29 -------- d-----w- c:\program files\Common Files\Apple
2009-07-26 08:17 . 2009-02-14 20:22 -------- d-----w- c:\programdata\Messenger Plus!
2009-07-26 08:17 . 2009-02-14 19:20 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-21 21:52 . 2009-07-29 08:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 08:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 08:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 08:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-07 18:59 . 2009-03-31 17:15 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-30 14:32 . 2009-01-27 14:03 82720 ----a-w- c:\users\pc\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 17:57 . 2009-02-18 11:49 -------- d-----w- c:\users\Luca\AppData\Roaming\Toshiba
2009-06-28 12:49 . 2009-02-17 13:04 82720 ----a-w- c:\users\Luca\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 11:01 . 2008-07-03 13:32 -------- d-----w- c:\programdata\Microsoft Help
2009-06-24 13:32 . 2009-06-24 13:32 -------- d-----w- c:\program files\PhotoZoom Pro 2
2009-06-18 08:38 . 2009-06-18 08:38 -------- d-----w- c:\users\Luca\AppData\Roaming\GRETECH
2009-06-18 08:37 . 2009-06-18 08:37 -------- d-----w- c:\program files\GRETECH
2009-06-18 08:18 . 2009-06-18 08:18 -------- d-----w- c:\program files\GustoSoft
2009-06-12 11:26 . 2008-07-03 13:34 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 15:50 . 2008-07-03 13:28 -------- d-----w- c:\program files\Google
2009-07-27 07:01 . 2009-02-14 19:38 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-03-10 09:47 2079256 ----a-w- c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-03-10 2079256]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-03-10 2079256]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 148888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-03 29744]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"="c:\windows\System32\Adobe\Shockwave 11\nssstub.exe" [2009-06-01 181624]

c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C05ABE21-84C4-460F-A5FA-EFB2A546A22A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F587C727-0C92-4264-A155-7AB5103887D7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A78F305E-FBCD-482B-B933-48AB3258F0CA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3613387E-871F-4DB5-8755-C71785C99B68}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{EDAF6664-8545-435C-BB49-51CBFC20FE62}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6493AF7D-84B8-48E6-8DE7-82F715F3D952}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1C1AD18C-3B1B-439B-AA0D-194A0CDF8431}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{07256424-3262-4A97-B407-6C3049DACA9F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{70634AB3-FECE-40C7-8ED0-9755FFF1DF70}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1F51A00E-C844-4B88-A614-2DCA2D2E2D66}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [30/03/2009 20.58.27 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [30/03/2009 20.58.27 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [30/03/2009 20.57.56 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSvix86.sys [28/07/2009 12.22.33 293424]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [17/04/2008 0.19.48 40960]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [30/03/2009 20.58.07 115560]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [24/04/2008 10.21.56 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 18.03.52 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29/03/2009 10.00.00 101936]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [03/07/2008 15.13.16 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 16.40.22 3668480]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [24/04/2008 19.35.46 73728]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [30/03/2009 20.58.28 39984]
S2 gupdate1c9e919ce96839e;Servizio di Google Update (gupdate1c9e919ce96839e);c:\program files\Google\Update\GoogleUpdate.exe [09/06/2009 17.48.58 133104]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [03/07/2008 15.29.21 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [29/06/2007 2.01.48 42512]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\System32\drivers\PPJoyBus.sys [23/01/2004 16.33.01 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\System32\drivers\PPortJoy.sys [23/01/2004 16.32.47 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-03 13:50]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 15:48]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 15:48]

2009-07-30 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-06-01 12:52]

2009-07-30 c:\windows\Tasks\User_Feed_Synchronization-{EC894914-72F6-4514-AD9C-106AD4712276}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

2009-07-30 c:\windows\Tasks\User_Feed_Synchronization-{FBCCF160-16FF-4DD0-99AF-41EF98F696EA}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-AliceRV_McciTrayApp - c:\program files\Alice ti aiuta\McciTrayApp.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain ... bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSEA
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/724-44559-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
FF - ProfilePath - c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\lrl00p94.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 14:58
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????7????N??P?T?x?T???T???T??

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-07-30 14.59.54
ComboFix-quarantined-files.txt 2009-07-30 12:59

Pre-Run: 58.300.436.480 byte disponibili
Post-Run: 60.431.396.864 byte disponibili

312 --- E O F --- 2009-07-29 16:59
lucagix
Newbie
 
Post: 5
Iscritto il: 29/07/09 18:17

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi lucagix » 30/07/09 16:22

qualcuno può aiutarmi?
lucagix
Newbie
 
Post: 5
Iscritto il: 29/07/09 18:17

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi Luke57 » 31/07/09 14:06

Ciao, nel report non appaino minacce, non hai risolto il problema? Combofix ha eradicato l'infezione da navipromo.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi lucagix » 31/07/09 15:41

guarda anche io credo di non avere quel maledetto virus
e` che ogni tanto il mio norton se ne esce fuori con l-avviso che ce` questo virus
detto questo dopo il tuo aiuto mi sono convinto che non debba esserci nulla
quindi grazie veramente a tutti per quello che avete fatto, magari anche solo consigliando
davvero grandi :)
lucagix
Newbie
 
Post: 5
Iscritto il: 29/07/09 18:17


Torna a Sicurezza e Privacy


Topic correlati a "TR/Crypt.XPACK.Gen come eliminarlo?":


Chi c’è in linea

Visitano il forum: Nessuno e 68 ospiti