Condividi:        

TR/Crypt.XPACK.Gen come eliminarlo?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi gahan » 22/01/10 00:30

Ciao Mauri,
dì al tuo amico di fare una scansione con ComboFix seguendo le stesse istruzioni che hai seguito tu e di postarmi il log risultante dalla scansione.
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Sponsor
 

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 22/01/10 10:20

ComboFix 10-01-21.06 - Windows 22/01/2010 9.45.24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.247.121 [GMT 1:00]
Eseguito da: c:\documents and settings\Windows\Desktop\abc.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mswins.sys

.
((((((((((((((((((((((((( Files Creati Da 2009-12-22 al 2010-01-22 )))))))))))))))))))))))))))))))))))
.

2010-01-22 08:33 . 2010-01-22 08:34 -------- d-----w- C:\32788R22FWJFW
2010-01-15 12:09 . 2010-01-15 12:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2010-01-15 12:09 . 2010-01-15 12:09 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\Yahoo!
2010-01-15 12:08 . 2010-01-15 12:09 -------- d-----w- c:\programmi\Yahoo!
2010-01-15 12:04 . 2010-01-15 12:04 -------- d-----w- c:\programmi\Trend Micro
2010-01-14 22:05 . 2010-01-14 22:05 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\Malwarebytes
2010-01-14 22:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 22:05 . 2010-01-14 22:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-14 22:05 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 22:04 . 2010-01-14 22:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 09:07 . 2009-09-26 23:50 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\uTorrent
2010-01-22 07:50 . 2009-12-17 16:43 733184 ----a-w- c:\documents and settings\All Users\Dati applicazioni\4 Curb Loud Idol\Drv Army.exe
2010-01-21 21:07 . 2007-06-12 07:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic
2010-01-15 12:08 . 2007-06-12 08:59 -------- d-----w- c:\programmi\CCleaner
2010-01-14 22:30 . 2009-10-02 08:53 -------- d-----w- c:\documents and settings\Windows\Dati applicazioni\SIZE WEB LOUD
2010-01-14 21:55 . 2009-11-24 16:43 79488 ----a-w- c:\documents and settings\Windows\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-07 15:40 . 2009-11-07 10:17 317695 --sha-w- c:\windows\system32\mswins.DLL
2009-12-17 16:43 . 2009-10-20 16:03 344064 ----a-w- c:\documents and settings\Windows\Dati applicazioni\SIZE WEB LOUD\Barbsetuptime.exe
2009-12-17 16:43 . 2009-10-20 16:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\4 Curb Loud Idol
2009-12-17 16:42 . 2009-12-17 16:42 -------- d-----w- c:\programmi\SIZE WEB LOUD
2009-12-17 16:42 . 2009-10-02 08:53 462848 ----a-w- c:\documents and settings\Windows\Dati applicazioni\SIZE WEB LOUD\drvway.exe
2009-12-10 22:40 . 2009-12-10 22:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-05 00:49 . 2007-06-21 13:56 -------- d-----w- c:\programmi\eMule
2009-11-15 22:45 . 2009-04-10 14:56 1 ----a-w- c:\documents and settings\Windows\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-05 21:26 . 1980-01-01 07:00 71352 ----a-w- c:\windows\system32\perfc010.dat
2009-11-05 21:26 . 1980-01-01 07:00 443872 ----a-w- c:\windows\system32\perfh010.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 12:56 1175944 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2009-09-29 289072]
"LIVE EQ"="c:\docume~2\Windows\DATIAP~1\SIZEWE~1\drvway.exe" [2009-12-17 462848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-23 151552]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-23 90112]
"EssSpkPhone"="essspk.exe" [2001-08-21 49152]
"Impostazioni video HP"="c:\programmi\Hewlett-Packard\HP Display Settings\hpdisply.exe" [2001-07-27 49152]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2001-08-09 94208]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2001-08-09 352256]
"CP4HPOT"="c:\progra~1\HPONE-~1\OneTouch.EXE" [2001-09-27 77824]
"avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"D-Link AirPlus XtremeG Utility"="c:\programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe" [2006-11-20 1728512]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-02-25 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Windows\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-9-5 217088]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-5-31 577597]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R3 {40867A83-9E92-474c-A921-20AA73EAE42F};AIM 3.0 CH-7007;c:\windows\system32\drivers\a303.sys [01/01/1980 8.00.00 26169]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\windows\system32\drivers\vch.sys [01/01/1980 8.00.00 18487]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [21/09/2006 10.19.04 347648]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [02/08/2006 3.17.51 41600]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [02/08/2006 3.17.51 55552]
S3 VDNG;Video to 1394, WDM Video Capture;c:\windows\system32\drivers\Vid21394.sys [02/08/2006 3.23.50 61568]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-22 c:\windows\Tasks\A820FF33918F7567.job
- c:\docume~2\windows\datiap~1\sizewe~1\Barbsetuptime.exe [2009-10-20 16:43]

2010-01-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-09-02 12:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-MsnMsgr - c:\programmi\Windows Live\Messenger\MsnMsgr.Exe
AddRemove-ESSMDM - c:\windows\remvess
AddRemove-PMV - c:\documents and settings\Windows\Desktop\PMV\Uninstall.exe
AddRemove-ShockwaveFlash - c:\windows\System32\Macromed\Flash\UninstFl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 10:06
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000013

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2529006832-975823868-357967339-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
Ora fine scansione: 2010-01-22 10:14:25
ComboFix-quarantined-files.txt 2010-01-22 09:14

Pre-Run: 5.713.473.536 byte disponibili
Post-Run: 6.082.330.624 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 8F0E21CB96E83C5A4E45810E144E3C80
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 22/01/10 11:51

Qui si aprono pagine pubblicitarie con scritta iniziale CiD;www................ a go goooooooooooooooooo !!!
Quando navigo poi mi dice di installare Adobe Flash player installer, autore Adobe System Incorporatede , ogni volta che clicco per aprire nuove pagine di internet .... :-?
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi Luke57 » 22/01/10 12:47

Ciao, vai qui:
http://mondoemule.blogspot.com/2009/05/ ... rojan.html

segui la guida per utilizzare Lop & Sd (fino a fare l'operazione di rimozione files con l'opzione 2), postando poi il report rialsciato.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 22/01/10 13:17

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) III Mobile CPU 866MHz )
BIOS : PhoenixBIOS 4.0 Release 6.0.
USER : Windows ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:18 Go (Free:5 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 22/01/2010|13.07 )

--------------------\\ Listing folders in DATIAP~1

[17/12/2009|17.43] C:\DOCUME~2\ALLUSE~1\DATIAP~1\4 Curb Loud Idol
[09/07/2008|18.37] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Adobe
[21/01/2010|22.07] C:\DOCUME~2\ALLUSE~1\DATIAP~1\AntiVir PersonalEdition Classic
[09/01/2007|11.00] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Autodesk
[09/11/2007|11.00] C:\DOCUME~2\ALLUSE~1\DATIAP~1\BVRP Software
[21/11/2009|01.20] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Google
[14/01/2010|23.05] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Malwarebytes
[27/09/2009|00.23] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Microsoft
[05/09/2008|20.23] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Motive
[10/07/2008|07.19] C:\DOCUME~2\ALLUSE~1\DATIAP~1\NOS
[15/10/2001|05.33] C:\DOCUME~2\ALLUSE~1\DATIAP~1\SBSI
[12/06/2007|14.27] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[10/12/2009|23.40] C:\DOCUME~2\ALLUSE~1\DATIAP~1\TEMP
[13/10/2006|14.58] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[20/10/2008|15.15] C:\DOCUME~2\ALLUSE~1\DATIAP~1\WLInstaller
[15/01/2010|13.41] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Yahoo! Companion
[0|File] C:\DOCUME~2\ALLUSE~1\DATIAP~1\byte
[18|Directory] C:\DOCUME~2\ALLUSE~1\DATIAP~1\byte disponibili

[15/10/2001|05.29] C:\DOCUME~2\DEFAUL~1\DATIAP~1\Adobe
[15/10/2001|05.23] C:\DOCUME~2\DEFAUL~1\DATIAP~1\Identities
[15/10/2001|05.29] C:\DOCUME~2\DEFAUL~1\DATIAP~1\InterTrust
[15/10/2001|05.08] C:\DOCUME~2\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~2\DEFAUL~1\DATIAP~1\byte
[6|Directory] C:\DOCUME~2\DEFAUL~1\DATIAP~1\byte disponibili

[10/12/2009|21.40] C:\DOCUME~2\LOCALS~1\DATIAP~1\Adobe
[15/10/2001|05.08] C:\DOCUME~2\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~2\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~2\LOCALS~1\DATIAP~1\byte disponibili

[15/10/2001|05.08] C:\DOCUME~2\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~2\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~2\NETWOR~1\DATIAP~1\byte disponibili

[15/10/2001|05.23] C:\DOCUME~2\PROPRI~1\DATIAP~1\Identities
[15/10/2001|05.08] C:\DOCUME~2\PROPRI~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~2\PROPRI~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~2\PROPRI~1\DATIAP~1\byte disponibili

[09/07/2008|21.18] C:\DOCUME~2\Windows\DATIAP~1\Adobe
[21/06/2007|14.33] C:\DOCUME~2\Windows\DATIAP~1\AdobeUM
[23/10/2006|08.51] C:\DOCUME~2\Windows\DATIAP~1\Autodesk
[10/10/2009|22.58] C:\DOCUME~2\Windows\DATIAP~1\Convivea
[02/10/2009|12.08] C:\DOCUME~2\Windows\DATIAP~1\DeepBurner
[21/11/2009|01.18] C:\DOCUME~2\Windows\DATIAP~1\Google
[14/07/2007|15.56] C:\DOCUME~2\Windows\DATIAP~1\Help
[15/10/2001|05.23] C:\DOCUME~2\Windows\DATIAP~1\Identities
[09/11/2007|10.52] C:\DOCUME~2\Windows\DATIAP~1\InstallShield
[15/10/2001|05.29] C:\DOCUME~2\Windows\DATIAP~1\InterTrust
[21/09/2006|13.24] C:\DOCUME~2\Windows\DATIAP~1\Macromedia
[14/01/2010|23.05] C:\DOCUME~2\Windows\DATIAP~1\Malwarebytes
[20/10/2006|14.42] C:\DOCUME~2\Windows\DATIAP~1\MechSoft
[28/10/2007|11.12] C:\DOCUME~2\Windows\DATIAP~1\Media Player Classic
[15/11/2009|13.14] C:\DOCUME~2\Windows\DATIAP~1\Microsoft
[05/09/2008|22.15] C:\DOCUME~2\Windows\DATIAP~1\Motive
[10/04/2009|15.51] C:\DOCUME~2\Windows\DATIAP~1\OpenOffice.org
[12/06/2007|08.32] C:\DOCUME~2\Windows\DATIAP~1\Samsung
[14/01/2010|23.30] C:\DOCUME~2\Windows\DATIAP~1\SIZE WEB LOUD
[25/02/2009|18.37] C:\DOCUME~2\Windows\DATIAP~1\Sun
[22/01/2010|13.07] C:\DOCUME~2\Windows\DATIAP~1\uTorrent
[15/01/2010|13.09] C:\DOCUME~2\Windows\DATIAP~1\Yahoo!
[0|File] C:\DOCUME~2\Windows\DATIAP~1\byte
[24|Directory] C:\DOCUME~2\Windows\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[22/01/2010 13.00][--ah-----] C:\WINDOWS\tasks\A820FF33918F7567.job
[22/01/2010 13.01][--a------] C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[22/01/2010 10.14][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 13.00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

( A820FF33918F7567.job )=( c:\docume~2\windows\datiap~1\sizewe~1\Barbsetuptime.exe )

--------------------\\ Listing Folders in C:\Programmi

[05/09/2008|20.28] C:\Programmi\Adobe
[05/09/2008|20.23] C:\Programmi\Alice ti aiuta
[18/01/2009|23.20] C:\Programmi\ANI
[22/01/2010|08.43] C:\Programmi\AntiVir PersonalEdition Classic
[27/09/2009|00.54] C:\Programmi\Ask.com
[02/10/2009|12.27] C:\Programmi\Astonsoft
[15/01/2007|12.16] C:\Programmi\Autodesk
[09/11/2007|10.52] C:\Programmi\Avanquest update
[10/10/2009|22.59] C:\Programmi\Bit Che
[15/01/2010|13.08] C:\Programmi\CCleaner
[05/09/2008|20.22] C:\Programmi\Common Files
[15/10/2001|05.15] C:\Programmi\ComPlus Applications
[05/12/2009|01.49] C:\Programmi\eMule
[22/01/2010|09.53] C:\Programmi\File comuni
[21/11/2009|09.17] C:\Programmi\Google
[15/10/2001|05.25] C:\Programmi\Hewlett-Packard
[15/10/2001|05.27] C:\Programmi\HP
[15/10/2001|05.27] C:\Programmi\HP One-Touch
[18/01/2009|23.20] C:\Programmi\InstallShield Installation Information
[12/06/2007|09.48] C:\Programmi\Internet Explorer
[02/08/2006|03.12] C:\Programmi\InterVideo
[10/04/2009|14.29] C:\Programmi\Java
[10/04/2009|14.31] C:\Programmi\JRE
[12/06/2007|14.39] C:\Programmi\K-Lite Codec Pack
[14/01/2010|23.05] C:\Programmi\Malwarebytes' Anti-Malware
[12/06/2007|09.53] C:\Programmi\Messenger
[12/06/2007|08.31] C:\Programmi\Microsoft ActiveSync
[15/10/2001|05.18] C:\Programmi\microsoft frontpage
[04/12/2006|18.01] C:\Programmi\Microsoft Office
[08/06/2008|13.53] C:\Programmi\Microsoft SQL Server
[04/12/2006|18.00] C:\Programmi\Microsoft Visual Studio
[04/12/2006|18.00] C:\Programmi\Microsoft Works
[15/06/2008|14.40] C:\Programmi\Microsoft WSE
[04/12/2006|17.58] C:\Programmi\Microsoft.NET
[05/09/2008|20.22] C:\Programmi\Motive
[09/11/2007|10.55] C:\Programmi\Motorola Phone Tools
[13/10/2006|16.09] C:\Programmi\Movie Maker
[15/10/2001|05.14] C:\Programmi\MSN
[15/10/2001|05.14] C:\Programmi\MSN Gaming Zone
[12/06/2007|09.43] C:\Programmi\MSXML 4.0
[13/10/2006|16.05] C:\Programmi\NetMeeting
[10/07/2008|07.19] C:\Programmi\NOS
[10/04/2009|14.31] C:\Programmi\OpenOffice.org 3
[12/06/2007|07.58] C:\Programmi\OptOS
[12/06/2007|09.39] C:\Programmi\Outlook Express
[02/03/2008|22.44] C:\Programmi\PokerStars
[27/09/2009|00.28] C:\Programmi\PokerStars.NET
[15/10/2001|05.28] C:\Programmi\SBApps
[15/10/2001|05.14] C:\Programmi\Servizi in linea
[17/12/2009|17.42] C:\Programmi\SIZE WEB LOUD
[12/06/2007|13.52] C:\Programmi\Spybot - Search & Destroy
[15/10/2001|05.26] C:\Programmi\Synaptics
[17/11/2008|11.40] C:\Programmi\Telecom Italia
[15/01/2010|13.04] C:\Programmi\Trend Micro
[19/10/2006|08.34] C:\Programmi\Uninstall Information
[27/09/2009|20.59] C:\Programmi\uTorrent
[13/10/2006|11.44] C:\Programmi\WIDCOMM
[27/09/2009|00.23] C:\Programmi\Windows Live
[12/06/2007|14.30] C:\Programmi\Windows Media Player
[13/10/2006|16.05] C:\Programmi\Windows NT
[13/10/2006|14.51] C:\Programmi\WindowsUpdate
[02/06/2008|10.19] C:\Programmi\WinRAR
[18/01/2009|23.19] C:\Programmi\Wireless USB adapter Alice G-132
[15/10/2001|05.18] C:\Programmi\xerox
[15/01/2010|13.09] C:\Programmi\Yahoo!
[0|File] C:\Programmi\byte
[67|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[09/07/2008|18.34] C:\Programmi\File comuni\Adobe
[09/01/2007|11.00] C:\Programmi\File comuni\Autodesk Shared
[09/01/2007|11.00] C:\Programmi\File comuni\Designer
[17/11/2008|11.43] C:\Programmi\File comuni\InstallShield
[10/04/2009|14.25] C:\Programmi\File comuni\Java
[04/12/2006|18.05] C:\Programmi\File comuni\Microsoft Shared
[05/09/2008|20.23] C:\Programmi\File comuni\Motive
[15/10/2001|05.16] C:\Programmi\File comuni\MSSoap
[15/10/2001|05.08] C:\Programmi\File comuni\ODBC
[15/10/2001|05.16] C:\Programmi\File comuni\Services
[15/10/2001|05.08] C:\Programmi\File comuni\SpeechEngines
[12/06/2007|09.39] C:\Programmi\File comuni\System
[20/10/2008|15.20] C:\Programmi\File comuni\WindowsLiveInstaller
[0|File] C:\Programmi\File comuni\byte
[15|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 40 Processes )

iexplore.exe ~ [PID:4084]
iexplore.exe ~ [PID:2576]
iexplore.exe ~ [PID:2616]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~2\ALLUSE~1\DATIAP~1\4 Curb Loud Idol
C:\DOCUME~2\ALLUSE~1\DATIAP~1\4 Curb Loud Idol\Drv Army.dat
C:\DOCUME~2\ALLUSE~1\DATIAP~1\4 Curb Loud Idol\Drv Army.exe
C:\DOCUME~2\Windows\DATIAP~1\sizewe~1
C:\DOCUME~2\Windows\DATIAP~1\sizewe~1\Barbsetuptime.exe
C:\DOCUME~2\Windows\DATIAP~1\sizewe~1\bgbpwbrh.exe
C:\DOCUME~2\Windows\DATIAP~1\sizewe~1\dibklmah.exe
C:\DOCUME~2\Windows\DATIAP~1\sizewe~1\drvway.exe
C:\Programmi\sizewe~1
C:\DOCUME~2\Windows\Cookies\windows@www.adserver5[1].txt
C:\DOCUME~2\Windows\Cookies\windows@adultfriendfinder[1].txt
C:\DOCUME~2\Windows\Cookies\windows@ads.adultadvertising[1].txt
C:\DOCUME~2\Windows\Cookies\windows@advertising[2].txt
C:\DOCUME~2\Windows\Cookies\windows@bigpoint[2].txt
C:\DOCUME~2\Windows\Cookies\windows@deepolis.bigpoint[1].txt
C:\DOCUME~2\Windows\Cookies\windows@adopt.euroclick[2].txt
C:\DOCUME~2\Windows\Cookies\windows@partypoker[2].txt
C:\WINDOWS\Tasks\A820FF33918F7567.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sendsoftwarestore]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~2\\Windows\\DATIAP~1\\SIZEWE~1\\drvway.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LIVE EQ"="C:\\DOCUME~2\\Windows\\DATIAP~1\\SIZEWE~1\\drvway.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 13:11:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~2\Windows\Desktop\MAME 32\roms\cracksht.zip


[F:1][D:0]-> C:\DOCUME~2\Windows\IMPOST~1\Temp
[F:1127][D:0]-> C:\DOCUME~2\Windows\Cookies
[F:1594][D:20]-> C:\DOCUME~2\Windows\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 22/01/2010|13.14 - Option : [1]

--------------------\\ Scan completed at 13.14.45
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 22/01/10 13:25

Ho postato il log.
Ora sto provando ad eseguire l'operazione con il tasto 2, ma nella finestra che mi si è aperta con sfondo colore rosso bordeaux denominata Lop S&D Scan Completed at 13.14.45 ..... quando premo il tasto 2 dove il cursore mi lampeggia non riesce a scrivermi nessun numero e nessuna lettera ....
Cosa devo fare ?
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi Luke57 » 22/01/10 13:48

Ciao, chiudi il programa, riavvialo ed esegui l'opzione n.2.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 22/01/10 14:35

Riprovato esattamente stesso problema di sopra.
Dalla finestra rossa bordeaux dove lampeggia il cursore non mi dà nessun numero, nè lettera che premo dalla mia tastiera :cry:
Non mi prende nè il numero 2, nè nessun altro numero che digito dalla mia tastiera... :cry:
Mi arriva fino al risultato finale, ma non mi va avanti !
che devo fare ????
riprovo ancora ?
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 22/01/10 14:47

Intanto ho provato per la terza volta... ma niente !!! :cry:
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 22/01/10 16:47

provato per la quarta volta in lingua francese......
stesso problema ..... :cry:
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 23/01/10 11:03

Eccolo. Ora che faccio ???


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) III Mobile CPU 866MHz )
BIOS : PhoenixBIOS 4.0 Release 6.0.
USER : Windows ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:18 Go (Free:5 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 23/01/2010|10.53 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~2\ALLUSE~1\DATIAP~1\4 Curb Loud Idol\Drv Army.dat
Deleted! - C:\DOCUME~2\ALLUSE~1\DATIAP~1\4 Curb Loud Idol\Drv Army.exe
Deleted! - C:\DOCUME~2\Windows\DATIAP~1\sizewe~1\Barbsetuptime.exe
Deleted! - C:\DOCUME~2\Windows\DATIAP~1\sizewe~1\bgbpwbrh.exe
Deleted! - C:\DOCUME~2\Windows\DATIAP~1\sizewe~1\dibklmah.exe
Deleted! - C:\DOCUME~2\Windows\DATIAP~1\sizewe~1\drvway.exe
Deleted! - C:\DOCUME~2\Windows\Cookies\windows@www.adserver5[1].txt
Deleted! - C:\DOCUME~2\Windows\Cookies\windows@adultfriendfinder[1].txt
Deleted! - C:\DOCUME~2\Windows\Cookies\windows@ads.adultadvertising[1].txt
Deleted! - C:\DOCUME~2\Windows\Cookies\windows@advertising[2].txt
Deleted! - C:\DOCUME~2\Windows\Cookies\windows@bigpoint[2].txt
Deleted! - C:\DOCUME~2\Windows\Cookies\windows@deepolis.bigpoint[1].txt
Deleted! - C:\DOCUME~2\Windows\Cookies\windows@adopt.euroclick[2].txt
Deleted! - C:\DOCUME~2\Windows\Cookies\windows@partypoker[2].txt
Deleted! - C:\WINDOWS\Tasks\A820FF33918F7567.job
Deleted! - C:\DOCUME~2\ALLUSE~1\DATIAP~1\4 Curb Loud Idol
Deleted! - C:\DOCUME~2\Windows\DATIAP~1\sizewe~1
Deleted! - C:\Programmi\sizewe~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[09/07/2008|18.37] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Adobe
[22/01/2010|22.07] C:\DOCUME~2\ALLUSE~1\DATIAP~1\AntiVir PersonalEdition Classic
[09/01/2007|11.00] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Autodesk
[09/11/2007|11.00] C:\DOCUME~2\ALLUSE~1\DATIAP~1\BVRP Software
[21/11/2009|01.20] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Google
[14/01/2010|23.05] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Malwarebytes
[27/09/2009|00.23] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Microsoft
[05/09/2008|20.23] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Motive
[10/07/2008|07.19] C:\DOCUME~2\ALLUSE~1\DATIAP~1\NOS
[15/10/2001|05.33] C:\DOCUME~2\ALLUSE~1\DATIAP~1\SBSI
[12/06/2007|14.27] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[10/12/2009|23.40] C:\DOCUME~2\ALLUSE~1\DATIAP~1\TEMP
[13/10/2006|14.58] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[20/10/2008|15.15] C:\DOCUME~2\ALLUSE~1\DATIAP~1\WLInstaller
[15/01/2010|13.41] C:\DOCUME~2\ALLUSE~1\DATIAP~1\Yahoo! Companion
[0|File] C:\DOCUME~2\ALLUSE~1\DATIAP~1\byte
[17|Directory] C:\DOCUME~2\ALLUSE~1\DATIAP~1\byte disponibili

[15/10/2001|05.29] C:\DOCUME~2\DEFAUL~1\DATIAP~1\Adobe
[15/10/2001|05.23] C:\DOCUME~2\DEFAUL~1\DATIAP~1\Identities
[15/10/2001|05.29] C:\DOCUME~2\DEFAUL~1\DATIAP~1\InterTrust
[15/10/2001|05.08] C:\DOCUME~2\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~2\DEFAUL~1\DATIAP~1\byte
[6|Directory] C:\DOCUME~2\DEFAUL~1\DATIAP~1\byte disponibili

[10/12/2009|21.40] C:\DOCUME~2\LOCALS~1\DATIAP~1\Adobe
[15/10/2001|05.08] C:\DOCUME~2\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~2\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~2\LOCALS~1\DATIAP~1\byte disponibili

[15/10/2001|05.08] C:\DOCUME~2\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~2\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~2\NETWOR~1\DATIAP~1\byte disponibili

[15/10/2001|05.23] C:\DOCUME~2\PROPRI~1\DATIAP~1\Identities
[15/10/2001|05.08] C:\DOCUME~2\PROPRI~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~2\PROPRI~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~2\PROPRI~1\DATIAP~1\byte disponibili

[09/07/2008|21.18] C:\DOCUME~2\Windows\DATIAP~1\Adobe
[21/06/2007|14.33] C:\DOCUME~2\Windows\DATIAP~1\AdobeUM
[23/10/2006|08.51] C:\DOCUME~2\Windows\DATIAP~1\Autodesk
[10/10/2009|22.58] C:\DOCUME~2\Windows\DATIAP~1\Convivea
[02/10/2009|12.08] C:\DOCUME~2\Windows\DATIAP~1\DeepBurner
[21/11/2009|01.18] C:\DOCUME~2\Windows\DATIAP~1\Google
[14/07/2007|15.56] C:\DOCUME~2\Windows\DATIAP~1\Help
[15/10/2001|05.23] C:\DOCUME~2\Windows\DATIAP~1\Identities
[09/11/2007|10.52] C:\DOCUME~2\Windows\DATIAP~1\InstallShield
[15/10/2001|05.29] C:\DOCUME~2\Windows\DATIAP~1\InterTrust
[21/09/2006|13.24] C:\DOCUME~2\Windows\DATIAP~1\Macromedia
[14/01/2010|23.05] C:\DOCUME~2\Windows\DATIAP~1\Malwarebytes
[20/10/2006|14.42] C:\DOCUME~2\Windows\DATIAP~1\MechSoft
[28/10/2007|11.12] C:\DOCUME~2\Windows\DATIAP~1\Media Player Classic
[15/11/2009|13.14] C:\DOCUME~2\Windows\DATIAP~1\Microsoft
[05/09/2008|22.15] C:\DOCUME~2\Windows\DATIAP~1\Motive
[10/04/2009|15.51] C:\DOCUME~2\Windows\DATIAP~1\OpenOffice.org
[12/06/2007|08.32] C:\DOCUME~2\Windows\DATIAP~1\Samsung
[25/02/2009|18.37] C:\DOCUME~2\Windows\DATIAP~1\Sun
[23/01/2010|10.54] C:\DOCUME~2\Windows\DATIAP~1\uTorrent
[15/01/2010|13.09] C:\DOCUME~2\Windows\DATIAP~1\Yahoo!
[0|File] C:\DOCUME~2\Windows\DATIAP~1\byte
[23|Directory] C:\DOCUME~2\Windows\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[23/01/2010 10.01][--a------] C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[23/01/2010 09.18][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 13.00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[05/09/2008|20.28] C:\Programmi\Adobe
[05/09/2008|20.23] C:\Programmi\Alice ti aiuta
[18/01/2009|23.20] C:\Programmi\ANI
[23/01/2010|09.17] C:\Programmi\AntiVir PersonalEdition Classic
[27/09/2009|00.54] C:\Programmi\Ask.com
[02/10/2009|12.27] C:\Programmi\Astonsoft
[15/01/2007|12.16] C:\Programmi\Autodesk
[09/11/2007|10.52] C:\Programmi\Avanquest update
[10/10/2009|22.59] C:\Programmi\Bit Che
[15/01/2010|13.08] C:\Programmi\CCleaner
[05/09/2008|20.22] C:\Programmi\Common Files
[15/10/2001|05.15] C:\Programmi\ComPlus Applications
[05/12/2009|01.49] C:\Programmi\eMule
[22/01/2010|09.53] C:\Programmi\File comuni
[21/11/2009|09.17] C:\Programmi\Google
[15/10/2001|05.25] C:\Programmi\Hewlett-Packard
[15/10/2001|05.27] C:\Programmi\HP
[15/10/2001|05.27] C:\Programmi\HP One-Touch
[18/01/2009|23.20] C:\Programmi\InstallShield Installation Information
[12/06/2007|09.48] C:\Programmi\Internet Explorer
[02/08/2006|03.12] C:\Programmi\InterVideo
[10/04/2009|14.29] C:\Programmi\Java
[10/04/2009|14.31] C:\Programmi\JRE
[12/06/2007|14.39] C:\Programmi\K-Lite Codec Pack
[14/01/2010|23.05] C:\Programmi\Malwarebytes' Anti-Malware
[12/06/2007|09.53] C:\Programmi\Messenger
[12/06/2007|08.31] C:\Programmi\Microsoft ActiveSync
[15/10/2001|05.18] C:\Programmi\microsoft frontpage
[04/12/2006|18.01] C:\Programmi\Microsoft Office
[08/06/2008|13.53] C:\Programmi\Microsoft SQL Server
[04/12/2006|18.00] C:\Programmi\Microsoft Visual Studio
[04/12/2006|18.00] C:\Programmi\Microsoft Works
[15/06/2008|14.40] C:\Programmi\Microsoft WSE
[04/12/2006|17.58] C:\Programmi\Microsoft.NET
[05/09/2008|20.22] C:\Programmi\Motive
[09/11/2007|10.55] C:\Programmi\Motorola Phone Tools
[13/10/2006|16.09] C:\Programmi\Movie Maker
[15/10/2001|05.14] C:\Programmi\MSN
[15/10/2001|05.14] C:\Programmi\MSN Gaming Zone
[12/06/2007|09.43] C:\Programmi\MSXML 4.0
[13/10/2006|16.05] C:\Programmi\NetMeeting
[10/07/2008|07.19] C:\Programmi\NOS
[10/04/2009|14.31] C:\Programmi\OpenOffice.org 3
[12/06/2007|07.58] C:\Programmi\OptOS
[12/06/2007|09.39] C:\Programmi\Outlook Express
[02/03/2008|22.44] C:\Programmi\PokerStars
[27/09/2009|00.28] C:\Programmi\PokerStars.NET
[15/10/2001|05.28] C:\Programmi\SBApps
[15/10/2001|05.14] C:\Programmi\Servizi in linea
[12/06/2007|13.52] C:\Programmi\Spybot - Search & Destroy
[15/10/2001|05.26] C:\Programmi\Synaptics
[17/11/2008|11.40] C:\Programmi\Telecom Italia
[15/01/2010|13.04] C:\Programmi\Trend Micro
[19/10/2006|08.34] C:\Programmi\Uninstall Information
[27/09/2009|20.59] C:\Programmi\uTorrent
[13/10/2006|11.44] C:\Programmi\WIDCOMM
[27/09/2009|00.23] C:\Programmi\Windows Live
[12/06/2007|14.30] C:\Programmi\Windows Media Player
[13/10/2006|16.05] C:\Programmi\Windows NT
[13/10/2006|14.51] C:\Programmi\WindowsUpdate
[02/06/2008|10.19] C:\Programmi\WinRAR
[18/01/2009|23.19] C:\Programmi\Wireless USB adapter Alice G-132
[15/10/2001|05.18] C:\Programmi\xerox
[15/01/2010|13.09] C:\Programmi\Yahoo!
[0|File] C:\Programmi\byte
[66|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[09/07/2008|18.34] C:\Programmi\File comuni\Adobe
[09/01/2007|11.00] C:\Programmi\File comuni\Autodesk Shared
[09/01/2007|11.00] C:\Programmi\File comuni\Designer
[17/11/2008|11.43] C:\Programmi\File comuni\InstallShield
[10/04/2009|14.25] C:\Programmi\File comuni\Java
[04/12/2006|18.05] C:\Programmi\File comuni\Microsoft Shared
[05/09/2008|20.23] C:\Programmi\File comuni\Motive
[15/10/2001|05.16] C:\Programmi\File comuni\MSSoap
[15/10/2001|05.08] C:\Programmi\File comuni\ODBC
[15/10/2001|05.16] C:\Programmi\File comuni\Services
[15/10/2001|05.08] C:\Programmi\File comuni\SpeechEngines
[12/06/2007|09.39] C:\Programmi\File comuni\System
[20/10/2008|15.20] C:\Programmi\File comuni\WindowsLiveInstaller
[0|File] C:\Programmi\File comuni\byte
[15|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 36 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 10:56:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~2\Windows\Desktop\MAME 32\roms\cracksht.zip


[F:2][D:1]-> C:\DOCUME~2\Windows\IMPOST~1\Temp
[F:1138][D:0]-> C:\DOCUME~2\Windows\Cookies
[F:3504][D:20]-> C:\DOCUME~2\Windows\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 22/01/2010|13.14 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 22/01/2010|14.25 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - 22/01/2010|14.43 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - 22/01/2010|15.14 - Option : [1]
5 - "C:\Lop SD\LopR_5.txt" - 22/01/2010|15.24 - Option : [1]
6 - "C:\Lop SD\LopR_6.txt" - 23/01/2010|10.51 - Option : [1]
7 - "C:\Lop SD\LopR_7.txt" - 23/01/2010|10.58 - Option : [2]

--------------------\\ Scan completed at 10.58.01
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 23/01/10 11:45

Raga ora ho notato due cose:
CID non mi si apre più.
L'unica cosa è che quando navigo ogni volta che passo ad una pagina successiva, mi si apre una finestra con scritto:
Internet Explorer avviso di protezione
Nome: Adobe Flasher Player installer
Autore: Adobe Systems Incorporated
Installare Non installare
il computer non mi va avanti finchè non scelgo un' opzione che chiaramente per me è non installare....
però ad ogni passaggio è una grossa perdita di tempo....
cosa mi consigliate ??
Grazie a tutti !
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi gahan » 23/01/10 12:11

Ciao,
molto probabilmente necessiti del flash player. Vai sul sito Adobe e installa l'ultima versione del player:

http://www.adobe.com/go/getflashplayer_it
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 24/01/10 16:26

Ora sembra tutto ok !
Grazie ancora gahan !!!! ;)
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 26/01/10 17:41

Ragazzi chi mi puòà controllare il computer della mia ragazza che mi dice
essere molto rallentato e non sa se ha beccato qualche virus ??
Intanto vi posto un pò di log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.39.07, on 26/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\PowerKey.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\OSD.exe
C:\Programmi\Launch Manager\CtrlVol.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\Programmi\Acer\Wireless\Utility\Wlan11ag.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\mswinvks.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\mswinvks.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mswinvks.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AcerWirelessManager] C:\Programmi\Acer\Wireless\Utility\Wlan11ag.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 1420098671
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3705518796
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9406804265
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 7746 bytes
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 26/01/10 19:37

Malwarebytes' Anti-Malware 1.44
Versione del database: 3640
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/01/2010 19.25.32
mbam-log-2010-01-26 (19-25-32).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 180876
Tempo trascorso: 1 hour(s), 30 minute(s), 7 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Elementi dato del registro infetti: 4
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi gahan » 26/01/10 19:40

Ciao,
apri hijackthis, spunta ed elimina (fix checked) queste voci (se sono ancora presenti)

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\mswinvks.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\mswinvks.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

In seguito esegui Combofix
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 26/01/10 20:03

Non riesco a scaricare combofix, perchè mi dice che ho un antivirus nel desktop che intralcia il lavoro di combofix..
Io nell' icona in basso a destra l'ho disattivato avira, nel desktop ho sempre Avira Antivirus Control Center, ma se clicco con il tasto destro del mouse mi si apre la finestra con proprietà, apri, .....
cosa devo fare ??
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi gahan » 26/01/10 20:08

quando lo scarichi rinominalo abc.exe e vedi se te lo salva.
Clicca su start --> esegui --> nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\abc.exe" /killall

per far partire la scansione
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: TR/Crypt.XPACK.Gen come eliminarlo?

Postdi mauri1974 » 26/01/10 20:14

Il problema è che non riesco ad arrivare a salvarlo nel file..
Comunque ho provato a spegnerlo e riaccenderlo e già non mi compare più una finestra
che mi chiedeva che il percorso per C:/..... e mi chiedeva di scegliere TROVA.....
Ora l'unica cosa è che mi copare
windows live messanger
che sinceramente non voglio e che non trovo nel pannello di controllo tra i programmi installati, che è
causa di perdite di tempo....
che dici di fare tra combofix e windows live messanger ??
Grazie ancora Gahan !
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "TR/Crypt.XPACK.Gen come eliminarlo?":


Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti