Buongiorno, ho un problema con il PC. Esso infatti è infetto dal trojan TR/Crypt.XPACK.Gen.
Come posso eliminarlo???
Moderatori: m.paolo, kadosh, Luke57
ComboFix 10-09-15.01 - MARCO 16/09/2010 10.12.21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.392 [GMT 2:00]
Eseguito da: c:\documents and settings\MARCO\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\MARCO\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {001300D4-0000-0000-1000-00007454927C}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dati applicazioni\page
c:\documents and settings\All Users\Dati applicazioni\page\page.ico
c:\documents and settings\All Users\Dati applicazioni\page\page.URL
c:\documents and settings\MARCO\AUTORUN.INF
c:\documents and settings\MARCO\Dati applicazioni\inst.exe
c:\programmi\\setup.exe
c:\programmi\Search Settings
c:\programmi\Search Settings\kb128\SeARchsettings.dll
c:\programmi\Search Settings\kb128\SearchSettingsRes409.dll
c:\programmi\Search Settings\SearchSettings.exe
c:\programmi\Setup.exe
c:\windows\system32\Cache
c:\windows\system32\vbzlib1.dll
La copia infetta di c:\windows\system32\midimap.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-08-16 al 2010-09-16 )))))))))))))))))))))))))))))))))))
.
2010-09-16 07:41 . 2010-09-16 07:41 -------- d-----w- C:\VundoFix Backups
2010-09-13 09:19 . 2010-09-13 09:19 -------- d-----w- c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\Electronic_Arts_Inc
2010-09-13 09:18 . 2010-09-13 09:18 -------- d-----w- c:\programmi\Electronic Arts
2010-09-13 09:18 . 2010-09-13 09:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2010-09-13 06:45 . 2010-09-13 06:49 -------- d-----w- C:\xdccMule
2010-09-04 08:08 . 2010-09-04 08:08 -------- d-----w- c:\windows\system32\Adobe
2010-09-02 15:55 . 2010-09-02 15:55 -------- d-----w- c:\documents and settings\MARCO\Dati applicazioni\Planetside Software
2010-09-02 15:07 . 2006-03-03 13:52 -------- d-----w- c:\windows\system32\Mystify
2010-09-02 15:07 . 2006-03-01 03:37 -------- d-----w- c:\windows\system32\Bubbles
2010-09-02 15:07 . 2006-03-01 03:25 -------- d-----w- c:\windows\system32\Ribbons
2010-09-02 15:07 . 2006-03-01 03:25 -------- d-----w- c:\windows\system32\Aurora
2010-09-02 15:00 . 2010-09-02 15:03 -------- d-----w- c:\windows\VISTA_screensaver_XP
2010-09-02 14:55 . 2010-09-02 14:55 65536 ----a-w- c:\windows\IFinst27.exe
2010-09-01 08:17 . 2010-09-01 08:17 -------- d-----w- c:\programmi\Inpaint
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 08:23 . 2009-04-09 17:36 -------- d-----w- c:\documents and settings\MARCO\Dati applicazioni\Orbit
2010-09-16 07:42 . 2010-02-14 18:08 -------- d-----w- c:\documents and settings\MARCO\Dati applicazioni\uTorrent
2010-09-15 08:47 . 2009-04-10 11:07 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-09-13 07:10 . 2009-07-17 08:34 -------- d-----w- c:\programmi\Lphant
2010-09-10 08:53 . 2009-09-07 14:01 -------- d-----w- c:\programmi\COMODO
2010-09-09 17:11 . 2010-07-28 12:53 217428 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-09 17:11 . 2010-07-28 12:53 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-09 17:11 . 2010-07-28 12:53 217428 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-04 09:38 . 2010-02-14 18:09 -------- d-----w- c:\programmi\uTorrent
2010-09-03 14:59 . 2009-03-25 20:15 97904 ----a-w- c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-09-03 14:55 . 2009-12-30 13:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-09-02 17:22 . 2006-04-27 09:15 616726 ----a-w- c:\windows\system32\perfh010.dat
2010-09-02 17:22 . 2006-04-27 09:15 123262 ----a-w- c:\windows\system32\perfc010.dat
2010-09-02 15:55 . 2009-05-27 17:56 -------- d-----w- c:\documents and settings\MARCO\Dati applicazioni\uk.co.planetside
2010-08-20 20:00 . 2009-03-26 17:16 -------- d-----w- c:\programmi\Ashampoo
2010-08-20 19:34 . 2010-08-20 19:34 503808 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-20d5980f-n\msvcp71.dll
2010-08-20 19:34 . 2010-08-20 19:34 499712 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-20d5980f-n\jmc.dll
2010-08-20 19:34 . 2010-08-20 19:34 348160 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-20d5980f-n\msvcr71.dll
2010-08-20 19:33 . 2010-08-20 19:33 61440 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-261a75ad-n\decora-sse.dll
2010-08-20 19:33 . 2010-08-20 19:33 12800 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-261a75ad-n\decora-d3d.dll
2010-08-12 09:42 . 2009-04-10 09:47 -------- d-----w- c:\programmi\Picasa2
2010-08-11 08:28 . 2010-03-23 15:58 -------- d-----w- c:\documents and settings\MARCO\Dati applicazioni\Youtube Downloader HD
2010-08-11 08:05 . 2010-02-16 10:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX
2010-08-11 05:40 . 2010-02-16 10:31 1066936 ----a-w- c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-08-11 05:32 . 2010-02-16 10:31 100280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX\LGMLauncher.exe
2010-08-11 05:14 . 2010-02-16 10:31 106496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2010-08-11 05:14 . 2010-02-16 10:31 524288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-08-10 17:11 . 2010-07-28 09:39 -------- d-----w- c:\programmi\MSECache
2010-08-10 09:23 . 2009-04-10 12:31 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-08-09 10:22 . 2010-02-09 11:17 -------- d-----w- c:\documents and settings\MARCO\Dati applicazioni\TECNOS
2010-08-09 08:21 . 2009-07-27 15:02 -------- d-----w- c:\programmi\TuneUp Utilities 2008
2010-08-06 12:31 . 2006-04-27 09:15 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-08-05 08:59 . 2010-08-05 08:59 3691036 ----a-w- c:\programmi\Youtube Downloader HD.zip
2010-08-05 08:44 . 2010-03-19 11:03 -------- d-----w- c:\programmi\Youtube Downloader HD
2010-08-04 07:30 . 2010-08-04 07:18 -------- d-----w- c:\documents and settings\MARCO\Dati applicazioni\U3
2010-07-30 09:08 . 2010-07-30 08:35 24760920 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Easeware\DriverEasy\drivers\z4jrbumc.i5a\Voodoo_SoundMax_Audio_XP32_5.10.01.6110.exe
2010-07-30 08:35 . 2010-07-30 08:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ralink Driver
2010-07-30 08:30 . 2010-07-28 10:22 27918879 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Easeware\DriverEasy\drivers\j2bdfztb.fhy\IS_AP_STA_RT7x_D-1.3.5.0_VA-3.1.7.0_W7-4.0.3.0_RU-3.1.2.0_AU-3.0.3.0_082409_1.5.4.0_Free.exe
2010-07-28 12:53 . 2010-06-02 18:02 -------- d-----w- c:\programmi\NVIDIA Corporation
2010-07-28 11:32 . 2010-07-28 11:32 503808 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d10f0f7-n\msvcp71.dll
2010-07-28 11:32 . 2010-07-28 11:32 499712 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d10f0f7-n\jmc.dll
2010-07-28 11:32 . 2010-07-28 11:32 348160 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d10f0f7-n\msvcr71.dll
2010-07-28 11:32 . 2010-07-28 11:32 61440 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4599999a-n\decora-sse.dll
2010-07-28 11:32 . 2010-07-28 11:32 12800 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4599999a-n\decora-d3d.dll
2010-07-28 11:14 . 2010-06-03 08:54 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-28 11:14 . 2010-06-03 08:54 214592 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-28 09:51 . 2009-04-09 17:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-07-28 09:50 . 2009-04-09 17:40 -------- d-----w- c:\programmi\Google
2010-07-28 09:36 . 2010-07-28 09:36 -------- d-----w- c:\programmi\Easeware
2010-07-28 09:36 . 2010-07-28 09:35 1627139 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\Easeware\DriverEasy\updates\2.5.0.20920\DriverEasy_Setup.exe
2010-07-26 08:48 . 2010-07-26 07:54 -------- d-----w- c:\programmi\TTVC
2010-07-19 17:56 . 2009-04-01 17:48 1 ----a-w- c:\documents and settings\MARCO\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-19 17:55 . 2010-07-19 17:55 -------- d-----w- c:\programmi\JRE
2010-07-19 17:55 . 2009-03-26 19:18 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-07-19 17:47 . 2009-03-26 19:18 -------- d-----w- c:\programmi\File comuni\Java
2010-07-19 17:47 . 2010-07-19 17:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-19 17:47 . 2009-03-26 19:17 -------- d-----w- c:\programmi\java
2010-07-19 15:45 . 2010-07-19 14:58 -------- d-----w- c:\programmi\CamStudio
2010-07-18 17:12 . 2010-07-18 17:12 -------- d-----w- c:\programmi\Genuitec
2010-07-18 17:12 . 2006-09-19 15:37 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-18 17:03 . 2010-07-18 17:03 -------- d-----w- c:\programmi\Windows Media Components
2010-07-18 17:00 . 2009-04-09 17:36 -------- d-----w- c:\programmi\Orbitdownloader
2010-06-30 12:31 . 2006-04-27 09:15 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-25 14:05 . 2010-06-25 14:05 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-06-24 12:22 . 2006-04-27 09:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-04-27 09:15 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-04-27 09:15 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2008-09-30 17:42 . 2008-09-30 17:42 127852561 -c--a-w- c:\programmi\openofficeorg1.cab
2008-09-30 17:09 . 2008-09-30 17:09 217 ----a-w- c:\programmi\setup.ini
2008-09-30 17:09 . 2008-09-30 17:09 9776640 ----a-w- c:\programmi\openofficeorg30.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\programmi\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\programmi\instmsia.exe
.
------- Sigcheck -------
[7] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-13 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-13 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2006-04-10 . BD11ECE6A5BD592FDDCF9545B4296D17 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-13 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-13 . 6B00176C49AD983527346A0CB3B29BD1 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-13 . 6B00176C49AD983527346A0CB3B29BD1 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-04-10 . BAA0F16E5C5BE20AC531FA7FAF97F80A . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2006-04-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[7] 2008-04-13 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-13 . 3E163C943AC3ECC44826954A579E0F87 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-13 . 3E163C943AC3ECC44826954A579E0F87 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2006-04-10 . FD8AE458F9D47E7819B272A3C15D4DDD . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-03 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-03 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-13 . 889676A942A232F349C9F8177CD9B782 . 1543168 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-13 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-13 . 889676A942A232F349C9F8177CD9B782 . 1543168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2006-04-10 . D009E427DE2E129FF87B03D87F349C73 . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-13 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-13 . 9C53CD8539F65CB380347F6689C8F188 . 1312256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-13 . 9C53CD8539F65CB380347F6689C8F188 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2006-04-10 . E7D73D967D096A22648236469AC4478C . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\ole32.dll
[-] 2005-07-26 . D5622B6D4CD43F2223718820C0A178AD . 1284608 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . FDCB65B500C748D9D36BCCD20156B7C5 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-29 . 7313DD91D93A33472E76D857EE7FFDE8 . 1284608 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-04-28 . 7E958544A86CDB308F849BAB7EC78908 . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-01-14 . 62942407E0568319942E28F9629F7DB8 . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
[-] 2005-01-14 . 1CFD33AAA3238DA1BB0309359E8C1186 . 1284608 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[7] 2008-04-13 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-13 . 7F4C43F75EBF781352DB3B5EF6BF8230 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-13 . 7F4C43F75EBF781352DB3B5EF6BF8230 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-04-10 . 33F14C55448FFA3E9DAE4854CC632D33 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[-] 2006-04-10 . BD55624B7BBB4AE0AAFAAD9D74AB3889 . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\programmi\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-09 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 40448]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2009-09-26 518040]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - c:\programmi\Orbitdownloader\orbitdm.exe [2009-4-9 1809680]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^OfficeSAS.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Orbit.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MARCO^Menu Avvio^Programmi^Esecuzione automatica^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\MARCO\Menu Avvio\Programmi\Esecuzione automatica\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
2008-11-05 11:28 779104 ------w- c:\programmi\Ashampoo\Ashampoo Magical Snap 2\ashsnap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2009-09-26 22:32 83312 ----a-w- c:\programmi\Microsoft Office 2010\Office14\BCSSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 17:14 40448 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:38 1289000 ----a-w- c:\programmi\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-06-07 15:34 13902440 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-06-07 15:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-06-02 22:48 1753192 ----a-w- c:\programmi\NVIDIA Corporation\nView\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
2009-08-22 10:31 5148672 ----a-w- c:\programmi\Rainlendar2\Rainlendar2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 22:35 716800 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 09:11 925696 ----a-w- c:\programmi\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-09 17:40 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrive]
2008-06-15 07:18 253573 ----a-w- c:\windows\vistadrive\Vdrive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMSAccessU"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\wcescomm.exe"
"Vivaty"="c:\programmi\Vivaty\VivatyPlayer\vivaty.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CanonSolutionMenu"=c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
"ehTray"=c:\windows\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SearchSettings"=c:\programmi\Search Settings\SearchSettings.exe
"LanguageShortcut"=c:\programmi\CyberLink\PowerDVD\Language\Language.exe
"CanonMyPrinter"=c:\programmi\Canon\MyPrinter\BJMyPrt.exe /logon
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"YMailAdvisor"="c:\programmi\Yahoo!\Common\YMailAdvisor.exe"
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"B2C_AGENT"=c:\documents and settings\All Users\Dati applicazioni\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\TmNationsForever\\TmForever.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Microsoft Office 2010\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office 2010\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\EA Sports\\FIFA Online\\NFE.exe"=
"c:\\Documents and Settings\\MARCO\\Impostazioni locali\\Dati applicazioni\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 DeviceManager;DeviceManager;c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start --> c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start [?]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 18.33.38 50704]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [30/07/2010 10.36.10 19072]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [07/10/2009 3.44.58 129856]
S2 gupdate1c9b9c158983dae;Servizio di Google Update (gupdate1c9b9c158983dae);c:\programmi\Google\Update\GoogleUpdate.exe [10/04/2009 11.47.17 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [11/02/2010 19.02.55 1527900]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [16/02/2010 12.42.44 16896]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [27/04/2010 18.36.42 30192]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [13/04/2009 19.05.17 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [13/04/2009 19.05.17 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [13/04/2009 19.05.17 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [13/04/2009 19.05.17 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [13/04/2009 19.05.18 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [13/04/2009 19.05.18 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [13/04/2009 19.05.18 109952]
S3 MsDepSvc;Web Deployment Agent Service;c:\programmi\IIS\Microsoft Web Deploy\MsDepSvc.exe [09/09/2009 13.13.26 55176]
S3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 5.28.22 4639136]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14/05/2007 10.26.10 508288]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [15/07/2009 19.07.57 103552]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [11/02/2010 19.02.37 544768]
S3 VL807;VL807 Filter;c:\windows\system32\drivers\VL807.sys [10/04/2009 12.28.54 22400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [07/10/2009 3.44.58 752984]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
2010-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-09 17:18]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-10 09:47]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-10 09:47]
2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1138759736-1952282097-4113721478-1005Core.job
- c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-23 15:46]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1138759736-1952282097-4113721478-1005UA.job
- c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-23 15:46]
2010-09-16 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2010-09-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{7A460552-49E5-4982-B7AE-C6A886FBD971}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2010-09-16 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MI7967~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
Trusted Zone: microsoft.com\www
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-COMODO Internet Security - c:\programmi\COMODO\COMODO Internet Security\cfp.exe
AddRemove-VLC media player - j:\mojopac\Program Files\VLC\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 10:20
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MsDepSvc]
"ImagePath"="\"c:\programmi\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(872)
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\DeviceHelper\DeviceManager.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\RALINK\Common\RaRegistry.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\slmdmsr.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmi\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Ora fine scansione: 2010-09-16 10:29:31 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-09-16 08:29
Pre-Run: 226.975.989.760 byte disponibili
Post-Run: 228.385.607.680 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /TUTag=4NEL72
- - End Of File - - EDE69BEAE1825433B2F8AF38EB11AB23
File infetti:
C:\Programmi\Vistapack XP\Extras\tbar\Tbar.exe (Trojan.Kates) -> Quarantined and deleted successfully.
C:\Documents and Settings\MARCO\Documenti\Lphant\Downloads\Nero Multimedia Suite 10 Full 2010 Final (With Serial)\Nero Multimedia Suite 10 Full 2010 Final (With Serial).rar
[0] Tipo di archivio: RAR
--> Nero-10.0.13100_trial.exe
[1] Tipo di archivio: NSIS
--> [UnknownDir]/Install.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.XPACK.Gen
C:\Documents and Settings\MARCO\Documenti\Lphant\Downloads\Nero Multimedia Suite 10 Full 2010 Final (With Serial)\Nero Multimedia Suite 10 Full 2010 Final (With Serial)\ Nero-10.0.13100_trial.exe
[0] Tipo di archivio: NSIS
--> [UnknownDir]/Install.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.XPACK.Gen
C:\System Volume Information\_restore{759355BB-5B95-4843-AB89-8CC1DAD1AEFB}\RP16\A0015293.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Trash.Gen
excel vba eliminare celle apparentemente vuote Autore: ANTONIO1105 |
Forum: Applicazioni Office Windows Risposte: 3 |
Visitano il forum: Nessuno e 2 ospiti