Infection de pc
Fermé
treviso
Messages postés
865
Date d'inscription
dimanche 17 août 2008
Statut
Membre
Dernière intervention
9 janvier 2011
-
12 févr. 2010 à 20:12
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 13 févr. 2010 à 05:55
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 13 févr. 2010 à 05:55
A voir également:
- Infection de pc
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Whatsapp pc - Télécharger - Messagerie
- Plus de son sur mon pc - Guide
6 réponses
treviso
Messages postés
865
Date d'inscription
dimanche 17 août 2008
Statut
Membre
Dernière intervention
9 janvier 2011
124
12 févr. 2010 à 20:13
12 févr. 2010 à 20:13
Logfile of random's system information tool 1.06 (written by random/random)
Run by kebe salam at 2010-02-12 20:04:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 138 GB (91%) free of 153 GB
Total RAM: 2943 MB (82% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\User_Feed_Synchronization-{F3C1AD9E-10B9-4F66-9514-24D2274D92B9}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{425E30F0-CCC6-4E24-BBEB-BCBD31720B37}]
SPEEDBIT1 Class - C:\Programmi\SpeedBit Toolbar\Toolbar\SpeedBit.dll [2009-08-14 2598896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Guida per l'accesso a Windows Live - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1056498-D09A-41E4-864B-505EDD640D9E}]
SBCONVERT Class - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll [2009-08-14 2498056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-24 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-30 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-24 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d22b76bb-abbd-4eb6-9bbb-f387bf27f76b}]
P2P Max IT Toolbar - C:\Programmi\P2P_Max_IT\tbP2P0.dll [2009-11-27 2166296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programmi\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Programmi\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-29 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}]
GrabberObj Class - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll [2009-08-14 198232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar con blocco Pop-Up - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - P2P Max IT Toolbar - C:\Programmi\P2P_Max_IT\tbP2P0.dll [2009-11-27 2166296]
{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - SpeedBit Video Downloader - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll [2009-08-14 2498056]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-24 256112]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Programmi\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
Locked
{E9FAB13D-4600-49E1-90D1-EE961C859D39} - HopSurf toolbar - C:\Programmi\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll [2010-02-12 1122496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe [2009-12-29 155648]
"GrooveMonitor"=C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SMSERIAL"=C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-29 638976]
"Adobe Reader Speed Launcher"=C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HP Software Update"=C:\Programmi\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"ISUSScheduler"=C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"SunJavaUpdateSched"=C:\Programmi\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"MobileConnect"=C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-07-04 2072576]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"COMODO Internet Security"=C:\Programmi\COMODO\COMODO Internet Security\cfp.exe [2010-02-12 1800464]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-29 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"MsnMsgr"=C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"MSMSGS"=C:\Programmi\Messenger\msmsgs.exe [2008-04-14 1695232]
"Auslogics BoostSpeed 4"=C:\Programmi\Auslogics\Auslogics BoostSpeed\boostspeed.exe [2009-01-24 361584]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe
PowerMenu.lnk - C:\Programmi\PowerMenu\PowerMenu.exe
C:\Documents and Settings\kebe salam\Menu Avvio\Programmi\Esecuzione automatica
Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-03-14 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoVisualStyleChoice"=0
"NoColorChoice"=0
"NoSizeChoice"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoSMConfigurePrograms"=1
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE"="C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Modulo di esecuzione DLL come applicazioni"
"C:\Programmi\Java\jre6\bin\javaw.exe"="C:\Programmi\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe"="C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Programmi\HP\Digital Imaging\Bin\hpqste08.exe"="C:\Programmi\HP\Digital Imaging\Bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b134ab5e-17f9-11df-aa05-0019dbc4b333}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b134ab5f-17f9-11df-aa05-0019dbc4b333}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence
======List of files/folders created in the last 1 months======
2010-02-12 20:04:47 ----D---- C:\rsit
2010-02-12 01:47:15 ----D---- C:\Documents and Settings\kebe salam\Dati applicazioni\Comodo
2010-02-12 01:47:01 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Comodo
2010-02-12 01:46:57 ----A---- C:\WINDOWS\system32\guard32.dll
2010-02-12 01:46:53 ----D---- C:\Programmi\COMODO
2010-02-12 01:03:35 ----D---- C:\WINDOWS\Prefetch
2010-02-12 00:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-02-12 00:53:25 ----A---- C:\WINDOWS\003123_.tmp
2010-02-12 00:51:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-11 23:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2010-02-11 23:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-02-11 23:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-11 23:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-11 23:29:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-11 23:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-11 23:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-11 23:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-11 22:07:27 ----D---- C:\Programmi\Navilog1
2010-02-11 22:06:12 ----RASHD---- C:\autorun.inf
2010-02-03 11:28:41 ----D---- C:\Programmi\Microsoft Office Outlook Connector
2010-01-14 22:10:00 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Vodafone
2010-01-14 22:09:54 ----D---- C:\Programmi\Vodafone
======List of files/folders modified in the last 1 months======
2010-02-12 20:03:31 ----D---- C:\WINDOWS\Temp
2010-02-12 20:03:31 ----D---- C:\WINDOWS
2010-02-12 20:00:45 ----SHD---- C:\WINDOWS\Installer
2010-02-12 20:00:44 ----HD---- C:\Config.Msi
2010-02-12 19:56:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 19:51:16 ----D---- C:\WINDOWS\system32\drivers
2010-02-12 19:11:12 ----RSD---- C:\WINDOWS\Fonts
2010-02-12 19:10:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-12 18:12:10 ----AC---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2010-02-12 18:11:36 ----HD---- C:\WINDOWS\inf
2010-02-12 13:23:25 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-12 13:08:18 ----D---- C:\Programmi\Mozilla Firefox
2010-02-12 13:04:18 ----D---- C:\Programmi\Malwarebytes' Anti-Malware
2010-02-12 13:04:11 ----SD---- C:\WINDOWS\Tasks
2010-02-12 07:25:54 ----RD---- C:\Programmi
2010-02-12 07:13:48 ----D---- C:\Programmi\MPSI
2010-02-12 01:46:57 ----D---- C:\WINDOWS\system32
2010-02-12 01:42:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-12 01:42:17 ----D---- C:\WINDOWS\system32\config
2010-02-12 01:35:27 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-12 01:35:23 ----D---- C:\WINDOWS\Help
2010-02-12 01:31:05 ----D---- C:\WINDOWS\Debug
2010-02-12 01:20:58 ----D---- C:\Programmi\Internet Explorer
2010-02-12 01:19:06 ----HDC---- C:\WINDOWS\ie8
2010-02-12 01:18:10 ----D---- C:\WINDOWS\system32\it-it
2010-02-12 01:02:58 ----D---- C:\WINDOWS\system32\Setup
2010-02-12 01:02:57 ----D---- C:\WINDOWS\system32\wbem
2010-02-12 01:02:57 ----D---- C:\WINDOWS\AppPatch
2010-02-12 00:59:20 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-12 00:57:54 ----D---- C:\Programmi\Messenger
2010-02-12 00:57:51 ----D---- C:\Programmi\Windows Media Player
2010-02-12 00:57:41 ----D---- C:\WINDOWS\ime
2010-02-12 00:57:32 ----D---- C:\WINDOWS\PeerNet
2010-02-12 00:57:32 ----D---- C:\Programmi\Movie Maker
2010-02-12 00:56:10 ----D---- C:\WINDOWS\system32\Restore
2010-02-12 00:56:10 ----D---- C:\WINDOWS\system32\npp
2010-02-12 00:56:09 ----D---- C:\WINDOWS\msagent
2010-02-12 00:56:08 ----D---- C:\WINDOWS\srchasst
2010-02-12 00:56:08 ----D---- C:\Programmi\NetMeeting
2010-02-12 00:56:07 ----D---- C:\WINDOWS\system32\Com
2010-02-12 00:56:04 ----D---- C:\Programmi\Windows NT
2010-02-12 00:56:04 ----D---- C:\Programmi\Outlook Express
2010-02-12 00:56:02 ----D---- C:\Programmi\File comuni\System
2010-02-12 00:55:48 ----D---- C:\WINDOWS\system32\oobe
2010-02-12 00:55:47 ----D---- C:\WINDOWS\system32\usmt
2010-02-12 00:55:47 ----D---- C:\WINDOWS\system
2010-02-12 00:53:34 ----D---- C:\WINDOWS\security
2010-02-12 00:51:30 ----D---- C:\WINDOWS\EHome
2010-02-12 00:48:36 ----A---- C:\AUTOEXEC.BAT
2010-02-12 00:06:32 ----D---- C:\Documents and Settings\kebe salam\Dati applicazioni\HPAppData
2010-02-11 22:56:58 ----D---- C:\Programmi\VS Revo Group
2010-02-11 22:47:34 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2010-02-11 22:34:39 ----D---- C:\Programmi\TeamViewer
2010-02-11 22:06:09 ----SHD---- C:\RECYCLER
2010-02-10 21:23:31 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2010-02-10 21:20:08 ----AC---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-02-05 21:08:12 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-02-05 20:43:44 ----SD---- C:\Documents and Settings\kebe salam\Dati applicazioni\Microsoft
2010-02-03 20:04:36 ----D---- C:\Programmi\Microsoft Silverlight
2010-02-03 13:13:42 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-03 13:13:17 ----RSD---- C:\WINDOWS\assembly
2010-02-03 11:26:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-03 11:25:33 ----D---- C:\Programmi\Windows Live
2010-02-03 11:23:54 ----D---- C:\WINDOWS\system32\DirectX
2010-01-25 21:05:17 ----AC---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2010-01-19 12:02:36 ----HD---- C:\$AVG8.VAULT$
2010-01-14 21:24:42 ----AC---- C:\WINDOWS\WirelessCard.INI
2010-01-14 21:04:04 ----D---- C:\Programmi\ma-config.com
2010-01-14 21:04:04 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\ma-config.com
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Driver del processore AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-12 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-02-12 25160]
R1 WS2IFSL;Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-14 1972736]
R3 HDAudBus;Driver bus UAA Microsoft per High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 MODEMCSA;Periferica filtro flusso Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-01-29 984832]
R3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Driver miniport per controller open host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 bsusbser;PHD USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\bsusbser.sys [2008-01-23 99456]
S3 catchme;catchme; \??\C:\DOCUME~1\KEBESA~1\IMPOST~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Driver scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-14 446464]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe [2010-02-12 723632]
R2 hpqddsvc;Servizio di rilevamento dispositivi HP CUE; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmi\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programmi\File comuni\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 SeaPort;SeaPort; C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 UPHClean;User Profile Hive Cleanup; C:\Programmi\UPHClean\uphclean.exe [2005-04-27 241725]
R2 VMCService;Vodafone Mobile Connect Service; C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 NMIndexingService;NMIndexingService; C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Servizio Windows Live Family Safety; C:\Programmi\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-24 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 WMPNetworkSvc;Servizio di condivisione in rete Windows Media Player; C:\Programmi\Windows Media Player\WMPNetwk.exe [2006-11-02 918528]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by kebe salam at 2010-02-12 20:04:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 138 GB (91%) free of 153 GB
Total RAM: 2943 MB (82% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\User_Feed_Synchronization-{F3C1AD9E-10B9-4F66-9514-24D2274D92B9}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{425E30F0-CCC6-4E24-BBEB-BCBD31720B37}]
SPEEDBIT1 Class - C:\Programmi\SpeedBit Toolbar\Toolbar\SpeedBit.dll [2009-08-14 2598896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Guida per l'accesso a Windows Live - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1056498-D09A-41E4-864B-505EDD640D9E}]
SBCONVERT Class - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll [2009-08-14 2498056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-24 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-30 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-24 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d22b76bb-abbd-4eb6-9bbb-f387bf27f76b}]
P2P Max IT Toolbar - C:\Programmi\P2P_Max_IT\tbP2P0.dll [2009-11-27 2166296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programmi\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Programmi\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-29 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}]
GrabberObj Class - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll [2009-08-14 198232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar con blocco Pop-Up - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - P2P Max IT Toolbar - C:\Programmi\P2P_Max_IT\tbP2P0.dll [2009-11-27 2166296]
{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - SpeedBit Video Downloader - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll [2009-08-14 2498056]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-24 256112]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Programmi\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
Locked
{E9FAB13D-4600-49E1-90D1-EE961C859D39} - HopSurf toolbar - C:\Programmi\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll [2010-02-12 1122496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe [2009-12-29 155648]
"GrooveMonitor"=C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SMSERIAL"=C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-29 638976]
"Adobe Reader Speed Launcher"=C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HP Software Update"=C:\Programmi\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"ISUSScheduler"=C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"SunJavaUpdateSched"=C:\Programmi\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"MobileConnect"=C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-07-04 2072576]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"COMODO Internet Security"=C:\Programmi\COMODO\COMODO Internet Security\cfp.exe [2010-02-12 1800464]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-29 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"MsnMsgr"=C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"MSMSGS"=C:\Programmi\Messenger\msmsgs.exe [2008-04-14 1695232]
"Auslogics BoostSpeed 4"=C:\Programmi\Auslogics\Auslogics BoostSpeed\boostspeed.exe [2009-01-24 361584]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe
PowerMenu.lnk - C:\Programmi\PowerMenu\PowerMenu.exe
C:\Documents and Settings\kebe salam\Menu Avvio\Programmi\Esecuzione automatica
Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-03-14 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoVisualStyleChoice"=0
"NoColorChoice"=0
"NoSizeChoice"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoSMConfigurePrograms"=1
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE"="C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Modulo di esecuzione DLL come applicazioni"
"C:\Programmi\Java\jre6\bin\javaw.exe"="C:\Programmi\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe"="C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Programmi\HP\Digital Imaging\Bin\hpqste08.exe"="C:\Programmi\HP\Digital Imaging\Bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b134ab5e-17f9-11df-aa05-0019dbc4b333}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b134ab5f-17f9-11df-aa05-0019dbc4b333}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence
======List of files/folders created in the last 1 months======
2010-02-12 20:04:47 ----D---- C:\rsit
2010-02-12 01:47:15 ----D---- C:\Documents and Settings\kebe salam\Dati applicazioni\Comodo
2010-02-12 01:47:01 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Comodo
2010-02-12 01:46:57 ----A---- C:\WINDOWS\system32\guard32.dll
2010-02-12 01:46:53 ----D---- C:\Programmi\COMODO
2010-02-12 01:03:35 ----D---- C:\WINDOWS\Prefetch
2010-02-12 00:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-02-12 00:53:25 ----A---- C:\WINDOWS\003123_.tmp
2010-02-12 00:51:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-11 23:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2010-02-11 23:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-02-11 23:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-11 23:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-11 23:29:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-11 23:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-11 23:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-11 23:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-11 22:07:27 ----D---- C:\Programmi\Navilog1
2010-02-11 22:06:12 ----RASHD---- C:\autorun.inf
2010-02-03 11:28:41 ----D---- C:\Programmi\Microsoft Office Outlook Connector
2010-01-14 22:10:00 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Vodafone
2010-01-14 22:09:54 ----D---- C:\Programmi\Vodafone
======List of files/folders modified in the last 1 months======
2010-02-12 20:03:31 ----D---- C:\WINDOWS\Temp
2010-02-12 20:03:31 ----D---- C:\WINDOWS
2010-02-12 20:00:45 ----SHD---- C:\WINDOWS\Installer
2010-02-12 20:00:44 ----HD---- C:\Config.Msi
2010-02-12 19:56:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 19:51:16 ----D---- C:\WINDOWS\system32\drivers
2010-02-12 19:11:12 ----RSD---- C:\WINDOWS\Fonts
2010-02-12 19:10:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-12 18:12:10 ----AC---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2010-02-12 18:11:36 ----HD---- C:\WINDOWS\inf
2010-02-12 13:23:25 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-12 13:08:18 ----D---- C:\Programmi\Mozilla Firefox
2010-02-12 13:04:18 ----D---- C:\Programmi\Malwarebytes' Anti-Malware
2010-02-12 13:04:11 ----SD---- C:\WINDOWS\Tasks
2010-02-12 07:25:54 ----RD---- C:\Programmi
2010-02-12 07:13:48 ----D---- C:\Programmi\MPSI
2010-02-12 01:46:57 ----D---- C:\WINDOWS\system32
2010-02-12 01:42:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-12 01:42:17 ----D---- C:\WINDOWS\system32\config
2010-02-12 01:35:27 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-12 01:35:23 ----D---- C:\WINDOWS\Help
2010-02-12 01:31:05 ----D---- C:\WINDOWS\Debug
2010-02-12 01:20:58 ----D---- C:\Programmi\Internet Explorer
2010-02-12 01:19:06 ----HDC---- C:\WINDOWS\ie8
2010-02-12 01:18:10 ----D---- C:\WINDOWS\system32\it-it
2010-02-12 01:02:58 ----D---- C:\WINDOWS\system32\Setup
2010-02-12 01:02:57 ----D---- C:\WINDOWS\system32\wbem
2010-02-12 01:02:57 ----D---- C:\WINDOWS\AppPatch
2010-02-12 00:59:20 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-12 00:57:54 ----D---- C:\Programmi\Messenger
2010-02-12 00:57:51 ----D---- C:\Programmi\Windows Media Player
2010-02-12 00:57:41 ----D---- C:\WINDOWS\ime
2010-02-12 00:57:32 ----D---- C:\WINDOWS\PeerNet
2010-02-12 00:57:32 ----D---- C:\Programmi\Movie Maker
2010-02-12 00:56:10 ----D---- C:\WINDOWS\system32\Restore
2010-02-12 00:56:10 ----D---- C:\WINDOWS\system32\npp
2010-02-12 00:56:09 ----D---- C:\WINDOWS\msagent
2010-02-12 00:56:08 ----D---- C:\WINDOWS\srchasst
2010-02-12 00:56:08 ----D---- C:\Programmi\NetMeeting
2010-02-12 00:56:07 ----D---- C:\WINDOWS\system32\Com
2010-02-12 00:56:04 ----D---- C:\Programmi\Windows NT
2010-02-12 00:56:04 ----D---- C:\Programmi\Outlook Express
2010-02-12 00:56:02 ----D---- C:\Programmi\File comuni\System
2010-02-12 00:55:48 ----D---- C:\WINDOWS\system32\oobe
2010-02-12 00:55:47 ----D---- C:\WINDOWS\system32\usmt
2010-02-12 00:55:47 ----D---- C:\WINDOWS\system
2010-02-12 00:53:34 ----D---- C:\WINDOWS\security
2010-02-12 00:51:30 ----D---- C:\WINDOWS\EHome
2010-02-12 00:48:36 ----A---- C:\AUTOEXEC.BAT
2010-02-12 00:06:32 ----D---- C:\Documents and Settings\kebe salam\Dati applicazioni\HPAppData
2010-02-11 22:56:58 ----D---- C:\Programmi\VS Revo Group
2010-02-11 22:47:34 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2010-02-11 22:34:39 ----D---- C:\Programmi\TeamViewer
2010-02-11 22:06:09 ----SHD---- C:\RECYCLER
2010-02-10 21:23:31 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2010-02-10 21:20:08 ----AC---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-02-05 21:08:12 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-02-05 20:43:44 ----SD---- C:\Documents and Settings\kebe salam\Dati applicazioni\Microsoft
2010-02-03 20:04:36 ----D---- C:\Programmi\Microsoft Silverlight
2010-02-03 13:13:42 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-03 13:13:17 ----RSD---- C:\WINDOWS\assembly
2010-02-03 11:26:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-03 11:25:33 ----D---- C:\Programmi\Windows Live
2010-02-03 11:23:54 ----D---- C:\WINDOWS\system32\DirectX
2010-01-25 21:05:17 ----AC---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2010-01-19 12:02:36 ----HD---- C:\$AVG8.VAULT$
2010-01-14 21:24:42 ----AC---- C:\WINDOWS\WirelessCard.INI
2010-01-14 21:04:04 ----D---- C:\Programmi\ma-config.com
2010-01-14 21:04:04 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\ma-config.com
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Driver del processore AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-12 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-02-12 25160]
R1 WS2IFSL;Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-14 1972736]
R3 HDAudBus;Driver bus UAA Microsoft per High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 MODEMCSA;Periferica filtro flusso Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-01-29 984832]
R3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Driver miniport per controller open host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 bsusbser;PHD USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\bsusbser.sys [2008-01-23 99456]
S3 catchme;catchme; \??\C:\DOCUME~1\KEBESA~1\IMPOST~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Driver scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-14 446464]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe [2010-02-12 723632]
R2 hpqddsvc;Servizio di rilevamento dispositivi HP CUE; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmi\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programmi\File comuni\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 SeaPort;SeaPort; C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 UPHClean;User Profile Hive Cleanup; C:\Programmi\UPHClean\uphclean.exe [2005-04-27 241725]
R2 VMCService;Vodafone Mobile Connect Service; C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 NMIndexingService;NMIndexingService; C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Servizio Windows Live Family Safety; C:\Programmi\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-24 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 WMPNetworkSvc;Servizio di condivisione in rete Windows Media Player; C:\Programmi\Windows Media Player\WMPNetwk.exe [2006-11-02 918528]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
12 févr. 2010 à 20:18
12 févr. 2010 à 20:18
je t'avais ouvert un sujet mais tu n'as pas compris apparement...
1)
télécharges Hijackthis
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
Lancer HijackThis en double-cliquant sur l'icône du logiciel
Au menu principal, cliquer sur Do a system Scan only and Save a Logfile
Un rapport sera alors généré dans un fichier bloc-notes, il sera situé dans le dossier désinfection initialement créé pour l'installation.
Postes le ici
..................
2)
Téléchargez USBFIX de El Desaparecido, C_xx
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097
/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur le bureau .
• Choisir l'option2 suppression
(d’autres options disponibles, voir le tutoriel).
• Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal.
Si un message te demande de redémarrer l'ordinateur fais le ...
● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.
● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097
Il est enregistré sur ton bureau.
Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.
1)
télécharges Hijackthis
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
Lancer HijackThis en double-cliquant sur l'icône du logiciel
Au menu principal, cliquer sur Do a system Scan only and Save a Logfile
Un rapport sera alors généré dans un fichier bloc-notes, il sera situé dans le dossier désinfection initialement créé pour l'installation.
Postes le ici
..................
2)
Téléchargez USBFIX de El Desaparecido, C_xx
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097
/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur le bureau .
• Choisir l'option2 suppression
(d’autres options disponibles, voir le tutoriel).
• Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal.
Si un message te demande de redémarrer l'ordinateur fais le ...
● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.
● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097
Il est enregistré sur ton bureau.
Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.
treviso
Messages postés
865
Date d'inscription
dimanche 17 août 2008
Statut
Membre
Dernière intervention
9 janvier 2011
124
12 févr. 2010 à 20:27
12 févr. 2010 à 20:27
vraiment.tu m'excuses.....................
treviso
Messages postés
865
Date d'inscription
dimanche 17 août 2008
Statut
Membre
Dernière intervention
9 janvier 2011
124
12 févr. 2010 à 20:36
12 févr. 2010 à 20:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.34.21, on 12/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UPHClean\uphclean.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Auslogics\Auslogics BoostSpeed\boostspeed.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe
C:\Programmi\PowerMenu\PowerMenu.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Programmi\SpeedBit Toolbar\Toolbar\SpeedBit.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: P2P Max IT Toolbar - {d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - C:\Programmi\P2P_Max_IT\tbP2P0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: P2P Max IT Toolbar - {d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - C:\Programmi\P2P_Max_IT\tbP2P0.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Programmi\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Programmi\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe
O4 - Global Startup: PowerMenu.lnk = C:\Programmi\PowerMenu\PowerMenu.exe
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Programmi\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {76023B57-57C3-4985-AF81-1BF7EC68ABDF} (ACActiveX.MyUserControl) - https://217.220.21.246/italy/ActiveX/ACActiveX.ocx
O16 - DPF: {8C254311-8E82-4031-A00A-8C8102B1BBD5} (ACCL.ACV) - https://217.220.21.246/italy/ActiveX/ACCL.cab
O16 - DPF: {8DD07946-0293-4EFA-A1AA-7633B436E907} (ACCAIT.MainClass) - https://217.220.21.246/italy/ActiveX/ACCAIT.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
Scan saved at 20.34.21, on 12/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UPHClean\uphclean.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Auslogics\Auslogics BoostSpeed\boostspeed.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe
C:\Programmi\PowerMenu\PowerMenu.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Programmi\SpeedBit Toolbar\Toolbar\SpeedBit.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: P2P Max IT Toolbar - {d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - C:\Programmi\P2P_Max_IT\tbP2P0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: P2P Max IT Toolbar - {d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - C:\Programmi\P2P_Max_IT\tbP2P0.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Programmi\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Programmi\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe
O4 - Global Startup: PowerMenu.lnk = C:\Programmi\PowerMenu\PowerMenu.exe
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Programmi\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {76023B57-57C3-4985-AF81-1BF7EC68ABDF} (ACActiveX.MyUserControl) - https://217.220.21.246/italy/ActiveX/ACActiveX.ocx
O16 - DPF: {8C254311-8E82-4031-A00A-8C8102B1BBD5} (ACCL.ACV) - https://217.220.21.246/italy/ActiveX/ACCL.cab
O16 - DPF: {8DD07946-0293-4EFA-A1AA-7633B436E907} (ACCAIT.MainClass) - https://217.220.21.246/italy/ActiveX/ACCAIT.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
12 févr. 2010 à 20:41
12 févr. 2010 à 20:41
apres avoir fait usbfix comme indiqué au dessus
Téléchargez MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
Téléchargez MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
13 févr. 2010 à 05:55
13 févr. 2010 à 05:55
c'est ici qu'il faut poster les rapports, je le fais pour toi donc
et dis moi où en sont tes soucis, comment vas le pc ?
############################# | UsbFix V6.083 |
User : kebe salam (Administrators) # KEBE-AC9B0ABAF1
Update on 30/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 20.41.51 | 12/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : COMODO Antivirus 3.9 [ (!) Disabled | Updated ]
FW : COMODO Firewall[ (!) Disabled ]3.9
A:\ -> Disco floppy, 3,5 pollici
C:\ -> Disco rigido locale # 149,04 Go (135,08 Go free) # NTFS
D:\ -> Disco CD-ROM
E:\ -> Disco CD-ROM # 61,33 Mo (0 Mo free) [Vodafone MCInsta] # CDFS
F:\ -> Disco rimovibile
G:\ -> Disco rimovibile
H:\ -> Disco rimovibile
I:\ -> Disco rimovibile
J:\ -> Disco rimovibile # 1,84 Go (1,84 Go free) # FAT
K:\ -> Disco rimovibile # 1,87 Go (910,56 Mo free) [UDISK] # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 664
C:\WINDOWS\system32\csrss.exe 728
C:\WINDOWS\system32\winlogon.exe 756
C:\WINDOWS\system32\services.exe 800
C:\WINDOWS\system32\lsass.exe 812
C:\WINDOWS\system32\Ati2evxx.exe 968
C:\WINDOWS\system32\svchost.exe 1000
C:\WINDOWS\system32\svchost.exe 1064
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe 1112
C:\WINDOWS\system32\svchost.exe 1140
C:\WINDOWS\system32\svchost.exe 1268
C:\WINDOWS\system32\svchost.exe 1292
C:\WINDOWS\system32\logonui.exe 1304
C:\WINDOWS\system32\Ati2evxx.exe 1336
C:\WINDOWS\System32\svchost.exe 1384
C:\WINDOWS\system32\spoolsv.exe 1516
C:\WINDOWS\system32\svchost.exe 1704
C:\Programmi\Java\jre6\bin\jqs.exe 1724
C:\WINDOWS\system32\userinit.exe 1768
C:\Programmi\File comuni\LightScribe\LSSrvc.exe 1840
C:\WINDOWS\Explorer.EXE 1860
C:\WINDOWS\System32\svchost.exe 1896
C:\WINDOWS\System32\svchost.exe 1920
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1940
C:\WINDOWS\system32\svchost.exe 2016
C:\Programmi\UPHClean\uphclean.exe 140
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe 308
C:\WINDOWS\system32\wbem\wmiprvse.exe 124
C:\WINDOWS\system32\wuauclt.exe 1236
################## | Elements infectieux |
Supprimé ! C:\Recycler\S-1-5-21-2000478354-1417001333-839522115-1004
Non supprimé ! E:\helper.exe
Non supprimé ! E:\autorun.inf
Supprimé ! K:\log.txt
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{b134ab5e-17f9-11df-aa05-0019dbc4b333}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[12/02/2010 00.48|--a------|4] C:\AUTOEXEC.BAT
[01/01/2002 00.40|---hs----|223] C:\boot.ini
[02/03/2006 13.00|-rahs----|4952] C:\Bootfont.bin
[28/06/2008 23.04|--a------|0] C:\CONFIG.SYS
[28/06/2008 23.04|-rahs----|0] C:\IO.SYS
[28/06/2008 23.04|-rahs----|0] C:\MSDOS.SYS
[02/03/2006 13.00|-rahs----|47564] C:\NTDETECT.COM
[12/10/2008 21.30|-rahs----|251600] C:\ntldr
[?|?|?] C:\pagefile.sys
[12/02/2010 20.44|--a------|3110] C:\UsbFix.txt
[18/07/2009 15.21|--a------|450] C:\WUTransactionsList.csv
[07/07/2008 21.46|-r-------|113] E:\Autorun.inf
[05/07/2008 07.23|-r-------|39716715] E:\helper.exe
[08/07/2008 03.27|-r-------|327680] E:\setup_vmc_lite.exe
[18/01/2010 23.43|--a------|4179293] K:\everest_2.20_fr(2).exe
[18/01/2010 23.50|--a------|244758] K:\Report.htm
[19/01/2010 01.40|--a------|16409960] K:\spybotsd162.exe
[16/01/2010 21.50|--a------|2798206] K:\xion_v1.0b125(4).exe
[16/01/2010 21.26|--a------|3357024] K:\ccsetup227.exe
[16/01/2010 22.40|--a------|806401] K:\speedswitchxp_speedswitchxp_1.52_allemand_66498.exe
[19/01/2010 08.26|--a------|40603920] K:\CIS_Setup_3.13.125662.579_XP_Vista_x32.exe
[20/01/2010 16.17|--a------|156815352] K:\OOo_3.1.1_Win32Intel_install_wJRE_it.exe
[20/01/2010 08.13|--a------|11164696] K:\dap93_bros.exe
[20/01/2010 06.41|--a------|1114576] K:\revosetup.exe
[22/01/2010 01.52|--a------|25823304] K:\wmp11-windowsxp-x86-it-it.exe
[21/01/2010 23.56|--a------|66659] K:\17979_220262242998_771912998_2963114_1263012_n.jpg
[07/02/2010 18.19|--a------|34119] K:\17979_220320932998_771912998_2963499_3494289_n.jpg
[22/01/2010 11.24|--a------|79245136] K:\9-11_legacy_xp32-64_dd_ccc(2).exe
[21/01/2010 06.39|--a------|7906312] K:\Firefox Setup 3.5.7.exe
[23/01/2010 00.59|--a------|18734784] K:\WDM_A406.exe
[22/01/2010 22.24|--a------|2875520] K:\MaConfig_4_0_1_3.exe
[23/01/2010 14.23|--a------|3762464] K:\rcsetup134.exe
[23/01/2010 17.28|--a------|1162056] K:\wlsetup-custom.exe
[31/01/2010 04.18|--a------|34291200] K:\eav_nt32_fra.msi
[31/01/2010 19.04|--a------|144765768] K:\wlsetup-all.exe
[31/01/2010 19.12|--a------|2420544] K:\TeamViewer_Host_Setup.exe
[16/01/2010 21.49|--a------|2798206] K:\XION_V1.0B125(3).EXE
[07/02/2010 18.18|--a------|47795] K:\17476_1255126951831_1639305345_613809_2727564_n.jpg
[31/01/2010 09.08|--a------|1262986] K:\AD-R.exe
[31/01/2010 09.01|--a------|228116] K:\Navilog1.exe
[31/01/2010 09.07|--a------|1481255] K:\UsbFix.exe
[30/01/2010 11.01|--a------|781909] K:\RSIT.exe
[31/01/2010 09.00|--a------|781909] K:\RSIT(2).exe
[30/01/2010 10.39|--a------|1090530] K:\Setup.exe
[11/02/2010 23.23|--a------|1578758] K:\List_Killem_Install.exe
[11/02/2010 23.46|--a------|21444] K:\info.txt
[12/02/2010 00.30|--a------|16968544] K:\IE8-WindowsXP-x86-ITA.exe
[12/02/2010 19.40|--a------|781909] K:\RSIT(3).exe
[12/02/2010 20.30|--a------|812344] K:\HJTInstall.exe
[12/02/2010 20.34|--a------|11240] K:\hijackthis.log
[12/02/2010 20.41|--a------|1496] K:\BOOTEX.LOG
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# K:\autorun.inf -> Dossier créé par UsbFix.
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_KEBE-AC9B0ABAF1.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.083 ! |
...........................................
Malwarebytes' Anti-Malware 1.44
Versione del database: 3729
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/02/2010 21.51.28
mbam-log-2010-02-12 (21-51-21).txt
Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Elementi scansionati: 180103
Tempo trascorso: 50 minute(s), 1 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 11
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006600.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006601.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006602.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006603.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006604.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006605.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006606.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006607.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006608.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006609.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006610.dll (Trojan.Exploit) -> No action taken.
et dis moi où en sont tes soucis, comment vas le pc ?
############################# | UsbFix V6.083 |
User : kebe salam (Administrators) # KEBE-AC9B0ABAF1
Update on 30/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 20.41.51 | 12/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : COMODO Antivirus 3.9 [ (!) Disabled | Updated ]
FW : COMODO Firewall[ (!) Disabled ]3.9
A:\ -> Disco floppy, 3,5 pollici
C:\ -> Disco rigido locale # 149,04 Go (135,08 Go free) # NTFS
D:\ -> Disco CD-ROM
E:\ -> Disco CD-ROM # 61,33 Mo (0 Mo free) [Vodafone MCInsta] # CDFS
F:\ -> Disco rimovibile
G:\ -> Disco rimovibile
H:\ -> Disco rimovibile
I:\ -> Disco rimovibile
J:\ -> Disco rimovibile # 1,84 Go (1,84 Go free) # FAT
K:\ -> Disco rimovibile # 1,87 Go (910,56 Mo free) [UDISK] # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 664
C:\WINDOWS\system32\csrss.exe 728
C:\WINDOWS\system32\winlogon.exe 756
C:\WINDOWS\system32\services.exe 800
C:\WINDOWS\system32\lsass.exe 812
C:\WINDOWS\system32\Ati2evxx.exe 968
C:\WINDOWS\system32\svchost.exe 1000
C:\WINDOWS\system32\svchost.exe 1064
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe 1112
C:\WINDOWS\system32\svchost.exe 1140
C:\WINDOWS\system32\svchost.exe 1268
C:\WINDOWS\system32\svchost.exe 1292
C:\WINDOWS\system32\logonui.exe 1304
C:\WINDOWS\system32\Ati2evxx.exe 1336
C:\WINDOWS\System32\svchost.exe 1384
C:\WINDOWS\system32\spoolsv.exe 1516
C:\WINDOWS\system32\svchost.exe 1704
C:\Programmi\Java\jre6\bin\jqs.exe 1724
C:\WINDOWS\system32\userinit.exe 1768
C:\Programmi\File comuni\LightScribe\LSSrvc.exe 1840
C:\WINDOWS\Explorer.EXE 1860
C:\WINDOWS\System32\svchost.exe 1896
C:\WINDOWS\System32\svchost.exe 1920
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1940
C:\WINDOWS\system32\svchost.exe 2016
C:\Programmi\UPHClean\uphclean.exe 140
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe 308
C:\WINDOWS\system32\wbem\wmiprvse.exe 124
C:\WINDOWS\system32\wuauclt.exe 1236
################## | Elements infectieux |
Supprimé ! C:\Recycler\S-1-5-21-2000478354-1417001333-839522115-1004
Non supprimé ! E:\helper.exe
Non supprimé ! E:\autorun.inf
Supprimé ! K:\log.txt
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{b134ab5e-17f9-11df-aa05-0019dbc4b333}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[12/02/2010 00.48|--a------|4] C:\AUTOEXEC.BAT
[01/01/2002 00.40|---hs----|223] C:\boot.ini
[02/03/2006 13.00|-rahs----|4952] C:\Bootfont.bin
[28/06/2008 23.04|--a------|0] C:\CONFIG.SYS
[28/06/2008 23.04|-rahs----|0] C:\IO.SYS
[28/06/2008 23.04|-rahs----|0] C:\MSDOS.SYS
[02/03/2006 13.00|-rahs----|47564] C:\NTDETECT.COM
[12/10/2008 21.30|-rahs----|251600] C:\ntldr
[?|?|?] C:\pagefile.sys
[12/02/2010 20.44|--a------|3110] C:\UsbFix.txt
[18/07/2009 15.21|--a------|450] C:\WUTransactionsList.csv
[07/07/2008 21.46|-r-------|113] E:\Autorun.inf
[05/07/2008 07.23|-r-------|39716715] E:\helper.exe
[08/07/2008 03.27|-r-------|327680] E:\setup_vmc_lite.exe
[18/01/2010 23.43|--a------|4179293] K:\everest_2.20_fr(2).exe
[18/01/2010 23.50|--a------|244758] K:\Report.htm
[19/01/2010 01.40|--a------|16409960] K:\spybotsd162.exe
[16/01/2010 21.50|--a------|2798206] K:\xion_v1.0b125(4).exe
[16/01/2010 21.26|--a------|3357024] K:\ccsetup227.exe
[16/01/2010 22.40|--a------|806401] K:\speedswitchxp_speedswitchxp_1.52_allemand_66498.exe
[19/01/2010 08.26|--a------|40603920] K:\CIS_Setup_3.13.125662.579_XP_Vista_x32.exe
[20/01/2010 16.17|--a------|156815352] K:\OOo_3.1.1_Win32Intel_install_wJRE_it.exe
[20/01/2010 08.13|--a------|11164696] K:\dap93_bros.exe
[20/01/2010 06.41|--a------|1114576] K:\revosetup.exe
[22/01/2010 01.52|--a------|25823304] K:\wmp11-windowsxp-x86-it-it.exe
[21/01/2010 23.56|--a------|66659] K:\17979_220262242998_771912998_2963114_1263012_n.jpg
[07/02/2010 18.19|--a------|34119] K:\17979_220320932998_771912998_2963499_3494289_n.jpg
[22/01/2010 11.24|--a------|79245136] K:\9-11_legacy_xp32-64_dd_ccc(2).exe
[21/01/2010 06.39|--a------|7906312] K:\Firefox Setup 3.5.7.exe
[23/01/2010 00.59|--a------|18734784] K:\WDM_A406.exe
[22/01/2010 22.24|--a------|2875520] K:\MaConfig_4_0_1_3.exe
[23/01/2010 14.23|--a------|3762464] K:\rcsetup134.exe
[23/01/2010 17.28|--a------|1162056] K:\wlsetup-custom.exe
[31/01/2010 04.18|--a------|34291200] K:\eav_nt32_fra.msi
[31/01/2010 19.04|--a------|144765768] K:\wlsetup-all.exe
[31/01/2010 19.12|--a------|2420544] K:\TeamViewer_Host_Setup.exe
[16/01/2010 21.49|--a------|2798206] K:\XION_V1.0B125(3).EXE
[07/02/2010 18.18|--a------|47795] K:\17476_1255126951831_1639305345_613809_2727564_n.jpg
[31/01/2010 09.08|--a------|1262986] K:\AD-R.exe
[31/01/2010 09.01|--a------|228116] K:\Navilog1.exe
[31/01/2010 09.07|--a------|1481255] K:\UsbFix.exe
[30/01/2010 11.01|--a------|781909] K:\RSIT.exe
[31/01/2010 09.00|--a------|781909] K:\RSIT(2).exe
[30/01/2010 10.39|--a------|1090530] K:\Setup.exe
[11/02/2010 23.23|--a------|1578758] K:\List_Killem_Install.exe
[11/02/2010 23.46|--a------|21444] K:\info.txt
[12/02/2010 00.30|--a------|16968544] K:\IE8-WindowsXP-x86-ITA.exe
[12/02/2010 19.40|--a------|781909] K:\RSIT(3).exe
[12/02/2010 20.30|--a------|812344] K:\HJTInstall.exe
[12/02/2010 20.34|--a------|11240] K:\hijackthis.log
[12/02/2010 20.41|--a------|1496] K:\BOOTEX.LOG
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# K:\autorun.inf -> Dossier créé par UsbFix.
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_KEBE-AC9B0ABAF1.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.083 ! |
...........................................
Malwarebytes' Anti-Malware 1.44
Versione del database: 3729
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/02/2010 21.51.28
mbam-log-2010-02-12 (21-51-21).txt
Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Elementi scansionati: 180103
Tempo trascorso: 50 minute(s), 1 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 11
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006600.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006601.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006602.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006603.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006604.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006605.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006606.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006607.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006608.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006609.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006610.dll (Trojan.Exploit) -> No action taken.