Trojan TR/Mondera.64512

Résolu
Mairea -  
 mairea -
Bonjour et merci pour l'aide che vous pourrez me donner

ca le problem:

Avira Antivir trouvé pluseurs instances:

C:\WINDOWS\system32\fccyaATK.dll
Is the Trojan horse TR/Mondera.64512
Deny access

et une istance in ouverture

RUNDLL
Errore durante il caricamento di C:\WINDOWS\system\urrurixh.dll
Impossibile trovare il modulo specificato

(mon PC a SO langue italien)

J'ai fait des scan soit in mode sans éches que normalement, mais rien à faire, le Trojan est toujour la, le PC est toujour très lent et il fait des choses bizarres, fenetres qui s'ouvrent ou ne s'ouvrent pas, problèms au niveau des connexions internet avec google et yahoo.

voila le log hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.20.29, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmi\Dell\Media Experience\DMXLauncher.exe
C:\Programmi\Dell\QuickSet\quickset.exe
C:\Programmi\FlyNet\CnxDslTb.exe
C:\Programmi\Apoint\Apoint.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\Programmi\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Digital Line Detect\DLG.exe
C:\Programmi\AVerTV USB 2.0 Plus\QuickTV.exe
C:\Programmi\Google\Google SketchUp 6\SketchUp.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/content/public/choosecountry.aspx?c=us&l=en&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://it.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmi\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [e4a80075] rundll32.exe "C:\WINDOWS\system32\urrurixh.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV.lnk = C:\Programmi\AVerTV USB 2.0 Plus\QuickTV.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) -
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Unknown owner - C:\Programmi\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11596 bytes
Configuration: Windows Vista
Internet Explorer 7.0

32 réponses

  • 1
  • 2
Résumé de la discussion

Une infection Trojan TR/Mondera.64512 est détectée par Avira AntiVir sur un poste Windows, avec des messages d'erreur RUNDLL et des DLL manquantes, et des symptômes de ralentissement, de fenêtres qui s'ouvrent. Des symptômes variés apparaissent: lenteur générale, activité inexpliquée et problèmes de connexion Internet vers Google et Yahoo, accompagnés d'un log HijackThis détaillant des processus et des clés de registre. Plusieurs éléments du log montrent des programmes légitimes en exécution et des entrées suspectes, notamment des clés Run et des DLL chargés via rundll32, ce qui complexifie le diagnostic. D'autres suggestions préconisent d'analyser et nettoyer les éléments suspectés, de vérifier les services et les programmes de démarrage, puis de prévoir des remises à zéro ciblées avant une réinstallation éventuelle.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    pas l'ombre d'une infection lop dans ce rapport (ni dans les informations fournies).

    Par contre le rapport lopS&D mentionnera une probable infection Vundo.

    Pour ton message au démarrage, c'est simplement que le fichier n'existe plus, ce qui est une boinne nouvelle.

    Fais ça :

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse .

    Continue avec :

    Télécharge DSS (Deckard's System Scanner de Deckard) sur ton Bureau à partir de ce lien :

    http://www.techsupportforum.com/sectools/Deckard/dss.exe

    Choisis "Enregistrer" et "Bureau" comme emplacement.

    Ferme toutes les applications en cours (très important, sinon l'ordi peut planter).

    Double-clique sur DSS.exe pour lancer l'outil.

    S'il ne trouve pas HijackThis, clique sur Oui.

    Clique sur OK à chaque fois que cela sera demandé.

    L'analyse finie, un fichier texte s'affichera. Poste son contenu dans ta réponse.

    Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt.
    2
    1. Mairea
       
      Miracle! apres le démarrage il n'y a plus l'allert Avira Antivir Trojan TR/Mondera.64512. Bon

      voila le rapport Virtumundo

      [06/15/2008, 11:18:28] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\em\Desktop\VirtumundoBeGone.exe" )
      [06/15/2008, 11:18:56] - Detected System Information:
      [06/15/2008, 11:18:56] - Windows Version: 5.1.2600, Service Pack 2
      [06/15/2008, 11:18:56] - Current Username: em (Admin)
      [06/15/2008, 11:18:56] - Windows is in NORMAL mode.
      [06/15/2008, 11:18:56] - Searching for Browser Helper Objects:
      [06/15/2008, 11:18:56] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [06/15/2008, 11:18:56] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [06/15/2008, 11:18:56] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
      [06/15/2008, 11:18:56] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
      [06/15/2008, 11:18:56] - BHO 5: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
      [06/15/2008, 11:18:56] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [06/15/2008, 11:18:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/15/2008, 11:18:56] - No filename found. Continuing.
      [06/15/2008, 11:18:56] - BHO 7: {84A46358-4001-4E42-A966-A3CAC5F91716} ()
      [06/15/2008, 11:18:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/15/2008, 11:18:56] - Checking for HKLM\...\Winlogon\Notify\fccyaATK
      [06/15/2008, 11:18:56] - Found: HKLM\...\Winlogon\Notify\fccyaATK - This is probably Virtumundo.
      [06/15/2008, 11:18:56] - Assigning {84A46358-4001-4E42-A966-A3CAC5F91716} MSEvents Object
      [06/15/2008, 11:18:56] - BHO list has been changed! Starting over...
      [06/15/2008, 11:18:57] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [06/15/2008, 11:18:57] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [06/15/2008, 11:18:57] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
      [06/15/2008, 11:18:57] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
      [06/15/2008, 11:18:57] - BHO 5: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
      [06/15/2008, 11:18:57] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [06/15/2008, 11:18:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/15/2008, 11:18:57] - No filename found. Continuing.
      [06/15/2008, 11:18:57] - BHO 7: {84A46358-4001-4E42-A966-A3CAC5F91716} (MSEvents Object)
      [06/15/2008, 11:18:57] - ALERT: Found MSEvents Object!
      [06/15/2008, 11:18:57] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
      [06/15/2008, 11:18:57] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [06/15/2008, 11:18:57] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [06/15/2008, 11:18:57] - BHO 11: {D11C3261-47E3-4D54-ADE0-A1DE4BFFEC7A} ()
      [06/15/2008, 11:18:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/15/2008, 11:18:57] - Checking for HKLM\...\Winlogon\Notify\yaywuvWO
      [06/15/2008, 11:18:57] - Key not found: HKLM\...\Winlogon\Notify\yaywuvWO, continuing.
      [06/15/2008, 11:18:57] - Finished Searching Browser Helper Objects
      [06/15/2008, 11:18:57] - *** Detected MSEvents Object
      [06/15/2008, 11:18:57] - Trying to remove MSEvents Object...
      [06/15/2008, 11:18:58] - Terminating Process: IEXPLORE.EXE
      [06/15/2008, 11:18:58] - Terminating Process: RUNDLL32.EXE
      [06/15/2008, 11:18:58] - Disabling Automatic Shell Restart
      [06/15/2008, 11:18:59] - Terminating Process: EXPLORER.EXE
      [06/15/2008, 11:18:59] - Suspending the NT Session Manager System Service
      [06/15/2008, 11:19:00] - Terminating Windows NT Logon/Logoff Manager
      [06/15/2008, 11:19:01] - Re-enabling Automatic Shell Restart
      [06/15/2008, 11:19:01] - File to disable: C:\WINDOWS\system32\fccyaATK.dll
      [06/15/2008, 11:19:01] - Renaming C:\WINDOWS\system32\fccyaATK.dll -> C:\WINDOWS\system32\fccyaATK.dll.vir
      [06/15/2008, 11:19:02] - File successfully renamed!
      [06/15/2008, 11:19:02] - Removing HKLM\...\Browser Helper Objects\{84A46358-4001-4E42-A966-A3CAC5F91716}
      [06/15/2008, 11:19:02] - Removing HKCR\CLSID\{84A46358-4001-4E42-A966-A3CAC5F91716}
      [06/15/2008, 11:19:02] - Adding Kill Bit for ActiveX for GUID: {84A46358-4001-4E42-A966-A3CAC5F91716}
      [06/15/2008, 11:19:02] - Deleting ATLEvents/MSEvents Registry entries
      [06/15/2008, 11:19:02] - Removing HKLM\...\Winlogon\Notify\fccyaATK
      [06/15/2008, 11:19:02] - Searching for Browser Helper Objects:
      [06/15/2008, 11:19:02] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [06/15/2008, 11:19:02] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [06/15/2008, 11:19:02] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
      [06/15/2008, 11:19:02] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
      [06/15/2008, 11:19:02] - BHO 5: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
      [06/15/2008, 11:19:02] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [06/15/2008, 11:19:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/15/2008, 11:19:02] - No filename found. Continuing.
      [06/15/2008, 11:19:02] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
      [06/15/2008, 11:19:02] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [06/15/2008, 11:19:02] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [06/15/2008, 11:19:02] - BHO 10: {D11C3261-47E3-4D54-ADE0-A1DE4BFFEC7A} ()
      [06/15/2008, 11:19:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/15/2008, 11:19:02] - Checking for HKLM\...\Winlogon\Notify\yaywuvWO
      [06/15/2008, 11:19:02] - Key not found: HKLM\...\Winlogon\Notify\yaywuvWO, continuing.
      [06/15/2008, 11:19:02] - Finished Searching Browser Helper Objects
      [06/15/2008, 11:19:02] - Finishing up...
      [06/15/2008, 11:19:02] - A restart is needed.
      [06/15/2008, 11:19:02] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
      [06/15/2008, 11:20:15] - Attempting to Restart via STOP error (Blue Screen!)

      et voila le rapport DSS

      Deckard's System Scanner v20071014.68
      Run by em on 2008-06-15 11:26:18
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 2 Restore Point(s) --
      2: 2008-06-15 09:26:30 UTC - RP2 - Deckard's System Scanner Restore Point
      1: 2008-06-14 19:34:15 UTC - RP1 - Punto di arresto del sistema


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as em.exe) --------------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11.28.45, on 15/06/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
      C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
      C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
      C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
      C:\Programmi\Spyware Doctor\pctsAuxs.exe
      C:\Programmi\Spyware Doctor\pctsSvc.exe
      C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Programmi\Spyware Doctor\pctsTray.exe
      C:\Programmi\File comuni\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
      C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
      C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
      C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
      C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe
      C:\Programmi\Dell\Media Experience\DMXLauncher.exe
      C:\Programmi\Dell\QuickSet\quickset.exe
      C:\Programmi\Apoint\Apoint.exe
      C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\fxssvc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Programmi\Digital Line Detect\DLG.exe
      C:\Programmi\AVerTV USB 2.0 Plus\QuickTV.exe
      C:\Programmi\Apoint\Apntex.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\alg.exe
      C:\Documents and Settings\em\Desktop\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\em.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/content/public/choosecountry.aspx?c=us&l=en&s=gen
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://it.search.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {14E09EA7-5DFD-4321-B31B-3047889A0B20} - C:\WINDOWS\system32\yaywuvWO.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
      O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
      O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
      O4 - HKLM\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [DMXLauncher] C:\Programmi\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\quickset.exe
      O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
      O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
      O4 - HKLM\..\Run: [e4a80075] rundll32.exe "C:\WINDOWS\system32\urrurixh.dll",b
      O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [BMe79b33e9] Rundll32.exe "C:\WINDOWS\system32\gltcqhud.dll",s
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: QuickTV.lnk = C:\Programmi\AVerTV USB 2.0 Plus\QuickTV.exe
      O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
      O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
      O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
      O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
      O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
      O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
      O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) -
      O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
      O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Unknown owner - C:\Programmi\Norton Internet Security\isPwdSvc.exe (file missing)
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
      0
  2. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    oups Vista. DSS ne va pas fonctionner.

    Renomme Hijackthis.exe en scanvundo.exe, relance le (do a scan and save a logfile) et poste le nouveau rapport;
    1
    1. Mairea
       
      Maintenent il y a un nouveau allert Avira
      C:\System Volume Information\......\A0001036.dll
      is a Trojan horse TR/Mondera.64512

      Il y a aussi le rapport extra.txt

      Deckard's System Scanner v20071014.68
      Extra logfile - please post this as an attachment with your post.
      --------------------------------------------------------------------------------

      -- System Information ----------------------------------------------------------

      Microsoft Windows XP Professional (build 2600) SP 2.0
      Architecture: X86; Language: Italian

      CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
      Percentage of Memory in Use: 68%
      Physical Memory (total/avail): 511.37 MiB / 160.96 MiB
      Pagefile Memory (total/avail): 1245.88 MiB / 623.45 MiB
      Virtual Memory (total/avail): 2047.88 MiB / 1938.62 MiB

      C: is Fixed (NTFS) - 53.05 GiB total, 20.12 GiB free.
      D: is CDROM (UDF)
      E: is Removable (FAT)

      \\.\PHYSICALDRIVE0 - HTS548060M9AT00 - 55.89 GiB - 3 partitions
      \PARTITION0 - Unknown - 86.26 MiB
      \PARTITION1 (bootable) - File system installabile - 53.05 GiB - C:
      \PARTITION2 - Unknown - 2.75 GiB

      \\.\PHYSICALDRIVE1 - USB Flash Disk USB Device - 1929.68 MiB - 1 partition
      \PARTITION0 (bootable) - MS-DOS V4 Huge - 1935.48 MiB - E:



      -- Security Center -------------------------------------------------------------

      AUOptions is scheduled to auto-install.
      Windows Internal Firewall is enabled.

      FirstRunDisabled is set.

      AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
      "C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
      "C:\\Programmi\\ICQLite\\ICQLite.exe"="C:\\Programmi\\ICQLite\\ICQLite.exe:*:Disabled:ICQ Lite"
      "C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


      -- Environment Variables -------------------------------------------------------

      ALLUSERSPROFILE=C:\Documents and Settings\All Users
      APPDATA=C:\Documents and Settings\em\Dati applicazioni
      CLIENTNAME=Console
      CommonProgramFiles=C:\Programmi\File comuni
      COMPUTERNAME=D25MMR1J
      ComSpec=C:\WINDOWS\system32\cmd.exe
      FP_NO_HOST_CHECK=NO
      HOMEDRIVE=C:
      HOMEPATH=\Documents and Settings\em
      LOGONSERVER=\\D25MMR1J
      NUMBER_OF_PROCESSORS=1
      OS=Windows_NT
      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programmi\ATI Technologies\ATI Control Panel;C:\Programmi\File comuni\Autodesk Shared\;C:\Programmi\File comuni\Adobe\AGL;C:\Programmi\ZipGenius 6\
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
      PROCESSOR_LEVEL=6
      PROCESSOR_REVISION=0d08
      ProgramFiles=C:\Programmi
      PROMPT=$P$G
      SESSIONNAME=Console
      SonicCentral=C:\Programmi\File comuni\Sonic Shared\Sonic Central\
      SystemDrive=C:
      SystemRoot=C:\WINDOWS
      TEMP=C:\DOCUME~1\em\IMPOST~1\Temp
      TMP=C:\DOCUME~1\em\IMPOST~1\Temp
      USERDOMAIN=D25MMR1J
      USERNAME=em
      USERPROFILE=C:\Documents and Settings\em
      windir=C:\WINDOWS
      __COMPAT_LAYER=EnableNXShowUI


      -- User Profiles ---------------------------------------------------------------

      em [I](admin)/I
      vd [I](admin)/I
      op [I](admin)/I
      Administrator [I](admin)/I


      -- Add/Remove Programs ---------------------------------------------------------

      --> C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
      --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
      --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
      --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
      --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
      --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{0B21B14F-403B-442E-86E1-3A912D70033D}\Setup.exe" -l0x10
      --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
      Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN0410.EXE -f"C:\Programmi\File comuni\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programmi\File comuni\Adobe\Acrobat 5.0\NT\Uninst.dll"
      Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
      Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
      Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-551D-4478-9682-DBB587257110}
      Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0410-1E257A25E34D}
      Adobe Reader 6.0.1 - Italiano --> MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A00000000001}
      Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
      Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
      Aggiornamento della protezione per Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB896422) -->
      Aggiornamento della protezione per Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
      Aggiornamento della protezione per Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
      Aggiornamento per Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
      Aggiornamento rapido per Windows XP - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
      Aggiornamento rapido per Windows XP - KB873339 -->
      Aggiornamento rapido per Windows XP - KB885250 -->
      Aggiornamento rapido per Windows XP - KB885835 -->
      Aggiornamento rapido per Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
      Aggiornamento rapido per Windows XP - KB885855 -->
      Aggiornamento rapido per Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
      Aggiornamento rapido per Windows XP - KB887472 -->
      Aggiornamento rapido per Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
      Aggiornamento rapido per Windows XP - KB888113 -->
      Aggiornamento rapido per Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
      Aggiornamento rapido per Windows XP - KB888310 -->
      Aggiornamento rapido per Windows XP - KB890175 -->
      Aggiornamento rapido per Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
      Aggiornamento rapido per Windows XP - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
      Aggiornamento rapido per Windows XP - KB891781 -->
      Aggiornamento rapido per Windows XP - KB892627 -->
      Aggiornamento rapido per Windows XP - KB893056 -->
      Aggiornamento rapido per Windows XP - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
      ALPS Touch Pad Driver --> C:\Programmi\Apoint\Uninstap.exe ADDREMOVE
      AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -fC:\Programmi\WexTech\AnswerWorks\Uninst.isu
      ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x10
      Assistente per l'accesso a Windows Live --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
      ATI Control Panel --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
      ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
      Audacity 1.2.6 --> "C:\Programmi\Audacity\unins000.exe"
      AutoCAD 2002 - Italiano --> MsiExec.exe /I{5783F2D7-0101-0410-0002-0060B0CE6BBA}
      AutoCAD 2007 - Italiano --> MsiExec.exe /I{5783F2D7-5001-0410-0002-0060B0CE6BBA}
      Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
      AVerTV USB 2.0 Plus --> C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8DF56C91-281F-4C15-B954-F45FDC919568} /l1033
      AVerTV USB 2.0 Plus Driver --> C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C6050736-FF54-4497-9ACA-05819DC4202E}
      Avira AntiVir Personal – Free Antivirus --> C:\Programmi\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
      Broadcom Management Programs 2 --> C:\Programmi\File comuni\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1040
      C-Dilla Licence Management System --> C:\C_DILLA\setup\cdunin16.exe
      C6 Helper --> C:\WINDOWS\iun6002.exe "C:\Programmi\C6 Messenger\plugin\helper\irunin.ini"
      C6 Messenger 7.0 --> C:\WINDOWS\iun6002.exe "C:\Programmi\C6 Messenger\C6irunin.ini"
      Canon MP Navigator 3.0 --> "C:\Programmi\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Programmi\Canon\MP Navigator 3.0\uninst.ini
      Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0010
      Canon Utilities Easy-PhotoPrint --> C:\Programmi\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
      Conexant D110 MDC V.9x Modem --> C:\Programmi\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
      CutePDF Writer 2.7 --> C:\Programmi\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
      Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
      Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
      Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
      Digital Line Detect --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x10 ControlPanel
      Easy-WebPrint --> C:\WINDOWS\IsUn0410.exe -fC:\Programmi\Canon\Easy-WebPrint\Uninst.isu
      FlyNet ADSL USB MODEM WAN Adapter --> C:\Programmi\FlyNet\CnxUnist.exe -w7 AccessRunner ADSL
      Gestione del risparmio di energia della scheda di rete interna --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x10 UNINSTALL APPDRVNT4
      Google Earth --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
      Google SketchUp 6 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
      Google SketchUp 6 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
      Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programmi\google\googletoolbar2.dll"
      HijackThis 2.0.2 --> "C:\Programmi\Trend Micro\HijackThis\HijackThis.exe" /uninstall
      Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
      Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
      InterVideo FilterSDK for AverMedia --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{791C59F1-46FE-475B-B46F-058C0FABBED4}\setup.exe" REMOVEALL
      Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
      Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
      Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
      Java Runtime Environment 1.1 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\JavaSoft\JRE\1.1\lib\DeIsL1.isu"
      LiveUpdate 3.1 (Symantec Corporation) --> "C:\Programmi\Symantec\LiveUpdate\LSETUP.EXE" /U
      LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
      Lop S&D --> C:\Lop SD\Uninstal.exe
      Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
      mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
      mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
      mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
      Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
      Microsoft Office 2000 Premium --> MsiExec.exe /I{00000410-78E1-11D2-B60F-006097C998E7}
      Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
      Microsoft VC80 Support DLLs --> MsiExec.exe /I{342F5437-C87D-4BB5-89B9-B23E16C6A395}
      Microsoft Works 7.0 --> MsiExec.exe /I{BF915BB7-8675-40B3-835B-44A3304ECB7B}
      mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
      mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
      mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
      mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
      Modem Helper --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x10 ControlPanel
      mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
      mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
      mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
      mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
      mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
      mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
      mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
      mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
      NetWaiting --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x10 ControlPanelAnyText
      Philips Product Selector 1.0.2 --> C:\Programmi\InstallShield Installation Information\{BC35DF5E-7682-40F9-8FF0-737D8C568F7D}\setup.exe -runfromtemp -l0x0409
      PhotoLux --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{E670CC9A-7CD2-4BB8-9485-6324EFAC137C}\setup.exe" -l0x9 anything -uninst
      POV-Ray for Windows v3.6.1c --> C:\PROGRA~1\POV-RA~1.6\unwise.exe C:\PROGRA~1\POV-RA~1.6\install.log
      PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
      QuickSet --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x10 UNINSTALL APPDRVNT4 - ALL
      RealPlayer --> C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
      Rhinoceros 4.0 Evaluation --> MsiExec.exe /I{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}
      Samsung ML-1610 Series --> C:\WINDOWS\Samsung\ML-1610\SETUP.EXE
      ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
      Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
      Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
      SketchUp 5 Architecture Library --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{A535CF14-E12F-40B0-B6A3-6E214EA12CD3}\setup.exe" -l0x9 -removeonly
      SketchUp 5 People Library --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{FA0951BF-BBC4-407B-A9C4-92A37EAE3AF3}\setup.exe" -l0x9 -removeonly
      Sonic Audio module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
      Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
      Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
      Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
      Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
      Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
      Spyware Doctor 5.5 --> C:\Programmi\Spyware Doctor\unins000.exe /LOG
      TerMus-G --> RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{CAA25E12-0DF7-4375-A48D-1D02D46BB6EB}\setup.exe" -l0x10
      Thorn - Product Explorer 6.0 --> MsiExec.exe /I{B8EE8264-238C-430A-9D5F-DB9139B09364}
      Tiscali Internet --> MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}
      Volo View Express --> C:\WINDOWS\unin0410.exe -f"C:\Programmi\Volo View Express\DeIsL1.isu"
      Windows Live installer --> MsiExec.exe /X{88479C8D-AE26-4A17-ADA9-9A44CC629C08}
      Windows Live Mail --> MsiExec.exe /I{7FDEE06E-736C-4515-9476-EF4CB0186E6D}
      Windows Live Messenger --> MsiExec.exe /X{518B3E76-4C05-4F30-A802-D87FB2086B67}
      Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
      WinRAR gestione archivi --> C:\Programmi\WinRAR\uninstall.exe
      Yahoo! Extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
      Yahoo! Toolbar con blocco Pop-Up --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
      ZipGenius 6 (6.0.3.1130) --> "C:\Programmi\ZipGenius 6\unins000.exe"
      Zumtobel - Product Explorer 6.0 --> MsiExec.exe /I{4F6F5C1E-F109-4A58-8F43-9A1039CDAFC9}


      -- Application Event Log -------------------------------------------------------

      Event Record #/Type80 / Warning
      Event Submitted/Written: 06/15/2008 11:16:53 AM
      Event ID/Source: 4113 / Avira AntiVir
      Event Description:
      TR/Mondera.64512C:\WINDOWS\system32\fccyaATK.dll

      Event Record #/Type79 / Warning
      Event Submitted/Written: 06/15/2008 11:14:27 AM
      Event ID/Source: 4113 / Avira AntiVir
      Event Description:
      TR/Mondera.64512C:\WINDOWS\system32\fccyaATK.dll

      Event Record #/Type78 / Warning
      Event Submitted/Written: 06/15/2008 11:14:19 AM
      Event ID/Source: 4113 / Avira AntiVir
      Event Description:
      TR/Mondera.64512C:\WINDOWS\system32\fccyaATK.dll

      Event Record #/Type77 / Warning
      Event Submitted/Written: 06/15/2008 11:14:12 AM
      Event ID/Source: 4113 / Avira AntiVir
      Event Description:
      TR/Mondera.64512C:\WINDOWS\system32\fccyaATK.dll

      Event Record #/Type69 / Warning
      Event Submitted/Written: 06/15/2008 10:39:40 AM
      Event ID/Source: 4113 / Avira AntiVir
      Event Description:
      TR/Mondera.64512C:\WINDOWS\system32\fccyaATK.dll



      -- Security Event Log ----------------------------------------------------------

      No Errors/Warnings found.


      -- System Event Log ------------------------------------------------------------

      Event Record #/Type65516 / Error
      Event Submitted/Written: 06/15/2008 10:35:49 AM
      Event ID/Source: 14103 / PSched
      Event Description:
      QoS [Scheda {3F169ACF-C380-48BF-94CB-735E1C46FF16}].
      Il driver della scheda di rete non ha potuto eseguire la query per OID_GEN_LINK_SPEED.

      Event Record #/Type65490 / Warning
      Event Submitted/Written: 06/15/2008 09:53:15 AM
      Event ID/Source: 1007 / Dhcp
      Event Description:
      L'indirizzo IP della scheda
      di rete con indirizzo 00123FD637AD è stato configurato automaticamente. L'indirizzo IP utilizzato è 169.254.225.159.

      Event Record #/Type65485 / Error
      Event Submitted/Written: 06/15/2008 09:52:03 AM / 06/15/2008 09:52:04 AM
      Event ID/Source: 14103 / PSched
      Event Description:
      QoS [Scheda {3F169ACF-C380-48BF-94CB-735E1C46FF16}].
      Il driver della scheda di rete non ha potuto eseguire la query per OID_GEN_LINK_SPEED.

      Event Record #/Type65059 / Error
      Event Submitted/Written: 06/14/2008 09:15:18 AM
      Event ID/Source: 10005 / DCOM
      Event Description:
      DCOM ha ricevuto l'errore "%%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""
      per eseguire il server
      {E60687F7-01A1-40AA-86AC-DB1CBF673334}

      Event Record #/Type65058 / Error
      Event Submitted/Written: 06/14/2008 09:14:31 AM
      Event ID/Source: 10005 / DCOM
      Event Description:
      DCOM ha ricevuto l'errore "%%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""
      per eseguire il server
      {E60687F7-01A1-40AA-86AC-DB1CBF673334}



      -- End of Deckard's System Scanner: finished at 2008-06-15 11:30:13 ------------

      et le rapport mouved.text

      Directories/Files moved to C:\Deckard\System Scanner\backup

      2008-05-02 20:39:08 0 d-------- C:\DOCUME~1\em\IMPOST~1\Temp\.kmztmp
      2008-06-14 00:43:01 59964 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\Adobelm_Cleanup.0001 <Not Verified; Macrovision Europe Ltd.; Macrovision Europe Ltd. Cleanup>
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b120x240.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b120x600.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b120x90.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b125x125.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b160x600.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b180x150.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b234x60.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b240x400.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b250x250.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b300x100.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b300x250.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b336x280.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b468x60.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b720x300.tmp
      2008-06-14 01:14:15 22287 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\b728x90.tmp
      2008-06-14 01:05:08 0 d-------- C:\DOCUME~1\em\IMPOST~1\Temp\Google Toolbar
      2008-06-14 01:18:07 0 d-------- C:\DOCUME~1\em\IMPOST~1\Temp\is-5MDOT.tmp
      2008-06-14 01:31:45 0 d-------- C:\DOCUME~1\em\IMPOST~1\Temp\is-8P7QI.tmp
      2008-06-14 01:19:11 0 d-------- C:\DOCUME~1\em\IMPOST~1\Temp\is-EAEJ4.tmp
      2008-06-14 01:30:31 0 d-------- C:\DOCUME~1\em\IMPOST~1\Temp\is-TT2LO.tmp
      2008-06-15 11:22:18 1526 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\jusched.log
      2005-10-13 05:38:10 53248 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\nse37.tmp <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
      2008-06-15 11:18:58 0 d-------- C:\DOCUME~1\em\IMPOST~1\Temp\nsl35.tmp
      2002-05-08 18:50:18 45056 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\nsp36.tmp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
      2008-06-15 11:16:57 192861 --a-----t C:\DOCUME~1\em\IMPOST~1\Temp\nsw34.tmp
      2008-06-14 01:20:14 80418 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\Setup Log 2008-06-14 #001.txt
      2008-06-14 01:31:51 6362 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\Setup Log 2008-06-14 #002.txt
      2008-06-15 00:21:45 131061 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\SketchUpUndo0.log
      2008-06-14 00:42:57 1093 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\TWAIN.LOG
      2008-06-14 00:42:57 2 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\Twain001.Mtx
      2008-06-14 00:42:57 156 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\Twunk001.MTX
      2008-06-14 00:42:25 0 --a------ C:\DOCUME~1\em\IMPOST~1\Temp\Twunk002.MTX
      2008-06-15 11:22:17 0 d-------- C:\DOCUME~1\em\IMPOST~1\Temp\WPDNSE
      2008-06-14 21:19:35 0 d-------- C:\DOCUME~1\em\IMPOST~1\Temp\ZGTemp
      2006-12-29 21:23:51 9249487 --a------ C:\WINDOWS\temp\000003DE
      2006-12-29 21:23:51 3642111 --a------ C:\WINDOWS\temp\000003DF
      2004-09-07 23:38:56 7505 -----n--- C:\WINDOWS\temp\915M.cat
      2004-06-10 15:05:06 3374 -----n--- C:\WINDOWS\temp\915M.inf
      2007-05-09 08:01:38 5012 --a------ C:\WINDOWS\temp\ASPNETSetup_00000.log
      2007-05-09 08:08:40 5012 --a------ C:\WINDOWS\temp\ASPNETSetup_00001.log
      2007-07-12 08:24:29 5012 --a------ C:\WINDOWS\temp\ASPNETSetup_00002.log
      2008-02-08 02:41:42 5158 --a------ C:\WINDOWS\temp\ASPNETSetup_00003.log
      2008-06-13 11:12:27 0 d--hs---- C:\WINDOWS\temp\Cookies
      2005-08-02 15:55:45 0 d---s---- C:\WINDOWS\temp\Cronologia
      2008-02-08 02:37:46 21336 --a------ C:\WINDOWS\temp\dd_depcheck_NETFX20_EXP_35.txt
      2008-02-08 02:37:32 2 --a------ C:\WINDOWS\temp\dd_dotnetfx20error.txt
      2008-02-08 02:43:34 68432 --a------ C:\WINDOWS\temp\dd_dotnetfx20install.txt
      2008-02-08 02:43:11 10912626 --a------ C:\WINDOWS\temp\dd_NET_Framework20_Setup2DE9.txt
      2008-06-13 13:03:38 0 --a-----t C:\WINDOWS\temp\etilqs_1S5D9Px2W7JwfNK-journal
      2008-06-13 21:06:40 1028 --a-----t C:\WINDOWS\temp\etilqs_8tuR7fHCxi8xMAe
      2008-06-13 21:06:39 258048 --a-----t C:\WINDOWS\temp\etilqs_kXo1NceMwDSbR0H
      2008-06-13 21:06:40 0 --a-----t C:\WINDOWS\temp\etilqs_TIsHndkdYOvWnbG-journal
      2008-06-13 13:03:38 1028 --a-----t C:\WINDOWS\temp\etilqs_UzwMgFOrEpZmkZV
      2008-06-13 13:03:38 209920 --a-----t C:\WINDOWS\temp\etilqs_YH42ezr4rOLp50q
      2008-06-13 10:38:44 0 d--hs---- C:\WINDOWS\temp\History
      2004-09-07 23:38:56 8227 -----n--- C:\WINDOWS\temp\ich6core.cat
      2004-04-05 16:19:54 4824 -----n--- C:\WINDOWS\temp\ich6core.inf
      2004-09-07 23:38:56 7723 -----n--- C:\WINDOWS\temp\ich6ide.cat
      2004-03-24 16:50:52 3726 -----n--- C:\WINDOWS\temp\ich6ide.inf
      2004-09-07 23:38:56 9265 -----n--- C:\WINDOWS\temp\ich6usb.cat
      2004-03-11 10:21:34 3891 -----n--- C:\WINDOWS\temp\ich6usb.inf
      2008-06-05 11:00:21 3308624 --a------ C:\WINDOWS\temp\mpengine.dll <Verified; Microsoft Corporation; Microsoft Malware Protection>
      2007-07-10 18:31:04 439424 --a------ C:\WINDOWS\temp\NCOA.tmp <Verified; Symantec Corporation; Norton Confidential>
      2007-07-10 18:31:06 149120 --a------ C:\WINDOWS\temp\NCOB.tmp <Verified; Symantec Corporation; Norton Confidential>
      2007-07-10 18:31:12 284288 --a------ C:\WINDOWS\temp\NCOC.tmp
      2007-07-12 08:35:01 25839 --a------ C:\WINDOWS\temp\netfxsl.log
      2005-08-06 22:20:46 3608 --a------ C:\WINDOWS\temp\netfxupdate.log
      2007-07-12 08:37:54 7491 --a------ C:\WINDOWS\temp\NetFxUpdate_v1.1.4322.log
      2007-10-15 22:11:49 1556 --a------ C:\WINDOWS\temp\Norton_SPALOG_10_15_2007_448500.txt
      2007-09-22 09:24:46 1500 --a------ C:\WINDOWS\temp\Norton_SPALOG_9_22_2007_394171.txt
      2004-09-09 10:00:08 16384 --a------ C:\WINDOWS\temp\Perflib_Perfdata_364.dat
      2007-10-24 08:26:53 0 d-------- C:\WINDOWS\temp\slu10d2.tmp
      2007-07-21 13:59:45 0 d-------- C:\WINDOWS\temp\slu10f1.tmp
      2007-12-13 12:34:29 0 d-------- C:\WINDOWS\temp\slu10f7.tmp
      2006-12-28 17:16:24 0 d-------- C:\WINDOWS\temp\slu1634.tmp
      2008-06-06 11:32:19 0 d-------- C:\WINDOWS\temp\slu18ca.tmp
      2008-04-11 20:26:15 0 d-------- C:\WINDOWS\temp\slu19fc.tmp
      2007-07-24 20:16:16 0 d-------- C:\WINDOWS\temp\slu1b84.tmp
      2007-07-29 09:00:21 0 d-------- C:\WINDOWS\temp\slu1cde.tmp
      2008-01-04 11:41:49 0 d-------- C:\WINDOWS\temp\slu1f95.tmp
      2007-07-26 19:47:04 0 d-------- C:\WINDOWS\temp\slu2172.tmp
      2007-02-09 00:09:50 0 d-------- C:\WINDOWS\temp\slu2437.tmp
      2008-06-12 09:58:15 0 d-------- C:\WINDOWS\temp\slu2597.tmp
      2007-12-20 20:38:03 0 d-------- C:\WINDOWS\temp\slu2601.tmp
      2007-06-02 00:16:12 0 d-------- C:\WINDOWS\temp\slu261e.tmp
      2007-05-09 10:27:33 0 d-------- C:\WINDOWS\temp\slu26d2.tmp
      2007-10-11 19:54:10 0 d-------- C:\WINDOWS\temp\slu271b.tmp
      2007-06-26 20:47:56 0 d-------- C:\WINDOWS\temp\slu2807.tmp
      2007-07-29 17:39:21 0 d-------- C:\WINDOWS\temp\slu2a18.tmp
      2007-07-17 21:23:10 0 d-------- C:\WINDOWS\temp\slu2bcd.tmp
      2007-10-26 22:21:28 0 d-------- C:\WINDOWS\temp\slu2bd7.tmp
      2007-02-13 10:15:01 0 d-------- C:\WINDOWS\temp\slu2bf0.tmp
      2007-08-22 12:12:05 0 d-------- C:\WINDOWS\temp\slu2c8.tmp
      2007-04-05 15:29:43 0 d-------- C:\WINDOWS\temp\slu2d95.tmp
      2007-05-15 22:43:18 0 d-------- C:\WINDOWS\temp\slu2ebe.tmp
      2007-05-25 14:05:30 0 d-------- C:\WINDOWS\temp\slu2fc3.tmp
      2007-07-20 21:57:54 0 d-------- C:\WINDOWS\temp\slu30c8.tmp
      2007-07-16 00:53:59 0 d-------- C:\WINDOWS\temp\slu30e3.tmp
      2007-04-26 18:54:55 0 d-------- C:\WINDOWS\temp\slu336e.tmp
      2007-07-28 13:59:38 0 d-------- C:\WINDOWS\temp\slu33cc.tmp
      2007-06-05 22:16:47 0 d-------- C:\WINDOWS\temp\slu340.tmp
      2007-12-08 10:42:06 0 d-------- C:\WINDOWS\temp\slu344c.tmp
      2007-08-04 10:28:15 0 d-------- C:\WINDOWS\temp\slu34ed.tmp
      2007-06-01 16:14:13 0 d-------- C:\WINDOWS\temp\slu3535.tmp
      2007-06-15 09:09:02 0 d-------- C:\WINDOWS\temp\slu35a6.tmp
      2007-06-28 20:29:35 0 d-------- C:\WINDOWS\temp\slu3640.tmp
      2007-07-05 22:31:50 0 d-------- C:\WINDOWS\temp\slu36c2.tmp
      2007-06-22 22:22:26 0 d-------- C:\WINDOWS\temp\slu37d6.tmp
      2007-06-07 14:27:36 0 d-------- C:\WINDOWS\temp\slu3868.tmp
      2007-05-17 00:01:15 0 d-------- C:\WINDOWS\temp\slu388c.tmp
      2007-05-31 18:01:11 0 d-------- C:\WINDOWS\temp\slu38f2.tmp
      2007-06-22 08:28:01 0 d-------- C:\WINDOWS\temp\slu3930.tmp
      2007-08-01 15:40:53 0 d-------- C:\WINDOWS\temp\slu39d2.tmp
      2007-12-15 12:53:10 0 d-------- C:\WINDOWS\temp\slu3b8b.tmp
      2007-11-01 23:39:47 0 d-------- C:\WINDOWS\temp\slu3c98.tmp
      2007-05-24 07:42:45 0 d-------- C:\WINDOWS\temp\slu3caf.tmp
      2007-07-21 09:22:32 0 d-------- C:\WINDOWS\temp\slu3cc5.tmp
      2007-04-17 09:21:27 0 d-------- C:\WINDOWS\temp\slu3d51.tmp
      2007-05-25 22:48:30 0 d-------- C:\WINDOWS\temp\slu4010.tmp
      2007-07-11 19:34:45 0 d-------- C:\WINDOWS\temp\slu403.tmp
      2007-07-24 08:36:36 0 d-------- C:\WINDOWS\temp\slu406.tmp
      2007-06-14 08:18:21 0 d-------- C:\WINDOWS\temp\slu40b9.tmp
      2007-02-03 19:21:38 0 d-------- C:\WINDOWS\temp\slu40f9.tmp
      2007-11-03 00:51:42 0 d-------- C:\WINDOWS\temp\slu41c5.tmp
      2007-12-03 19:30:18 0 d-------- C:\WINDOWS\temp\slu41e3.tmp
      2007-01-25 23:32:54 0 d-------- C:\WINDOWS\temp\slu4213.tmp
      2007-10-16 23:09:50 0 d-------- C:\WINDOWS\temp\slu4381.tmp
      2007-05-11 23:01:38 0 d-------- C:\WINDOWS\temp\slu441.tmp
      2007-08-31 09:27:45 0 d-------- C:\WINDOWS\temp\slu4437.tmp
      2007-07-24 10:00:29 0 d-------- C:\WINDOWS\temp\slu443a.tmp
      2007-08-18 09:17:22 0 d-------- C:\WINDOWS\temp\slu448a.tmp
      2007-07-27 10:29:31 0 d-------- C:\WINDOWS\temp\slu44d5.tmp
      2007-04-25 15:26:26 0 d-------- C:\WINDOWS\temp\slu45bb.tmp
      2007-10-23 11:19:32 0 d-------- C:\WINDOWS\temp\slu46d1.tmp
      2007-09-20 20:05:34 0 d-------- C:\WINDOWS\temp\slu470a.tmp
      2007-12-14 14:51:03 0 d-------- C:\WINDOWS\temp\slu47a2.tmp
      2007-07-14 21:31:50 0 d-------- C:\WINDOWS\temp\slu4809.tmp
      2007-05-21 18:38:50 0 d-------- C:\WINDOWS\temp\slu4872.tmp
      2007-02-08 22:10:03 0 d-------- C:\WINDOWS\temp\slu488a.tmp
      2008-06-09 10:15:51 0 d-------- C:\WINDOWS\temp\slu48ad.tmp
      2007-06-30 14:43:16 0 d-------- C:\WINDOWS\temp\slu4974.tmp
      2007-10-19 15:26:16 0 d-------- C:\WINDOWS\temp\slu4b21.tmp
      2007-07-29 14:03:17 0 d-------- C:\WINDOWS\temp\slu4b9.tmp
      2007-09-08 09:57:28 0 d-------- C:\WINDOWS\temp\slu4c09.tmp
      2007-07-26 23:30:38 0 d-------- C:\WINDOWS\temp\slu4c8e.tmp
      2007-07-14 16:03:48 0 d-------- C:\WINDOWS\temp\slu4cf8.tmp
      2007-05-02 23:13:23 0 d-------- C:\WINDOWS\temp\slu4e09.tmp
      2007-06-09 22:41:30 0 d-------- C:\WINDOWS\temp\slu4eb0.tmp
      2008-06-02 11:09:35 0 d-------- C:\WINDOWS\temp\slu4edc.tmp
      2007-02-19 00:49:44 0 d-------- C:\WINDOWS\temp\slu5012.tmp
      2007-04-28 16:11:16 0 d-------- C:\WINDOWS\temp\slu5271.tmp
      2007-12-11 14:37:58 0 d-------- C:\WINDOWS\temp\slu5339.tmp
      2007-12-06 17:36:01 0 d-------- C:\WINDOWS\temp\slu54d1.tmp
      2007-07-31 09:36:45 0 d-------- C:\WINDOWS\temp\slu54fe.tmp
      2007-04-17 21:03:22 0 d-------- C:\WINDOWS\temp\slu5688.tmp
      2007-12-12 13:00:53 0 d-------- C:\WINDOWS\temp\slu5709.tmp
      2007-02-15 10:35:07 0 d-------- C:\WINDOWS\temp\slu5796.tmp
      2007-07-25 22:40:02 0 d-------- C:\WINDOWS\temp\slu57b2.tmp
      2007-07-11 19:36:42 0 d-------- C:\WINDOWS\temp\slu584.tmp
      2007-01-22 17:59:22 0 d-------- C:\WINDOWS\temp\slu5869.tmp
      2007-12-19 10:28:45 0 d-------- C:\WINDOWS\temp\slu588.tmp
      2007-05-23 18:24:54 0 d-------- C:\WINDOWS\temp\slu5a08.tmp
      2007-05-17 23:04:37 0 d-------- C:\WINDOWS\temp\slu5b56.tmp
      2007-09-25 23:12:14 0 d-------- C:\WINDOWS\temp\slu5c96.tmp
      2006-12-20 21:16:37 0 d-------- C:\WINDOWS\temp\slu5cfe.tmp
      2007-07-12 08:40:28 0 d-------- C:\WINDOWS\temp\slu5d63.tmp
      2008-05-29 18:17:07 0 d-------- C:\WINDOWS\temp\slu5d8f.tmp
      2007-07-28 17:42:18 0 d-------- C:\WINDOWS\temp\slu5e38.tmp
      2007-09-14 08:30:42 0 d-------- C:\WINDOWS\temp\slu5e69.tmp
      2007-01-16 00:29:35 0 d-------- C:\WINDOWS\temp\slu6021.tmp
      2007-07-14 10:55:17 0 d-------- C:\WINDOWS\temp\slu60d7.tmp
      2007-04-18 22:22:07 0 d-------- C:\WINDOWS\temp\slu60f3.tmp
      2007-07-22 08:28:23 0 d-------- C:\WINDOWS\temp\slu6178.tmp
      2007-06-08 16:27:47 0 d-------- C:\WINDOWS\temp\slu6286.tmp
      2007-08-01 13:47:20 0 d-------- C:\WINDOWS\temp\slu62ea.tmp
      2007-01-02 18:48:16 0 d-------- C:\WINDOWS\temp\slu632a.tmp
      2007-12-18 22:35:06 0 d-------- C:\WINDOWS\temp\slu6353.tmp
      2007-08-02 17:41:14 0 d-------- C:\WINDOWS\temp\slu6411.tmp
      2007-07-31 12:46:45 0 d-------- C:\WINDOWS\temp\slu6669.tmp
      2007-07-10 20:38:11 0 d-------- C:\WINDOWS\temp\slu6671.tmp
      2007-08-02 23:19:01 0 d-------- C:\WINDOWS\temp\slu6695.tmp
      2008-05-28 17:25:44 0 d-------- C:\WINDOWS\temp\slu6816.tmp
      2007-09-27 20:06:12 0 d-------- C:\WINDOWS\temp\slu6a74.tmp
      2007-07-18 09:55:44 0 d-------- C:\WINDOWS\temp\slu6bcb.tmp
      2007-02-07 10:44:28 0 d-------- C:\WINDOWS\temp\slu6dae.tmp
      2007-07-28 09:41:06 0 d-------- C:\WINDOWS\temp\slu6de9.tmp
      2007-09-19 11:29:39 0 d-------- C:\WINDOWS\temp\slu6e0a.tmp
      2007-12-07 19:14:35 0 d-------- C:\WINDOWS\temp\slu6e64.tmp
      2007-05-01 08:54:45 0 d-------- C:\WINDOWS\temp\slu6ebb.tmp
      2007-07-30 14:40:23 0 d-------- C:\WINDOWS\temp\slu6f40.tmp
      2007-07-12 20:14:31 0 d-------- C:\WINDOWS\temp\slu7098.tmp
      2007-07-17 14:31:48 0 d-------- C:\WINDOWS\temp\slu70f1.tmp
      2007-07-24 22:09:13 0 d-------- C:\WINDOWS\temp\slu71fa.tmp
      2007-07-17 22:56:31 0 d-------- C:\WINDOWS\temp\slu733f.tmp
      2007-10-02 20:09:01 0 d-------- C:\WINDOWS\temp\slu7346.tmp
      2007-05-04 23:25:39 0 d-------- C:\WINDOWS\temp\slu73b1.tmp
      2007-07-28 23:44:58 0 d-------- C:\WINDOWS\temp\slu73cb.tmp
      2007-07-31 21:26:40 0 d-------- C:\WINDOWS\temp\slu7457.tmp
      2007-04-22 18:48:20 0 d-------- C:\WINDOWS\temp\slu75d8.tmp
      2007-02-06 15:25:53 0 d-------- C:\WINDOWS\temp\slu76ec.tmp
      2007-07-21 10:39:05 0 d-------- C:\WINDOWS\temp\slu775f.tmp
      2007-07-25 12:12:32 0 d-------- C:\WINDOWS\temp\slu776d.tmp
      2007-07-24 13:55:11 0 d-------- C:\WINDOWS\temp\slu77dc.tmp
      2007-05-10 16:06:07 0 d-------- C:\WINDOWS\temp\slu7815.tmp
      2007-05-11 11:36:56 0 d-------- C:\WINDOWS\temp\slu782b.tmp
      2008-02-15 14:38:34 0 d-------- C:\WINDOWS\temp\slu7872.tmp
      2007-07-15 09:44:26 0 d-------- C:\WINDOWS\temp\slu78bb.tmp
      2007-07-27 08:50:47 0 d-------- C:\WINDOWS\temp\slu7947.tmp
      2007-12-26 12:15:58 0 d-------- C:\WINDOWS\temp\slu7a85.tmp
      2007-01-27 10:16:15 0 d-------- C:\WINDOWS\temp\slu7c9f.tmp
      2008-06-10 09:42:01 0 d-------- C:\WINDOWS\temp\slu7ce7.tmp
      2007-08-25 20:55:19 0 d-------- C:\WINDOWS\temp\slu7da9.tmp
      2008-05-11 16:12:05 0 d-------- C:\WINDOWS\temp\slu7f75.tmp
      2007-05-04 18:06:32 0 d-------- C:\WINDOWS\temp\slu7f76.tmp
      2007-07-17 17:49:15 0 d-------- C:\WINDOWS\temp\slu813.tmp
      2007-04-15 19:57:56 0 d-------- C:\WINDOWS\temp\slu832.tmp
      2008-05-02 20:34:00 0 d-------- C:\WINDOWS\temp\slu8b6.tmp
      2007-07-16 22:21:32 0 d-------- C:\WINDOWS\temp\slua57.tmp
      2007-12-21 09:58:36 0 d-------- C:\WINDOWS\temp\sluab8.tmp
      2007-07-16 19:36:01 0 d-------- C:\WINDOWS\temp\sluba8.tmp
      2007-08-29 14:27:02 0 d-------- C:\WINDOWS\temp\slud06.tmp
      2007-10-04 19:49:48 0 d-------- C:\WINDOWS\temp\slud5.tmp
      2007-09-27 01:22:58 0 d-------- C:\WINDOWS\temp\sluec7.tmp
      2007-07-21 22:19:36 0 d-------- C:\WINDOWS\temp\sluf86.tmp
      2007-07-08 19:21:36 0 d-------- C:\WINDOWS\temp\sluf8c.tmp
      2007-04-04 09:31:01 436332 --a------ C:\WINDOWS\temp\SRTSP_MSI_I_10.1.5.4.log
      2007-09-22 09:26:59 435728 --a------ C:\WINDOWS\temp\SRTSP_MSI_I_10.2.1.8.log
      2007-12-06 21:55:38 427398 --a------ C:\WINDOWS\temp\SRTSP_MSI_I_10.2.2.6.log
      2007-09-22 09:30:07 362768 --a------ C:\WINDOWS\temp\SRTSP_MSI_U_(1)10.1.5.4.log
      2007-12-06 21:57:47 277924 --a------ C:\WINDOWS\temp\SRTSP_MSI_U_(1)10.2.1.8.log
      2007-04-04 09:32:36 362432 --a------ C:\WINDOWS\temp\SRTSP_MSI_U_10.1.4.2.log
      2007-04-04 09:32:36 4038 --a------ C:\WINDOWS\temp\SRTSP_Setup10.1.5.log
      2007-09-22 09:30:07 4000 --a------ C:\WINDOWS\temp\SRTSP_Setup_10.2.1.8.log
      2007-12-06 21:57:47 4120 --a------ C:\WINDOWS\temp\SRTSP_Setup_10.2.2.6.log
      2007-12-06 21:56:39 13994 --a------ C:\WINDOWS\temp\srtUnin.log
      2007-12-06 21:54:50 34335 --a------ C:\WINDOWS\temp\SYMEVENT.LOG
      2004-09-09 09:57:18 0 --a------ C:\WINDOWS\temp\T30DebugLogFile.txt
      2005-08-02 15:55:45 0 d---s---- C:\WINDOWS\temp\Temporary Internet Files
      2008-02-08 02:43:33 4536 --a------ C:\WINDOWS\temp\uxeventlog.txt
      2008-06-10 12:41:09 65572 --a------ C:\WINDOWS\temp\~ABC052F.TMP
      2008-06-10 12:41:09 1409 --a------ C:\WINDOWS\temp\~ABC0530.TMP
      2008-06-10 12:41:09 43988 --a------ C:\WINDOWS\temp\~ABC0531.TMP
      2008-06-10 12:41:09 1409 --a------ C:\WINDOWS\temp\~ABC0532.TMP
      2008-06-10 12:41:09 64588 --a------ C:\WINDOWS\temp\~ABC0538.TMP
      2008-06-10 12:41:09 1409 --a------ C:\WINDOWS\temp\~ABC0539.TMP
      2008-06-10 12:24:07 64588 --a------ C:\WINDOWS\temp\~ABC0B2A.TMP
      2008-06-10 12:24:07 1409 --a------ C:\WINDOWS\temp\~ABC0B2B.TMP
      2008-06-10 12:24:07 1409 --a------ C:\WINDOWS\temp\~ABC0B35.TMP
      2008-06-10 12:24:07 65572 --a------ C:\WINDOWS\temp\~ABC0B3A.TMP
      2008-06-10 12:24:07 1409 --a------ C:\WINDOWS\temp\~ABC0B3B.TMP
      2008-06-10 12:24:07 43988 --a------ C:\WINDOWS\temp\~ABC0B3F.TMP
      2008-06-10 22:45:41 64588 --a------ C:\WINDOWS\temp\~ABC3F09.TMP
      2008-06-10 22:45:41 1409 --a------ C:\WINDOWS\temp\~ABC3F0A.TMP
      2008-06-10 22:45:41 65572 --a------ C:\WINDOWS\temp\~ABC3F32.TMP
      2008-06-10 22:45:41 1409 --a------ C:\WINDOWS\temp\~ABC3F33.TMP
      2008-06-10 22:45:41 43988 --a------ C:\WINDOWS\temp\~ABC3F34.TMP
      2008-06-10 22:45:41 1409 --a------ C:\WINDOWS\temp\~ABC3F35.TMP
      2008-06-13 11:12:32 16384 --a------ C:\WINDOWS\temp\~DF4706.tmp
      1998-09-24 15:53:00 8704 --a------ C:\WINDOWS\temp\~GLF1E1F.TMP
      2006-03-05 12:19:46 114280 --a------ C:\WINDOWS\Downloaded Program Files\IDropENU.dll <Verified; Autodesk, Inc.; i-drop control>
      2006-03-25 19:44:48 114256 --a------ C:\WINDOWS\Downloaded Program Files\IDropITA.dll <Verified; Autodesk, Inc.; i-drop control>
      2001-05-04 14:58:26 54896 --a------ C:\WINDOWS\Downloaded Program Files\AcDcToday.ocx <Verified; Autodesk; AcDcToday ActiveX Control Module>
      2001-05-04 14:58:18 120440 --a------ C:\WINDOWS\Downloaded Program Files\AcPreview.ocx <Verified; Autodesk; AutoCAD Today>
      2006-03-05 11:58:26 346216 --a------ C:\WINDOWS\Downloaded Program Files\IDrop.ocx <Verified; Autodesk, Inc.; i-drop control>
      2001-05-04 14:58:24 108088 --a------ C:\WINDOWS\Downloaded Program Files\InstBanr.ocx <Verified; Autodesk, Inc.; InstBanr ActiveX Control Module>
      2001-05-04 14:58:28 288312 --a------ C:\WINDOWS\Downloaded Program Files\InstFred.ocx <Verified; Autodesk, Inc.; InstFred ActiveX Control Module>
      2000-06-02 12:29:42 102912 --a------ C:\WINDOWS\Downloaded Program Files\ipixx.ocx <Not Verified; Internet Pictures Corp.; iPIXX ActiveX Control Module>

      -*- End of Logfile -*-
      0
  3. fiat500 Messages postés 2681 Statut Membre 82
     
    bonjour et bienvenu

    télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    * Double-clique dessus pour lancer l'installation
    * Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    * Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
    * Patiente jusqu'à la fin du scan
    * Poste le rapport généré (C:\lopR.txt)
    ---
    0
    1. Mairea
       
      Merci Fiat500 pour réponse très vite

      voila le résultat

      -----------------------[ Lop S&D 4.2.1-4 XP/Vista ]---------------------

      [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
      [ USER : em ] [ "C:\Lop SD" ] [ Selection : 1 ]
      [ 15/06/2008 | 10.40.13,82 ] [ PC : D25MMR1J ]
      [ MAJ : 13-06-2008 | 02:10 ]

      -------------[ Listing des dossiers dans Application Data ]------------

      [03/08/2005|10.04] C:\DOCUME~1\ADMINI~1\DATIAP~1\Adobe
      [09/09/2004|09.43] C:\DOCUME~1\ADMINI~1\DATIAP~1\desktop.ini
      [09/09/2004|09.57] C:\DOCUME~1\ADMINI~1\DATIAP~1\Identities
      [26/07/2005|19.47] C:\DOCUME~1\ADMINI~1\DATIAP~1\Intel
      [26/07/2005|19.59] C:\DOCUME~1\ADMINI~1\DATIAP~1\Jasc Software Inc
      [06/08/2005|22.18] C:\DOCUME~1\ADMINI~1\DATIAP~1\Leadertech
      [03/08/2005|12.56] C:\DOCUME~1\ADMINI~1\DATIAP~1\Macromedia
      [03/08/2005|14.43] C:\DOCUME~1\ADMINI~1\DATIAP~1\Microsoft
      [14/06/2008|08.45] C:\DOCUME~1\ADMINI~1\DATIAP~1\Real
      [06/08/2005|22.19] C:\DOCUME~1\ADMINI~1\DATIAP~1\Sonic
      [26/07/2005|19.45] C:\DOCUME~1\ADMINI~1\DATIAP~1\Sun
      [26/07/2005|19.55] C:\DOCUME~1\ADMINI~1\DATIAP~1\Symantec
      [03/08/2005|14.43] C:\DOCUME~1\ADMINI~1\DATIAP~1\Template
      [1|File] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte
      [14|Directory] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte disponibili

      [23/06/2006|14.32] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
      [23/06/2006|14.34] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe Systems
      [07/05/2007|18.16] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Autodesk
      [13/06/2008|00.47] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Avira
      [10/12/2007|14.47] C:\DOCUME~1\ALLUSE~1\DATIAP~1\CanonBJ
      [09/09/2004|09.43] C:\DOCUME~1\ALLUSE~1\DATIAP~1\desktop.ini
      [20/04/2007|23.15] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
      [26/07/2005|19.59] C:\DOCUME~1\ALLUSE~1\DATIAP~1\InstallShield
      [26/07/2005|19.47] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Intel
      [11/04/2007|10.15] C:\DOCUME~1\ALLUSE~1\DATIAP~1\McNeel
      [24/09/2007|23.03] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
      [26/07/2005|19.49] C:\DOCUME~1\ALLUSE~1\DATIAP~1\QSLLPSVCShare
      [10/12/2007|14.55] C:\DOCUME~1\ALLUSE~1\DATIAP~1\ScanSoft
      [13/06/2008|00.41] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Symantec
      [15/06/2008|08.45] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TEMP
      [16/01/2007|00.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
      [24/09/2007|22.55] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WLInstaller
      [02/11/2006|17.17] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Yahoo!
      [02/11/2006|17.39] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Yahoo! Companion
      [2|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
      [19|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

      [09/09/2004|09.43] C:\DOCUME~1\DEFAUL~1\DATIAP~1\desktop.ini
      [09/09/2004|09.57] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Identities
      [26/07/2005|19.47] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Intel
      [26/07/2005|19.59] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Jasc Software Inc
      [09/09/2004|09.43] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
      [26/07/2005|19.45] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Sun
      [26/07/2005|19.55] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Symantec
      [1|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
      [8|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

      [09/06/2008|11.14] C:\DOCUME~1\em\DATIAP~1\Adobe
      [22/06/2006|20.56] C:\DOCUME~1\em\DATIAP~1\Ahead
      [07/05/2007|18.32] C:\DOCUME~1\em\DATIAP~1\Autodesk
      [10/12/2007|15.04] C:\DOCUME~1\em\DATIAP~1\Canon
      [03/08/2005|08.50] C:\DOCUME~1\em\DATIAP~1\CyberLink
      [10/06/2008|17.37] C:\DOCUME~1\em\DATIAP~1\DAEMON Tools
      [09/09/2004|09.43] C:\DOCUME~1\em\DATIAP~1\desktop.ini
      [22/02/2007|18.10] C:\DOCUME~1\em\DATIAP~1\Google
      [09/01/2006|14.28] C:\DOCUME~1\em\DATIAP~1\Help
      [11/12/2006|15.00] C:\DOCUME~1\em\DATIAP~1\ICQLite
      [09/09/2004|09.57] C:\DOCUME~1\em\DATIAP~1\Identities
      [26/07/2005|19.47] C:\DOCUME~1\em\DATIAP~1\Intel
      [02/08/2005|17.19] C:\DOCUME~1\em\DATIAP~1\InterTrust
      [26/07/2005|19.59] C:\DOCUME~1\em\DATIAP~1\Jasc Software Inc
      [11/10/2005|00.27] C:\DOCUME~1\em\DATIAP~1\Leadertech
      [22/02/2007|12.47] C:\DOCUME~1\em\DATIAP~1\Macromedia
      [14/05/2008|01.32] C:\DOCUME~1\em\DATIAP~1\mainhst.zgh
      [08/12/2007|19.58] C:\DOCUME~1\em\DATIAP~1\Microsoft
      [29/03/2006|09.43] C:\DOCUME~1\em\DATIAP~1\Microsoft Web Folders
      [23/06/2006|14.54] C:\DOCUME~1\em\DATIAP~1\Opera
      [14/06/2008|01.18] C:\DOCUME~1\em\DATIAP~1\PC Tools
      [29/05/2008|17.07] C:\DOCUME~1\em\DATIAP~1\Real
      [15/04/2008|10.54] C:\DOCUME~1\em\DATIAP~1\Relux Informatik AG
      [10/12/2007|14.55] C:\DOCUME~1\em\DATIAP~1\ScanSoft
      [09/08/2005|22.49] C:\DOCUME~1\em\DATIAP~1\Sonic
      [26/07/2005|19.45] C:\DOCUME~1\em\DATIAP~1\Sun
      [02/08/2005|16.07] C:\DOCUME~1\em\DATIAP~1\Symantec
      [02/08/2005|16.59] C:\DOCUME~1\em\DATIAP~1\Template
      [10/06/2008|21.53] C:\DOCUME~1\em\DATIAP~1\WinRAR
      [28/04/2007|20.46] C:\DOCUME~1\em\DATIAP~1\ZipGenius
      [2|File] C:\DOCUME~1\em\DATIAP~1\byte
      [30|Directory] C:\DOCUME~1\em\DATIAP~1\byte disponibili

      [13/06/2008|11.12] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
      [17/12/2006|20.24] C:\DOCUME~1\LOCALS~1\DATIAP~1\Symantec
      [0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
      [4|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

      [09/09/2004|09.43] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
      [11/06/2006|12.31] C:\DOCUME~1\NETWOR~1\DATIAP~1\Symantec
      [0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
      [4|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

      [27/08/2005|13.47] C:\DOCUME~1\op\DATIAP~1\Adobe
      [07/08/2005|21.32] C:\DOCUME~1\op\DATIAP~1\CyberLink
      [09/09/2004|09.43] C:\DOCUME~1\op\DATIAP~1\desktop.ini
      [09/09/2004|09.57] C:\DOCUME~1\op\DATIAP~1\Identities
      [26/07/2005|19.47] C:\DOCUME~1\op\DATIAP~1\Intel
      [27/08/2005|13.45] C:\DOCUME~1\op\DATIAP~1\Jasc Software Inc
      [09/09/2004|09.43] C:\DOCUME~1\op\DATIAP~1\Microsoft
      [26/07/2005|19.45] C:\DOCUME~1\op\DATIAP~1\Sun
      [26/07/2005|19.55] C:\DOCUME~1\op\DATIAP~1\Symantec
      [1|File] C:\DOCUME~1\op\DATIAP~1\byte
      [10|Directory] C:\DOCUME~1\op\DATIAP~1\byte disponibili

      [09/09/2004|09.43] C:\DOCUME~1\vd\DATIAP~1\desktop.ini
      [09/09/2004|09.57] C:\DOCUME~1\vd\DATIAP~1\Identities
      [26/07/2005|19.47] C:\DOCUME~1\vd\DATIAP~1\Intel
      [26/07/2005|19.59] C:\DOCUME~1\vd\DATIAP~1\Jasc Software Inc
      [09/09/2004|09.43] C:\DOCUME~1\vd\DATIAP~1\Microsoft
      [10/06/2008|16.10] C:\DOCUME~1\vd\DATIAP~1\Real
      [26/07/2005|19.45] C:\DOCUME~1\vd\DATIAP~1\Sun
      [26/07/2005|19.55] C:\DOCUME~1\vd\DATIAP~1\Symantec
      [1|File] C:\DOCUME~1\vd\DATIAP~1\byte
      [9|Directory] C:\DOCUME~1\vd\DATIAP~1\byte disponibili

      ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

      [15/06/2008 07.52][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [19/08/2004 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

      ---------------[ Listing des dossiers dans C:\Programmi ]--------------

      [14/09/2007|11.45] C:\Programmi\@Last Software
      [15/02/2007|10.42] C:\Programmi\Acro Software
      [05/11/2007|09.47] C:\Programmi\Adobe
      [07/05/2007|18.12] C:\Programmi\AnswerWorks 4.0
      [26/07/2005|19.33] C:\Programmi\Apoint
      [10/12/2007|14.52] C:\Programmi\ArcSoft
      [26/07/2005|19.46] C:\Programmi\ATI Technologies
      [13/10/2007|19.08] C:\Programmi\Audacity
      [17/05/2007|15.05] C:\Programmi\AutoCAD 2002 Ita
      [07/05/2007|18.12] C:\Programmi\AutoCAD 2007
      [07/05/2007|18.04] C:\Programmi\autodesk
      [03/08/2005|12.39] C:\Programmi\AVerTV USB 2.0 Plus
      [22/08/2005|12.01] C:\Programmi\AVerTV USB 2.0 Plus Driver
      [13/06/2008|00.47] C:\Programmi\Avira
      [26/07/2005|19.50] C:\Programmi\Broadcom
      [30/09/2007|00.57] C:\Programmi\C6 Messenger
      [10/12/2007|14.49] C:\Programmi\Canon
      [10/12/2007|14.46] C:\Programmi\CanonBJ
      [09/09/2004|09.48] C:\Programmi\ComPlus Applications
      [26/07/2005|19.34] C:\Programmi\CONEXANT
      [26/07/2005|19.50] C:\Programmi\CyberLink
      [26/07/2005|19.54] C:\Programmi\Dell
      [26/07/2005|19.59] C:\Programmi\Dell Inc
      [26/07/2005|19.49] C:\Programmi\Digital Line Detect
      [13/06/2008|00.36] C:\Programmi\File comuni
      [13/11/2005|20.20] C:\Programmi\Finson Live Update
      [02/08/2005|16.20] C:\Programmi\FlyNet
      [05/05/2007|23.45] C:\Programmi\Google
      [15/02/2007|10.41] C:\Programmi\GPLGS
      [15/04/2008|10.20] C:\Programmi\Guzzini
      [20/12/2006|23.01] C:\Programmi\ICQLite
      [18/12/2006|15.08] C:\Programmi\ICQToolbar
      [15/04/2008|10.25] C:\Programmi\InstallShield Installation Information
      [26/07/2005|19.48] C:\Programmi\Intel
      [26/07/2005|19.47] C:\Programmi\Intel, Inc
      [11/04/2008|21.04] C:\Programmi\Internet Explorer
      [26/07/2005|19.59] C:\Programmi\Jasc Software Inc
      [10/06/2007|13.09] C:\Programmi\Java
      [25/09/2007|11.28] C:\Programmi\Macrogaming
      [15/12/2006|10.22] C:\Programmi\Messenger
      [26/09/2007|08.59] C:\Programmi\Microsoft CAPICOM 2.1.0.2
      [29/03/2006|09.42] C:\Programmi\microsoft frontpage
      [09/12/2007|02.34] C:\Programmi\Microsoft Office
      [29/03/2006|09.47] C:\Programmi\Microsoft Visual Studio
      [26/07/2005|19.52] C:\Programmi\Microsoft Works
      [26/07/2005|19.48] C:\Programmi\Modem Helper
      [09/09/2004|09.49] C:\Programmi\Movie Maker
      [09/09/2004|09.48] C:\Programmi\MSN Gaming Zone
      [25/11/2006|11.46] C:\Programmi\MSXML 4.0
      [09/09/2004|09.49] C:\Programmi\NetMeeting
      [26/07/2005|19.48] C:\Programmi\NetWaiting
      [13/06/2007|17.13] C:\Programmi\Outlook Express
      [15/04/2008|10.25] C:\Programmi\Philips Lighting
      [27/03/2007|09.54] C:\Programmi\POV-Ray for Windows v3.6
      [15/04/2008|10.53] C:\Programmi\Relux.2007
      [11/04/2007|10.15] C:\Programmi\Rhinoceros 4.0
      [01/11/2007|12.44] C:\Programmi\Samsung ML-1610 Series
      [10/12/2007|14.53] C:\Programmi\ScanSoft
      [09/09/2004|09.49] C:\Programmi\Servizi in linea
      [26/07/2005|19.34] C:\Programmi\Sigmatel
      [03/08/2007|12.30] C:\Programmi\SkyMap Pro 11 Demo
      [11/10/2005|00.20] C:\Programmi\Sonic
      [14/06/2008|02.02] C:\Programmi\Spyware Doctor
      [13/06/2008|00.41] C:\Programmi\Symantec
      [15/04/2008|10.37] C:\Programmi\Thorn
      [26/07/2005|19.46] C:\Programmi\Tiscali
      [14/06/2008|21.19] C:\Programmi\Trend Micro
      [09/09/2004|09.57] C:\Programmi\Uninstall Information
      [09/01/2006|14.25] C:\Programmi\Volo View Express
      [09/01/2006|14.25] C:\Programmi\WexTech
      [24/09/2007|23.08] C:\Programmi\Windows Live
      [02/06/2008|11.15] C:\Programmi\Windows Media Connect 2
      [02/06/2008|11.15] C:\Programmi\Windows Media Player
      [09/09/2004|09.48] C:\Programmi\Windows NT
      [09/09/2004|09.50] C:\Programmi\WindowsUpdate
      [10/06/2008|21.51] C:\Programmi\WinRAR
      [09/09/2004|09.51] C:\Programmi\xerox
      [02/11/2006|17.16] C:\Programmi\Yahoo!
      [15/04/2008|10.32] C:\Programmi\Your Company Name
      [09/06/2007|14.58] C:\Programmi\Zero G Registry
      [24/01/2007|18.48] C:\Programmi\ZipGenius 6
      [15/04/2008|10.49] C:\Programmi\Zumtobel
      [0|File] C:\Programmi\byte
      [84|Directory] C:\Programmi\byte disponibili

      ------[ Listing des dossiers dans C:\Programmi\File comuni ]------

      [15/04/2008|10.32] C:\Programmi\File comuni\ACADView
      [23/06/2006|14.37] C:\Programmi\File comuni\Adobe
      [23/06/2006|14.34] C:\Programmi\File comuni\Adobe Systems Shared
      [07/05/2007|18.13] C:\Programmi\File comuni\Autodesk Shared
      [15/04/2008|10.21] C:\Programmi\File comuni\Borland Shared
      [15/04/2008|10.32] C:\Programmi\File comuni\COPHOS
      [07/05/2007|18.11] C:\Programmi\File comuni\Designer
      [26/07/2005|19.59] C:\Programmi\File comuni\InstallShield
      [02/08/2005|17.17] C:\Programmi\File comuni\IviSDK
      [26/07/2005|19.59] C:\Programmi\File comuni\Jasc Software Inc
      [26/07/2005|19.45] C:\Programmi\File comuni\Java
      [09/01/2006|14.25] C:\Programmi\File comuni\LHSPF
      [09/12/2007|02.34] C:\Programmi\File comuni\Microsoft Shared
      [09/09/2004|09.49] C:\Programmi\File comuni\MSSoap
      [09/09/2004|09.44] C:\Programmi\File comuni\ODBC
      [15/04/2008|10.24] C:\Programmi\File comuni\Philips Lighting
      [15/04/2008|10.48] C:\Programmi\File comuni\Product Explorer
      [29/05/2008|16.59] C:\Programmi\File comuni\Real
      [10/12/2007|14.54] C:\Programmi\File comuni\ScanSoft Shared
      [09/09/2004|09.49] C:\Programmi\File comuni\Services
      [11/10/2005|00.20] C:\Programmi\File comuni\Sonic Shared
      [09/09/2004|09.44] C:\Programmi\File comuni\SpeechEngines
      [13/06/2008|00.41] C:\Programmi\File comuni\Symantec Shared
      [13/06/2007|17.13] C:\Programmi\File comuni\System
      [11/10/2005|00.22] C:\Programmi\File comuni\TiVo Shared
      [22/06/2006|22.22] C:\Programmi\File comuni\Vbox
      [09/01/2006|14.25] C:\Programmi\File comuni\Wextech Shared
      [15/04/2008|10.41] C:\Programmi\File comuni\Wise Installation Wizard
      [29/05/2008|17.00] C:\Programmi\File comuni\xing shared
      [0|File] C:\Programmi\File comuni\byte
      [31|Directory] C:\Programmi\File comuni\byte disponibili
      0
  4. Mairea
     
    Je dois le relancer?

    Je suis sur 2 machines, le portable malade e PC fixe pour communiquer avec vous
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    Ok, je comprends mieux.

    Tu as 2 ordis, le malade est sous Xp et l'autre sous Vista.

    L'alerte pour C:\System Volume Information n'est pas inquiétante. C'est la restauration système. On s'en ocupera plus tard.

    Fais ça :

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le Bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  7. Mairea
     
    Oui, le malade est sous XP e le fixe est sous Vista.

    I'ai fait tout ce que ie devais faire, desactivé Antivir, firewall, antispyware, mais au démarrage automatique avant le report Combofix, Antivir était active de nouveau, pas d'alerte.

    voila le rapport, mais peut etre il y a des problems pour un click du souris

    ComboFix 08-06-12.2 - em 2008-06-15 12.41.29.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.135 [GMT 2:00]
    Eseguito da: C:\Documents and Settings\em\Desktop\ComboFix.exe
    * Creato nuovo punto di ripristino

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMe79b33e9.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\dkywinsp.ini
    C:\WINDOWS\system32\gltcqhud.dll
    C:\WINDOWS\system32\hxirurru.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\OWvuwyay.ini
    C:\WINDOWS\system32\OWvuwyay.ini2
    C:\WINDOWS\system32\qeattdvr.dll
    C:\WINDOWS\system32\svovrdlb.ini
    C:\WINDOWS\system32\wtwfital.dll
    C:\WINDOWS\system32\yaywuvWO.dll

    .
    ((((((((((((((((((((((((( Files Creati Da 2008-05-15 al 2008-06-15 )))))))))))))))))))))))))))))))))))
    .

    2008-06-15 11:24 . 2008-06-15 11:24 <DIR> d-------- C:\Deckard
    2008-06-15 10:38 . 2008-06-15 10:45 <DIR> d-------- C:\Lop SD
    2008-06-14 21:19 . 2008-06-14 21:19 <DIR> d-------- C:\Programmi\Trend Micro
    2008-06-14 01:19 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-06-14 01:19 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-06-14 01:19 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-06-14 01:19 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-06-14 01:18 . 2008-06-14 01:18 <DIR> d-------- C:\Documents and Settings\em\Dati applicazioni\PC Tools
    2008-06-13 00:47 . 2008-06-13 00:47 <DIR> d-------- C:\Programmi\Avira
    2008-06-13 00:47 . 2008-06-13 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
    2008-06-10 17:37 . 2008-06-10 17:37 <DIR> d-------- C:\Documents and Settings\em\Dati applicazioni\DAEMON Tools
    2008-06-10 17:02 . 2008-06-10 17:04 64,512 --a------ C:\WINDOWS\system32\fccyaATK.dll.vir
    2008-06-10 16:55 . 2008-06-10 17:35 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-10 12:24 . 2008-06-10 22:45 108 --a------ C:\WINDOWS\TB50.INI
    2008-06-05 11:02 . 2008-06-05 11:02 118 --a------ C:\WINDOWS\system32\MRT.INI
    2008-06-05 11:00 . 2008-06-05 11:00 <DIR> d-------- C:\56fbd039c4aec52422ff111ed9ee85
    2008-06-02 11:16 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2008-06-02 11:16 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2008-06-02 11:16 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
    2008-06-02 11:15 . 2008-06-02 11:15 <DIR> d-------- C:\Programmi\Windows Media Connect 2
    2008-06-02 11:12 . 2008-06-02 11:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2008-06-02 11:12 . 2008-06-02 11:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-05-29 17:00 . 2008-05-29 17:00 <DIR> d-------- C:\Programmi\File comuni\xing shared
    2008-05-29 16:59 . 2008-05-29 16:59 <DIR> d-------- C:\Programmi\File comuni\Real

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-15 11:04 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
    2008-06-14 00:02 --------- d-----w C:\Programmi\Spyware Doctor
    2008-06-12 22:41 --------- d-----w C:\Programmi\Symantec
    2008-06-12 22:41 --------- d-----w C:\Programmi\File comuni\Symantec Shared
    2008-06-12 22:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
    2008-04-15 08:54 --------- d-----w C:\Documents and Settings\em\Dati applicazioni\Relux Informatik AG
    2008-04-15 08:53 --------- d-----w C:\Programmi\Relux.2007
    2008-04-15 08:49 --------- d-----w C:\Programmi\Zumtobel
    2008-04-15 08:48 --------- d-----w C:\Programmi\File comuni\Product Explorer
    2008-04-15 08:41 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
    2008-04-15 08:37 --------- d-----w C:\Programmi\Thorn
    2008-04-15 08:32 --------- d-----w C:\Programmi\Your Company Name
    2008-04-15 08:32 --------- d-----w C:\Programmi\File comuni\COPHOS
    2008-04-15 08:32 --------- d-----w C:\Programmi\File comuni\ACADView
    2008-04-15 08:25 --------- d--h--w C:\Programmi\InstallShield Installation Information
    2008-04-15 08:25 --------- d-----w C:\Programmi\Philips Lighting
    2008-04-15 08:24 --------- d-----w C:\Programmi\File comuni\Philips Lighting
    2008-04-15 08:21 --------- d-----w C:\Programmi\File comuni\Borland Shared
    2008-04-15 08:20 --------- d-----w C:\Programmi\Guzzini
    .

    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]
    "swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 18:53 68856]
    "DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [ ]
    "Microsoft©"="C:\WINDOWS\system32\dllcache\iexplore.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 22:00 344064]
    "IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-03-16 05:33 127037]
    "Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
    "TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-05-29 16:59 185896]
    "SunJavaUpdateSched"="C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
    "SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
    "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 07:34 360448]
    "OpwareSE4"="C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
    "Microsoft©"="C:\WINDOWS\system32\dllcache\iexplore.exe" [ ]
    "ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
    "ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
    "DVDLauncher"="C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
    "DMXLauncher"="C:\Programmi\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
    "Dell QuickSet"="C:\Programmi\Dell\QuickSet\quickset.exe" [2005-03-04 12:26 606208]
    "CnxDslTaskBar"="C:\Programmi\FlyNet\CnxDslTb.exe" [2005-08-02 16:19 462848]
    "Apoint"="C:\Programmi\Apoint\Apoint.exe" [2004-09-13 17:33 155648]
    "e4a80075"="C:\WINDOWS\system32\urrurixh.dll" [ ]
    "avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "ISTray"="C:\Programmi\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]

    C:\Documents and Settings\em\Menu Avvio\Programmi\Esecuzione automatica\
    Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
    Digital Line Detect.lnk - C:\Programmi\Digital Line Detect\DLG.exe [2005-07-26 19:49:05 24576]
    Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
    QuickTV.lnk - C:\Programmi\AVerTV USB 2.0 Plus\QuickTV.exe [2005-03-23 10:36:50 401408]
    Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 12:43:54 11000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Programmi\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Programmi\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

    R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-08 15:52]
    S3 CnxEtP;FlyNet ADSL USB MODEM WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-08-02 16:19]
    S3 CnxEtU;ADSL USB MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-08-02 16:19]
    S3 CnxTgN;FlyNet ADSL USB MODEM WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2005-08-02 16:19]
    S3 StkMini;AVerTV USB 2.0 Plus Video Capture;C:\WINDOWS\system32\Drivers\StkMini.sys [2005-02-15 16:44]
    S3 StkScan;AVerTV USB 2.0 Plus Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2004-11-05 18:36]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49376c60-2d9c-11dd-9717-00123fd637ad}]
    \Shell\Auto\command - F:\Start.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a734f574-2d80-11dd-9716-00123fd637ad}]
    \Shell\Auto\command - E:\Start.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdf44dae-2cc8-11dd-9715-00123fd637ad}]
    \Shell\AutoRun\command - E:\.\run\autorun.exe
    \Shell\open\Command - E:\.\run\autorun.exe

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-15 13:02:54
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programmi\Intel\Wireless\Bin\WLKEEPER.exe
    C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\drivers\CDANTSRV.EXE
    C:\Programmi\Dell\NicConfigSvc\NicConfigSvc.exe
    C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    C:\Programmi\Spyware Doctor\pctsAuxs.exe
    C:\Programmi\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\Apoint\ApntEx.exe
    .
    **************************************************************************
    .
    Ora fine scansione: 2008-06-15 13:10:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-15 11:10:46

    17 Directory 21,520,171,008 byte disponibili
    21 Directory 21,484,339,200 byte disponibili

    182 --- E O F --- 2008-06-09 12:30:02
    0
  8. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    remets un rapport Hijackthis.

    Comment va l'ordi malade ?
    0
    1. Mairea
       
      Mon ordinateur semble rajeuni bien qu'il y a toujour l'alerte Antivir C:\System Volume.....\....\A0001036.dll Trojan....

      voila Hijackthis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14.57.25, on 15/06/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
      C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
      C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
      C:\Programmi\Spyware Doctor\pctsAuxs.exe
      C:\Programmi\Spyware Doctor\pctsSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\fxssvc.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
      C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Programmi\File comuni\Real\Update_OB\realsched.exe
      C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
      C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
      C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
      C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
      C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe
      C:\Programmi\Dell\Media Experience\DMXLauncher.exe
      C:\Programmi\Dell\QuickSet\quickset.exe
      C:\Programmi\FlyNet\CnxDslTb.exe
      C:\Programmi\Apoint\Apoint.exe
      C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Programmi\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Programmi\Digital Line Detect\DLG.exe
      C:\Programmi\AVerTV USB 2.0 Plus\QuickTV.exe
      C:\Programmi\Apoint\Apntex.exe
      C:\WINDOWS\explorer.exe
      C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://it.search.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
      O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
      O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
      O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
      O4 - HKLM\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [DMXLauncher] C:\Programmi\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\quickset.exe
      O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
      O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
      O4 - HKLM\..\Run: [e4a80075] rundll32.exe "C:\WINDOWS\system32\urrurixh.dll",b
      O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: QuickTV.lnk = C:\Programmi\AVerTV USB 2.0 Plus\QuickTV.exe
      O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
      O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
      O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
      O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
      O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
      O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
      O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) -
      O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
      O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Unknown owner - C:\Programmi\Norton Internet Security\isPwdSvc.exe (file missing)
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
      0
    2. Mairea
       
      Il y a au démarrage toujour la fenetre RUNDLL
      Errore durante il caricamento di C:\WINDOWS\system\urrurixh.dll
      Impossibile trovare il modulo specificato

      mais respect a hier c'est comme nuveau
      0
  9. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    on va te débarrasser des messages;

    Ouvre ce lien :

    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

    dans un premier temps tu le suis pour désactiver la restauration système.

    Tu fermes la fenêtre.

    Dans un deuxième temps, tu le suis pour réactiver la restauration.

    Relance HijackThis.

    Choisis Do a scan only

    Coche la case devant les lignes suivantes

    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [e4a80075] rundll32.exe "C:\WINDOWS\system32\urrurixh.dll",b

    Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

    Clique sur fix checked.

    Ferme Hijackthis.

    Par contre,

    Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes, ce qui est un risque de sécurité.

    Si c'est le cas tu as le choix entre ces deux possibilités :

    Zone Alarm Tuto et lien de téléchargement ici :
    https://www.malekal.com/tutoriel-zonealarm-firewall/

    Kerio Tuto et lien de téléchargement ici :
    http://www.malekal.com/kerio_firewall.php

    Il y en a d'autres que tu peux trouver en ouvrant ce lien :
    http://www.malekal.com/menu_tutorials_logiciels.php

    Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).

    Et il faut contrôler un fichier :

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\dllcache\iexplore.exe

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant
    0
    1. mairea
       
      Dans mon ordinateur il n'y a pas C:\WINDOWS\System32\dllcache\iexplore.exe, il n'y a pas dllcache, il y a seulement C:\Programmi\Internet Explorer\iexplore.exe. C'est tout
      0
  10. fiat500 Messages postés 2681 Statut Membre 82
     
    bonjour a tous

    va dans panneaux de configuration option des dossiers affichage et coche la case afficher les fichier cacher et ok puis cherche C:\WINDOWS\System32\dllcache\iexplore.exe
    0
  11. mairea
     
    j'ai déjà cherché le fichier avec l'option "Recherche"
    0
  12. Mairea2
     
    Bonjour,
    je répond de la part de Mairea, qui a du sortir avec urgence...
    Comme vous avez dit, elle a vérifié que la case "afficher les fichiers cachés" soit cochée. Malgré ça elle n'a pas trouvé le fiichier C:\WINDOWS\System32\dllcache\iexplore.exe... Comment on peut faire maintenant??
    Mairea rentrera seulement ce soir, donc elle pourra lire les réponses seulement ce soir.
    Merci en avance pour votre aide!!
    Mairea2
    0
  13. fiat500 Messages postés 2681 Statut Membre 82
     
    fais un scan en ligne avec Internet Explorer stp:

    BitDefender en ligne: http://www.bitdefender.fr/scan_fr/scan8/ie.html
    Tutoriel BitDefender en ligne: http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm
    0
  14. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    tout le reste a été fait ?

    Pour le dernier fichier, on fait comme ça :

    Relance HijackThis.

    Choisis Do a scan only

    Coche la case devant les lignes suivantes

    C:\WINDOWS\system32\dllcache\iexplore.exe

    Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

    Clique sur fix checked.

    Ferme Hijackthis.

    Fais redémarrer l'ordi et remets un rapport Hijackthis.
    0
  15. mairea
     
    Relancé HijackThis j'ai trouvé:
    04-HKLM\...\Run:[Microsoft] C:\WINDOWS\System32\dllcache\iexplore.exe
    04-HKCU\...\Run:[Microsoft] C:\WINDOWS\System32\dllcache\iexplore.exe
    Je dois coché tous le deux?
    0
  16. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    oui, coche les 2 et tu redémarreras l'ordi.

    Tu me remettras un rapport Hijackthis.
    0
  17. mairea
     
    Voila le rapport Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22.03.46, on 15/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    C:\Programmi\Spyware Doctor\pctsAuxs.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\Programmi\Spyware Doctor\pctsSvc.exe
    C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
    C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Programmi\Dell\Media Experience\DMXLauncher.exe
    C:\Programmi\Dell\QuickSet\quickset.exe
    C:\Programmi\FlyNet\CnxDslTb.exe
    C:\Programmi\Apoint\Apoint.exe
    C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programmi\Apoint\Apntex.exe
    C:\Programmi\Digital Line Detect\DLG.exe
    C:\Programmi\AVerTV USB 2.0 Plus\QuickTV.exe
    C:\Programmi\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://it.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Programmi\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: QuickTV.lnk = C:\Programmi\AVerTV USB 2.0 Plus\QuickTV.exe
    O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
    O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) -
    O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Unknown owner - C:\Programmi\Norton Internet Security\isPwdSvc.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
    0
  18. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    ce rapport me va bien.

    Comment va l'ordi ?

    Pendant que j'y pense, si tu as un routeur (ou une box), as-tu changé le mot de passe par défaut ? Sinon, fais le rapidement : un trojan s'attaque au mot de passe des routeurs en cherchant si le mot de passe ne figure pas dans une liste préétablie. Si oui, il prend le contrôle de l'ordi (et de la totalité du réseau). Un bon mot de passe doit avoir au moins 8 caractères et comprendre des lettres (en majuscule et en minuscule), des chiffres et des caractères spéciaux (é, #, ...). Il doit être conservé soigneusement (pour être retrouvé en cas d'oubli) ailleurs que sur un support informatique.
    0
  19. Mairea
     
    J’ai une connexion ADSL avec un normal modem USB donc je n’ai pas un routeur.
    Donc je pense que maintenant tout va bien… Mes password sont toujours de 8 caractères compréhensifs des caractères spéciaux ou des nombres.
    Si tout est bon et ton intervention se termines là, je te remercie infiniment. Grosses bises !
    (mais tu travaille toujours le dimanche et même la nuit ?)
    0
  20. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    je ne travaille pas (en tout cas pas quand je suis sur le site). Nous sommes toius bénévoles.

    On va éliminer les outils de désinfection devenus inutiles.

    Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

    http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
    hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

    Clique sur Recherche et laisse le scan se terminer.

    Clique, sur Suppression pour finaliser.

    Tu peux, si tu le souhaites, te servir des Options facultatives.

    Clique sur Quitter, pour que le rapport puisse se créer.

    Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

    0
  21. mairea
     
    -->- Recherche:

    C:\Lop SD: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\em\Desktop\Dss.exe: trouvé !
    C:\Documents and Settings\em\Desktop\HijackThis.lnk: trouvé !
    C:\Documents and Settings\em\Desktop\Lop S&D.lnk: trouvé !
    C:\Documents and Settings\em\Desktop\LopSD.exe: trouvé !
    C:\Documents and Settings\em\Desktop\VirtumundoBeGone.exe: trouvé !
    C:\Documents and Settings\em\Desktop\ComboFix.exe: trouvé !
    C:\Documents and Settings\em\Desktop\HJTInstall.exe: trouvé !
    C:\Documents and Settings\em\Menu Avvio\Programmi\Lop S&D: trouvé !
    C:\Documents and Settings\em\Recent\HijackThis.lnk: trouvé !
    C:\Lop SD\Lop S&D.lnk: trouvé !
    C:\Programmi\Trend Micro\HijackThis: trouvé !
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\em\Desktop\Dss.exe: supprimé !
    C:\Documents and Settings\em\Desktop\HijackThis.lnk: supprimé !
    C:\Documents and Settings\em\Desktop\Lop S&D.lnk: supprimé !
    C:\Documents and Settings\em\Desktop\LopSD.exe: supprimé !
    C:\Documents and Settings\em\Desktop\VirtumundoBeGone.exe: supprimé !
    C:\Documents and Settings\em\Desktop\ComboFix.exe: supprimé !
    C:\Documents and Settings\em\Desktop\HJTInstall.exe: supprimé !
    C:\Documents and Settings\em\Recent\HijackThis.lnk: supprimé !
    C:\Lop SD\Lop S&D.lnk: supprimé !
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Lop SD: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis: supprimé !
    C:\Documents and Settings\em\Menu Avvio\Programmi\Lop S&D: supprimé !
    C:\Programmi\Trend Micro\HijackThis: supprimé !
    0
  • 1
  • 2