Sujet Précédent Sujet Suivant

Trojan-Spy.Win32.keylogger.aa ou GreenScreen

Résolu
Jkanon -  
 Utilisateur anonyme -
Bonjour a tous,
je suis novice dans ce domaine et j'ai cette case'Trojan-Spy.Win32.keylogger.aa ou GreenScreen' qui n'arrete pas de s'ouvrir a chaque fois que je suis sur le net.j'ai pu lire qu'il fallait envoyer un rapport de hijackthis.je vous l'envoi ci-dessous.Merci de m'aider:
A noter que j'ai encore windows XP

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Dati applicazioni\beboxshw\zgxunsls.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\fwhqlmvw.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\aplsts12.exe
C:\WINDOWS\system32\OEMipm12.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Programmi\PC-Antispy\ASpyStBlk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OLIVETTIEVM] C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DbSys] C:\WINDOWS\system32\fwhqlmvw.exe
O4 - HKLM\..\Policies\Explorer\Run: [CbQSXZ2yNz] C:\Documents and Settings\All Users\Dati applicazioni\beboxshw\zgxunsls.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-299502267-1060284298-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-299502267-1060284298-682003330-1003\..\Run: [DbSys] C:\WINDOWS\system32\fwhqlmvw.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-299502267-1060284298-682003330-1003 Startup: .security (User '?')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117440263707
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d32fbddce0f45c87.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O21 - SSODL: SysInfo - {448879F1-57A4-F9B4-F77D-038C271D9950} - C:\Programmi\wioyrl\SysInfo.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
A voir également:

14 réponses

Réponse 1 / 14
Utilisateur anonyme
 
Bonjour,

-Relance Toolbar s&d cette fois ci avec l'option 2

-Poste moi le rapport

************************

Ensuite,

-Télécharge OTMoveIt2 de OldTimer-->http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

-Sauvegarde le sur ton Bureau.

-Double-Clique sur OTMoveIt2.exe pour le lancer.

-Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :

C:\Programmi\Crawler
C:\Programmi\PC-Antispy
C:\Programmi\wioyrl
C:\Documents and Settings\All Users\Dati applicazioni\beboxshw
C:\WINDOWS\system32\fwhqlmvw.exe
C:\Programmi\AskSBar

-Fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.

-Clique sur le bouton rouge Moveit!.

-Ferme OTMoveIt2.

Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.

-Poste le rapport de OTMoveIT ici : C:\_OTMoveIt\MovedFiles

************************

-Lance malwarebyte's antimalwares et met le a jour

-Execute un scan complet en mode sans echec

-Supprime tout ce qu'il te trouve (liste en rouge)

-Poste le rapport

1
Jkanon
 
Bonjour Inferno,
j'arrive pas a relancer : Toolbar s&d cette fois ci avec l'option 2
pas de rapport dispos pour toolbar s&d

Ensuite le rapport de OTMoveIT ci dessous :

C:\Programmi\Crawler\Toolbar\WSGData\domains moved successfully.
C:\Programmi\Crawler\Toolbar\WSGData moved successfully.
C:\Programmi\Crawler\Toolbar\Update moved successfully.
C:\Programmi\Crawler\Toolbar\TBR5LanguageAct moved successfully.
C:\Programmi\Crawler\Toolbar\STWSGLanguageAct moved successfully.
C:\Programmi\Crawler\Toolbar\Languages moved successfully.
C:\Programmi\Crawler\Toolbar\Cache\STWSG moved successfully.
C:\Programmi\Crawler\Toolbar\Cache\COMMON moved successfully.
C:\Programmi\Crawler\Toolbar\Cache moved successfully.
Folder move failed. C:\Programmi\Crawler\Toolbar scheduled to be moved on reboot.
C:\Programmi\Crawler\Download moved successfully.
Folder move failed. C:\Programmi\Crawler scheduled to be moved on reboot.
C:\Programmi\PC-Antispy moved successfully.
C:\Programmi\wioyrl moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\beboxshw moved successfully.
C:\WINDOWS\system32\fwhqlmvw.exe moved successfully.
C:\Programmi\AskSBar\bar\Settings moved successfully.
C:\Programmi\AskSBar\bar\History moved successfully.
C:\Programmi\AskSBar\bar\Cache moved successfully.
C:\Programmi\AskSBar\bar\1.bin moved successfully.
C:\Programmi\AskSBar\bar moved successfully.
C:\Programmi\AskSBar moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09282008_162159

Files moved on Reboot...
C:\Programmi\Crawler\Toolbar moved successfully.
C:\Programmi\Crawler moved successfully.


Et aussi le rapport de malwarebyte's antimalwares :

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1216
Windows 5.1.2600 Service Pack 2

28/09/2008 17.10.06
mbam-log-2008-09-28 (17-10-06).txt

Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 94143
Temps écoulé: 40 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\clientax.clientinstaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\.security (Rogue.Multiple) -> Quarantined and deleted successfully.

Merci et a+
0
Réponse 2 / 14
Utilisateur anonyme
 
Mer** dsl clique sur Fix checked
1
Jkanon
 
Voila inferno c'est fait ci dessous le rapport:
Merci

ComboFix 08-09-27.01 - qwerty 2008-09-28 18.49.56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.151 [GMT 2:00]
Eseguito da: C:\Documents and Settings\qwerty\Desktop\ComboFix.exe

[color=red][b]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/b][/color]
.

((((((((((((((((((((((((( Files Creati Da 2008-08-28 al 2008-09-28 )))))))))))))))))))))))))))))))))))
.

2008-09-28 16:21 . 2008-09-28 16:21 <DIR> d-------- C:\_OTMoveIt
2008-09-28 12:54 . 2008-09-28 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-28 10:42 . 2008-09-28 10:42 2,258 --a------ C:\Documents and Settings\Orph.egd
2008-09-28 10:39 . 2008-09-28 10:43 <DIR> d-------- C:\ToolBar SD
2008-09-28 02:24 . 2008-09-28 02:24 <DIR> d-------- C:\Programmi\Trend Micro
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 02:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 19:34 . 2008-09-27 19:34 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\TuneUp Software
2008-09-27 19:34 . 2008-09-27 19:34 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-27 19:34 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-27 19:33 . 2008-09-27 19:34 <DIR> d-------- C:\Programmi\TuneUp Utilities 2008
2008-09-27 19:33 . 2008-09-27 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2008-09-27 19:32 . 2008-09-27 19:32 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-28 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-27 18:01 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-26 23:33 . 2008-09-27 15:50 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-26 23:20 . 2008-09-26 23:20 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Antispyware
2008-09-24 15:07 . 2008-09-24 15:07 244 --ah----- C:\sqmnoopt10.sqm
2008-09-24 15:07 . 2008-09-24 15:07 232 --ah----- C:\sqmdata10.sqm
2008-09-23 18:21 . 2008-09-23 18:21 244 --ah----- C:\sqmnoopt09.sqm
2008-09-23 18:21 . 2008-09-23 18:21 232 --ah----- C:\sqmdata09.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt06.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata06.sqm
2008-09-23 18:18 . 2008-09-23 18:18 244 --ah----- C:\sqmnoopt05.sqm
2008-09-23 18:18 . 2008-09-23 18:18 232 --ah----- C:\sqmdata05.sqm
2008-09-23 18:15 . 2008-09-23 18:15 244 --ah----- C:\sqmnoopt04.sqm
2008-09-23 18:15 . 2008-09-23 18:15 232 --ah----- C:\sqmdata04.sqm
2008-09-23 12:52 . 2008-09-23 12:52 244 --ah----- C:\sqmnoopt03.sqm
2008-09-23 12:52 . 2008-09-23 12:52 232 --ah----- C:\sqmdata03.sqm
2008-09-23 02:08 . 2008-09-27 09:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-20 23:43 . 2008-09-26 23:38 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Azureus
2008-09-20 23:43 . 2008-09-20 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-09-20 23:42 . 2008-09-26 23:38 <DIR> d-------- C:\Programmi\Vuze
2008-09-06 15:44 . 2008-09-06 15:44 244 --ah----- C:\sqmnoopt02.sqm
2008-09-06 15:44 . 2008-09-06 15:44 232 --ah----- C:\sqmdata02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 16:11 --------- d-----w C:\Documents and Settings\qwerty\Dati applicazioni\Skype
2008-09-26 09:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-08-13 16:54 --------- d-----w C:\Programmi\Google
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-11-26 17:21 19,544 ----a-w C:\Documents and Settings\qwerty\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-07-10 09:20 4,566,925 ----a-w C:\Programmi\eMule0.46b_Installer.exe
2005-07-10 09:17 4,204,404 -c--a-w C:\Programmi\eMule0.46a_Installer.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OLIVETTIEVM"="C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe" [2003-02-13 36864]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-23 579584]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-27 1783808]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]

C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-17 113664]
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ZDWlan.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ZDWlan.lnk
backup=C:\WINDOWS\pss\ZDWlan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^qwerty^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-01 11:51 190024 C:\Programmi\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Microsoft Office\\Office10\\NSREX.EXE"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Vuze\\Azureus.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-27 141312]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 OEMius12;USB to IEEE-1284.4 Translation Driver OEMius12;C:\WINDOWS\system32\DRIVERS\OEMius12.sys [2003-01-31 21456]
R3 Pml Driver OEM12;Pml Driver OEM12;C:\WINDOWS\system32\OEMipm12.exe [2003-01-10 65795]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-27 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846c0ad6-896f-11dd-b13b-000b6ad34133}]
\Shell\AutoRun\command - uqb0julr.bat
\Shell\explore\Command - uqb0julr.bat
\Shell\open\Command - uqb0julr.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5039248-f1ad-11dc-b0ae-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8761719-1e60-11dc-afc6-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-DbSys - C:\WINDOWS\system32\fwhqlmvw.exe
HKLM-Explorer_Run-CbQSXZ2yNz - C:\Documents and Settings\All Users\Dati applicazioni\beboxshw\zgxunsls.exe
SSODL-SysInfo-{448879F1-57A4-F9B4-F77D-038C271D9950} - C:\Programmi\wioyrl\SysInfo.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://it.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Crawler Search - tbr:iemenu
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 18:52:09
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
Ora fine scansione: 2008-09-28 18:55:16
ComboFix-quarantined-files.txt 2008-09-28 16:54:12
ComboFix2.txt 2008-09-28 12:01:13

Pre-Run: 48.827.748.352 byte disponibili
Post-Run: 48,861,028,352 byte disponibili

185 --- E O F --- 2008-09-27 08:21:56
0
Réponse 3 / 14
Utilisateur anonyme
 
As-tu tjrs des signes d'infections ?

refait un hijackthis stp
1
Jkanon
 
Non j'ai plus de sigmes d'infections.
Le rapport de hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.26.13, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\aplsts12.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\OEMipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [OLIVETTIEVM] C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117440263707
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d32fbddce0f45c87.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
0
Réponse 4 / 14
Utilisateur anonyme
 
C'est ok comment va le pc ? pas d'amelioration ?
0
Jkanon
 
Pour l'instant il y a plus rien qui s'affiche depuis les dernieres modifications.
Pense tu que c'est bon maintenant?????????
Merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
Utilisateur anonyme
 
Bonjour,

-Telecharge Toolbar s&d--> ToolBarSD.exe

-Suis ce tuto--> Tutorial ToolBarSD

-Execute l'option 1 (recherche)

-Poste moi le rapport avant de continuer

********************************

-Telecharge combofix--> ComboFix.exe

-Suis a la lettre ce tuto--> Tutorial Combofix

-/!\Ferme tous tes programmes et deconnecte-toi/!\

-Lance combofix

-Ne touche a rien pendant qu'il bosse

-Poste le rapport
-1
Jkanon
 
Bonjour Inferno,
je te remercie de ton intervention:
Cidessus le rapport de Tutorial ToolBarSD :
----------\\ Recherche de Fichiers / Dossiers ...

C:\Programmi\AskSBar
C:\Programmi\AskSBar\bar
C:\Programmi\Crawler
C:\Programmi\Crawler\Download
C:\Programmi\Crawler\Toolbar
C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\Toolbar Crawler

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.it/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://it.yahoo.com/"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 28/09/2008|10.43 - Option : [1]

-----------\\ Fin du rapport a 10.43.23,21

Ensuite celle de ComboFix.exe :


ComboFix 08-09-27.01 - qwerty 2008-09-28 13.50.33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.86 [GMT 2:00]
Eseguito da: C:\Documents and Settings\qwerty\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

[color=red][b]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!/b/color
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\akl
C:\Programmi\akl\akl.dll
C:\Programmi\akl\akl.exe
C:\Programmi\akl\uninstall.exe
C:\Programmi\akl\unsetup.exe
C:\Programmi\Inet Delivery
C:\Programmi\Inet Delivery\inetdl.exe
C:\Programmi\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Creati Da 2008-08-28 al 2008-09-28 )))))))))))))))))))))))))))))))))))
.

2008-09-28 12:54 . 2008-09-28 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-28 10:42 . 2008-09-28 10:42 2,258 --a------ C:\Documents and Settings\Orph.egd
2008-09-28 10:39 . 2008-09-28 10:43 <DIR> d-------- C:\ToolBar SD
2008-09-28 02:24 . 2008-09-28 02:24 <DIR> d-------- C:\Programmi\Trend Micro
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 02:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 19:34 . 2008-09-27 19:34 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\TuneUp Software
2008-09-27 19:34 . 2008-09-27 19:34 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-27 19:34 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-27 19:33 . 2008-09-27 19:34 <DIR> d-------- C:\Programmi\TuneUp Utilities 2008
2008-09-27 19:33 . 2008-09-27 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2008-09-27 19:32 . 2008-09-27 19:32 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-09-27 18:01 . 2008-09-27 18:01 <DIR> d-------- C:\Programmi\Crawler
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-28 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-27 18:01 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-26 23:33 . 2008-09-27 15:50 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-26 23:20 . 2008-09-26 23:20 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Antispyware
2008-09-26 11:55 . 2008-09-26 11:55 0 --ah----- C:\WINDOWS\.security
2008-09-26 11:55 . 2008-09-26 11:55 0 --ah----- C:\.security
2008-09-26 11:52 . 2008-09-26 12:34 <DIR> d-------- C:\Programmi\PC-Antispy
2008-09-26 01:29 . 2008-09-26 01:29 <DIR> d-------- C:\Programmi\wioyrl
2008-09-26 01:29 . 2008-09-26 01:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\beboxshw
2008-09-26 01:29 . 2008-09-26 01:29 86,016 --a------ C:\WINDOWS\system32\fwhqlmvw.exe
2008-09-24 15:07 . 2008-09-24 15:07 244 --ah----- C:\sqmnoopt10.sqm
2008-09-24 15:07 . 2008-09-24 15:07 232 --ah----- C:\sqmdata10.sqm
2008-09-23 18:21 . 2008-09-23 18:21 244 --ah----- C:\sqmnoopt09.sqm
2008-09-23 18:21 . 2008-09-23 18:21 232 --ah----- C:\sqmdata09.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt06.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata06.sqm
2008-09-23 18:18 . 2008-09-23 18:18 244 --ah----- C:\sqmnoopt05.sqm
2008-09-23 18:18 . 2008-09-23 18:18 232 --ah----- C:\sqmdata05.sqm
2008-09-23 18:15 . 2008-09-23 18:15 244 --ah----- C:\sqmnoopt04.sqm
2008-09-23 18:15 . 2008-09-23 18:15 232 --ah----- C:\sqmdata04.sqm
2008-09-23 12:52 . 2008-09-23 12:52 244 --ah----- C:\sqmnoopt03.sqm
2008-09-23 12:52 . 2008-09-23 12:52 232 --ah----- C:\sqmdata03.sqm
2008-09-23 02:08 . 2008-09-27 09:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-20 23:43 . 2008-09-26 23:38 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Azureus
2008-09-20 23:43 . 2008-09-20 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-09-20 23:42 . 2008-09-26 23:38 <DIR> d-------- C:\Programmi\Vuze
2008-09-20 23:42 . 2008-09-20 23:42 <DIR> d-------- C:\Programmi\AskSBar
2008-09-06 15:44 . 2008-09-06 15:44 244 --ah----- C:\sqmnoopt02.sqm
2008-09-06 15:44 . 2008-09-06 15:44 232 --ah----- C:\sqmdata02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 19:45 --------- d-----w C:\Documents and Settings\qwerty\Dati applicazioni\Skype
2008-09-26 09:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-08-13 16:54 --------- d-----w C:\Programmi\Google
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-11-26 17:21 19,544 ----a-w C:\Documents and Settings\qwerty\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-07-10 09:20 4,566,925 ----a-w C:\Programmi\eMule0.46b_Installer.exe
2005-07-10 09:17 4,204,404 -c--a-w C:\Programmi\eMule0.46a_Installer.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-22 68856]
"DbSys"="C:\WINDOWS\system32\fwhqlmvw.exe" [2008-09-26 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OLIVETTIEVM"="C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe" [2003-02-13 36864]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-23 579584]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-27 1783808]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CbQSXZ2yNz"="C:\Documents and Settings\All Users\Dati applicazioni\beboxshw\zgxunsls.exe" [2008-09-26 65536]

C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-17 113664]
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysInfo"= {448879F1-57A4-F9B4-F77D-038C271D9950} - C:\Programmi\wioyrl\SysInfo.dll [2008-09-26 114688]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ZDWlan.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ZDWlan.lnk
backup=C:\WINDOWS\pss\ZDWlan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^qwerty^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-01 11:51 190024 C:\Programmi\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Microsoft Office\\Office10\\NSREX.EXE"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Vuze\\Azureus.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-27 141312]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 OEMius12;USB to IEEE-1284.4 Translation Driver OEMius12;C:\WINDOWS\system32\DRIVERS\OEMius12.sys [2003-01-31 21456]
R3 Pml Driver OEM12;Pml Driver OEM12;C:\WINDOWS\system32\OEMipm12.exe [2003-01-10 65795]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-27 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846c0ad6-896f-11dd-b13b-000b6ad34133}]
\Shell\AutoRun\command - uqb0julr.bat
\Shell\explore\Command - uqb0julr.bat
\Shell\open\Command - uqb0julr.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5039248-f1ad-11dc-b0ae-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8761719-1e60-11dc-afc6-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-BearShare - C:\Programmi\BearShare\BearShare.exe
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-Yahoo! Pager - C:\Programmi\Yahoo!\Messenger\ypager.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://it.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Crawler Search - tbr:iemenu
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 13:54:16
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-09-28 14:01:12
ComboFix-quarantined-files.txt 2008-09-28 12:01:07

Pre-Run: 45.068.009.472 byte disponibili
Post-Run: 45,245,739,008 byte disponibili

255 --- E O F --- 2008-09-27 08:21:56

Merci et a+
0
Réponse 6 / 14
Utilisateur anonyme
 
Reposte moi un log hijackthis stp
-1
Jkanon
 
Re-bonjour Inferno,
Le voila:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.07.56, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\aplsts12.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\OEMipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O4 - HKLM\..\Run: [OLIVETTIEVM] C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DbSys] C:\WINDOWS\system32\fwhqlmvw.exe
O4 - HKLM\..\Policies\Explorer\Run: [CbQSXZ2yNz] C:\Documents and Settings\All Users\Dati applicazioni\beboxshw\zgxunsls.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117440263707
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d32fbddce0f45c87.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O21 - SSODL: SysInfo - {448879F1-57A4-F9B4-F77D-038C271D9950} - C:\Programmi\wioyrl\SysInfo.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
0
Réponse 7 / 14
Utilisateur anonyme
 
Relance hijackthis:

coche devant ces lignes:

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)

Relance combofix et poste moi le rapport il y a des restes !
-1
Jkanon
 
desolee inferno,
quand je coche les case apres je fais quoi?j'appuie sur quel touche?Merci
0
Réponse 8 / 14
Utilisateur anonyme
 
-Go ici--> https://www.virustotal.com/gui/ <-- fait analyser ceci: C:\Documents and Settings\Orph.egd

********************************

-Double-Clique sur OTMoveIt2.exe pour le lancer.

-Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :

C:\Documents and Settings\All Users\Dati applicazioni\Azureus
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus
C:\Programmi\Vuze

-Fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.

-Clique sur le bouton rouge Moveit!.

-Ferme OTMoveIt2.

Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.

-Poste le rapport de OTMoveIT ici : C:\_OTMoveIt\MovedFiles
-1
Jkanon
 
J'AI FAIT ANALYSER LE FICHIER ET IL Y A RIEN ENSUITE POUR LE RAPPORT DE OTMoveIT J'ARRIVE PAS A L'AVOIR JE FAIS COMMENT STP??
0
Réponse 9 / 14
Utilisateur anonyme
 
Comment ca ? tu as pourtant reussi la 1ere fois refait de la meme facon ou va ici le chercher -->C:\_OTMoveIt\MovedFiles
-1
Jkanon
 
Le voila enfin:

C:\Documents and Settings\All Users\Dati applicazioni\Azureus moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\torrents moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\tmp moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\shares moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\plugins moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\net moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\media\azpd moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\media moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\logs\save moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\logs moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\dht moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\active moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus moved successfully.
C:\Programmi\Vuze\plugins\azupnpav moved successfully.
C:\Programmi\Vuze\plugins\azupdater moved successfully.
C:\Programmi\Vuze\plugins\azrating moved successfully.
C:\Programmi\Vuze\plugins\azplugins moved successfully.
C:\Programmi\Vuze\plugins\azemp moved successfully.
C:\Programmi\Vuze\plugins moved successfully.
C:\Programmi\Vuze\.install4j moved successfully.
C:\Programmi\Vuze moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09282008_191346
0
Réponse 10 / 14
Utilisateur anonyme
 
Ca ma l'air mieux par contre fait analyser ceci: C:\WINDOWS\.security ; C:\.security

Relance hijackthis et coche devant ces lignes:

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)

clique sur fix checked !
-1
Jkanon
 
J'arrive pas a faire analyser le fichier que tuma'as envoyer,
il me dit que c'est vide.
Voila le nouveau rapport de hijackthis;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.38.27, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\aplsts12.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\OEMipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OLIVETTIEVM] C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117440263707
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d32fbddce0f45c87.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
0
Réponse 11 / 14
Utilisateur anonyme
 
Bon ca ma l'air plus propre !
-1
Jkanon
 
Pense tu que c'est bon maintenant et pense tu que je peux enlever de l'ordi combo fix,otmoove,hijackthis,etc.... et si oui comment je fais pour les enelever je les desinstalle comment.
Merci encore de ton aide precieuse.
0
Réponse 12 / 14
Utilisateur anonyme
 
-Telecharge tools cleaner--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner

-Laisse toi guider (option1)

-Poste moi le rapport
-1
Jkanon
 
Voila le rapport ci dessous:

-[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\qwerty\Desktop\HijackThis.lnk: trouvé !
C:\Documents and Settings\qwerty\Desktop\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\qwerty\Desktop\ComboFix.exe: trouvé !
C:\Documents and Settings\qwerty\Desktop\ToolBarSD.exe: trouvé !
C:\Documents and Settings\qwerty\Recent\HijackThis.lnk: trouvé !
C:\Programmi\Trend Micro\HijackThis: trouvé !
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Programmi\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\qwerty\Desktop\HijackThis.lnk: supprimé !
C:\Documents and Settings\qwerty\Desktop\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\qwerty\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\qwerty\Desktop\ToolBarSD.exe: supprimé !
C:\Documents and Settings\qwerty\Recent\HijackThis.lnk: supprimé !
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Programmi\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis: supprimé !
C:\Programmi\Trend Micro\HijackThis: supprimé !
0
Réponse 13 / 14
Utilisateur anonyme
 
C'est ok supprime combofix manuellement

C'est fini ouff ^^
-1
Jkanon
 
Merci ,merci et merci encore DE TON AIDE.
A+ Super INFERNO
0
Réponse 14 / 14
Utilisateur anonyme
 
Derien je suis la pour ca si tu as un probleme tu sais ou aller ;-)

Ciao bon surf attention aux mines de l'internet :)
-1

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses