Trojan-Spy.Win32.keylogger.aa ou GreenScreen
Résolu/Fermé
A voir également:
- Trojan-Spy.Win32.keylogger.aa ou GreenScreen
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan agent ✓ - Forum Virus
- Trojan vigorf.a - Forum Virus
- Trojan b901 ✓ - Forum Virus
- Csrss.exe trojan ✓ - Forum Virus
14 réponses
Utilisateur anonyme
28 sept. 2008 à 14:39
28 sept. 2008 à 14:39
Bonjour,
-Relance Toolbar s&d cette fois ci avec l'option 2
-Poste moi le rapport
************************
Ensuite,
-Télécharge OTMoveIt2 de OldTimer-->http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
-Sauvegarde le sur ton Bureau.
-Double-Clique sur OTMoveIt2.exe pour le lancer.
-Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :
C:\Programmi\Crawler
C:\Programmi\PC-Antispy
C:\Programmi\wioyrl
C:\Documents and Settings\All Users\Dati applicazioni\beboxshw
C:\WINDOWS\system32\fwhqlmvw.exe
C:\Programmi\AskSBar
-Fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.
-Clique sur le bouton rouge Moveit!.
-Ferme OTMoveIt2.
Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.
-Poste le rapport de OTMoveIT ici : C:\_OTMoveIt\MovedFiles
************************
-Lance malwarebyte's antimalwares et met le a jour
-Execute un scan complet en mode sans echec
-Supprime tout ce qu'il te trouve (liste en rouge)
-Poste le rapport
-Relance Toolbar s&d cette fois ci avec l'option 2
-Poste moi le rapport
************************
Ensuite,
-Télécharge OTMoveIt2 de OldTimer-->http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
-Sauvegarde le sur ton Bureau.
-Double-Clique sur OTMoveIt2.exe pour le lancer.
-Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :
C:\Programmi\Crawler
C:\Programmi\PC-Antispy
C:\Programmi\wioyrl
C:\Documents and Settings\All Users\Dati applicazioni\beboxshw
C:\WINDOWS\system32\fwhqlmvw.exe
C:\Programmi\AskSBar
-Fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.
-Clique sur le bouton rouge Moveit!.
-Ferme OTMoveIt2.
Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.
-Poste le rapport de OTMoveIT ici : C:\_OTMoveIt\MovedFiles
************************
-Lance malwarebyte's antimalwares et met le a jour
-Execute un scan complet en mode sans echec
-Supprime tout ce qu'il te trouve (liste en rouge)
-Poste le rapport
Utilisateur anonyme
28 sept. 2008 à 18:46
28 sept. 2008 à 18:46
Mer** dsl clique sur Fix checked
Voila inferno c'est fait ci dessous le rapport:
Merci
ComboFix 08-09-27.01 - qwerty 2008-09-28 18.49.56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.151 [GMT 2:00]
Eseguito da: C:\Documents and Settings\qwerty\Desktop\ComboFix.exe
[color=red][b]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/b][/color]
.
((((((((((((((((((((((((( Files Creati Da 2008-08-28 al 2008-09-28 )))))))))))))))))))))))))))))))))))
.
2008-09-28 16:21 . 2008-09-28 16:21 <DIR> d-------- C:\_OTMoveIt
2008-09-28 12:54 . 2008-09-28 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-28 10:42 . 2008-09-28 10:42 2,258 --a------ C:\Documents and Settings\Orph.egd
2008-09-28 10:39 . 2008-09-28 10:43 <DIR> d-------- C:\ToolBar SD
2008-09-28 02:24 . 2008-09-28 02:24 <DIR> d-------- C:\Programmi\Trend Micro
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 02:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 19:34 . 2008-09-27 19:34 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\TuneUp Software
2008-09-27 19:34 . 2008-09-27 19:34 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-27 19:34 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-27 19:33 . 2008-09-27 19:34 <DIR> d-------- C:\Programmi\TuneUp Utilities 2008
2008-09-27 19:33 . 2008-09-27 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2008-09-27 19:32 . 2008-09-27 19:32 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-28 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-27 18:01 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-26 23:33 . 2008-09-27 15:50 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-26 23:20 . 2008-09-26 23:20 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Antispyware
2008-09-24 15:07 . 2008-09-24 15:07 244 --ah----- C:\sqmnoopt10.sqm
2008-09-24 15:07 . 2008-09-24 15:07 232 --ah----- C:\sqmdata10.sqm
2008-09-23 18:21 . 2008-09-23 18:21 244 --ah----- C:\sqmnoopt09.sqm
2008-09-23 18:21 . 2008-09-23 18:21 232 --ah----- C:\sqmdata09.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt06.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata06.sqm
2008-09-23 18:18 . 2008-09-23 18:18 244 --ah----- C:\sqmnoopt05.sqm
2008-09-23 18:18 . 2008-09-23 18:18 232 --ah----- C:\sqmdata05.sqm
2008-09-23 18:15 . 2008-09-23 18:15 244 --ah----- C:\sqmnoopt04.sqm
2008-09-23 18:15 . 2008-09-23 18:15 232 --ah----- C:\sqmdata04.sqm
2008-09-23 12:52 . 2008-09-23 12:52 244 --ah----- C:\sqmnoopt03.sqm
2008-09-23 12:52 . 2008-09-23 12:52 232 --ah----- C:\sqmdata03.sqm
2008-09-23 02:08 . 2008-09-27 09:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-20 23:43 . 2008-09-26 23:38 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Azureus
2008-09-20 23:43 . 2008-09-20 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-09-20 23:42 . 2008-09-26 23:38 <DIR> d-------- C:\Programmi\Vuze
2008-09-06 15:44 . 2008-09-06 15:44 244 --ah----- C:\sqmnoopt02.sqm
2008-09-06 15:44 . 2008-09-06 15:44 232 --ah----- C:\sqmdata02.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 16:11 --------- d-----w C:\Documents and Settings\qwerty\Dati applicazioni\Skype
2008-09-26 09:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-08-13 16:54 --------- d-----w C:\Programmi\Google
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-11-26 17:21 19,544 ----a-w C:\Documents and Settings\qwerty\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-07-10 09:20 4,566,925 ----a-w C:\Programmi\eMule0.46b_Installer.exe
2005-07-10 09:17 4,204,404 -c--a-w C:\Programmi\eMule0.46a_Installer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-22 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OLIVETTIEVM"="C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe" [2003-02-13 36864]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-23 579584]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-27 1783808]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]
C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-17 113664]
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ZDWlan.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ZDWlan.lnk
backup=C:\WINDOWS\pss\ZDWlan.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^qwerty^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-01 11:51 190024 C:\Programmi\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Microsoft Office\\Office10\\NSREX.EXE"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Vuze\\Azureus.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-27 141312]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 OEMius12;USB to IEEE-1284.4 Translation Driver OEMius12;C:\WINDOWS\system32\DRIVERS\OEMius12.sys [2003-01-31 21456]
R3 Pml Driver OEM12;Pml Driver OEM12;C:\WINDOWS\system32\OEMipm12.exe [2003-01-10 65795]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-27 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846c0ad6-896f-11dd-b13b-000b6ad34133}]
\Shell\AutoRun\command - uqb0julr.bat
\Shell\explore\Command - uqb0julr.bat
\Shell\open\Command - uqb0julr.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5039248-f1ad-11dc-b0ae-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8761719-1e60-11dc-afc6-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-DbSys - C:\WINDOWS\system32\fwhqlmvw.exe
HKLM-Explorer_Run-CbQSXZ2yNz - C:\Documents and Settings\All Users\Dati applicazioni\beboxshw\zgxunsls.exe
SSODL-SysInfo-{448879F1-57A4-F9B4-F77D-038C271D9950} - C:\Programmi\wioyrl\SysInfo.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://it.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Crawler Search - tbr:iemenu
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 18:52:09
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
.
Ora fine scansione: 2008-09-28 18:55:16
ComboFix-quarantined-files.txt 2008-09-28 16:54:12
ComboFix2.txt 2008-09-28 12:01:13
Pre-Run: 48.827.748.352 byte disponibili
Post-Run: 48,861,028,352 byte disponibili
185 --- E O F --- 2008-09-27 08:21:56
Merci
ComboFix 08-09-27.01 - qwerty 2008-09-28 18.49.56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.151 [GMT 2:00]
Eseguito da: C:\Documents and Settings\qwerty\Desktop\ComboFix.exe
[color=red][b]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/b][/color]
.
((((((((((((((((((((((((( Files Creati Da 2008-08-28 al 2008-09-28 )))))))))))))))))))))))))))))))))))
.
2008-09-28 16:21 . 2008-09-28 16:21 <DIR> d-------- C:\_OTMoveIt
2008-09-28 12:54 . 2008-09-28 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-28 10:42 . 2008-09-28 10:42 2,258 --a------ C:\Documents and Settings\Orph.egd
2008-09-28 10:39 . 2008-09-28 10:43 <DIR> d-------- C:\ToolBar SD
2008-09-28 02:24 . 2008-09-28 02:24 <DIR> d-------- C:\Programmi\Trend Micro
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 02:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 19:34 . 2008-09-27 19:34 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\TuneUp Software
2008-09-27 19:34 . 2008-09-27 19:34 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-27 19:34 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-27 19:33 . 2008-09-27 19:34 <DIR> d-------- C:\Programmi\TuneUp Utilities 2008
2008-09-27 19:33 . 2008-09-27 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2008-09-27 19:32 . 2008-09-27 19:32 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-28 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-27 18:01 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-26 23:33 . 2008-09-27 15:50 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-26 23:20 . 2008-09-26 23:20 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Antispyware
2008-09-24 15:07 . 2008-09-24 15:07 244 --ah----- C:\sqmnoopt10.sqm
2008-09-24 15:07 . 2008-09-24 15:07 232 --ah----- C:\sqmdata10.sqm
2008-09-23 18:21 . 2008-09-23 18:21 244 --ah----- C:\sqmnoopt09.sqm
2008-09-23 18:21 . 2008-09-23 18:21 232 --ah----- C:\sqmdata09.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt06.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata06.sqm
2008-09-23 18:18 . 2008-09-23 18:18 244 --ah----- C:\sqmnoopt05.sqm
2008-09-23 18:18 . 2008-09-23 18:18 232 --ah----- C:\sqmdata05.sqm
2008-09-23 18:15 . 2008-09-23 18:15 244 --ah----- C:\sqmnoopt04.sqm
2008-09-23 18:15 . 2008-09-23 18:15 232 --ah----- C:\sqmdata04.sqm
2008-09-23 12:52 . 2008-09-23 12:52 244 --ah----- C:\sqmnoopt03.sqm
2008-09-23 12:52 . 2008-09-23 12:52 232 --ah----- C:\sqmdata03.sqm
2008-09-23 02:08 . 2008-09-27 09:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-20 23:43 . 2008-09-26 23:38 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Azureus
2008-09-20 23:43 . 2008-09-20 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-09-20 23:42 . 2008-09-26 23:38 <DIR> d-------- C:\Programmi\Vuze
2008-09-06 15:44 . 2008-09-06 15:44 244 --ah----- C:\sqmnoopt02.sqm
2008-09-06 15:44 . 2008-09-06 15:44 232 --ah----- C:\sqmdata02.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 16:11 --------- d-----w C:\Documents and Settings\qwerty\Dati applicazioni\Skype
2008-09-26 09:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-08-13 16:54 --------- d-----w C:\Programmi\Google
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-11-26 17:21 19,544 ----a-w C:\Documents and Settings\qwerty\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-07-10 09:20 4,566,925 ----a-w C:\Programmi\eMule0.46b_Installer.exe
2005-07-10 09:17 4,204,404 -c--a-w C:\Programmi\eMule0.46a_Installer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-22 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OLIVETTIEVM"="C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe" [2003-02-13 36864]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-23 579584]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-27 1783808]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]
C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-17 113664]
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ZDWlan.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ZDWlan.lnk
backup=C:\WINDOWS\pss\ZDWlan.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^qwerty^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-01 11:51 190024 C:\Programmi\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Microsoft Office\\Office10\\NSREX.EXE"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Vuze\\Azureus.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-27 141312]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 OEMius12;USB to IEEE-1284.4 Translation Driver OEMius12;C:\WINDOWS\system32\DRIVERS\OEMius12.sys [2003-01-31 21456]
R3 Pml Driver OEM12;Pml Driver OEM12;C:\WINDOWS\system32\OEMipm12.exe [2003-01-10 65795]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-27 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846c0ad6-896f-11dd-b13b-000b6ad34133}]
\Shell\AutoRun\command - uqb0julr.bat
\Shell\explore\Command - uqb0julr.bat
\Shell\open\Command - uqb0julr.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5039248-f1ad-11dc-b0ae-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8761719-1e60-11dc-afc6-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-DbSys - C:\WINDOWS\system32\fwhqlmvw.exe
HKLM-Explorer_Run-CbQSXZ2yNz - C:\Documents and Settings\All Users\Dati applicazioni\beboxshw\zgxunsls.exe
SSODL-SysInfo-{448879F1-57A4-F9B4-F77D-038C271D9950} - C:\Programmi\wioyrl\SysInfo.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://it.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Crawler Search - tbr:iemenu
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 18:52:09
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
.
Ora fine scansione: 2008-09-28 18:55:16
ComboFix-quarantined-files.txt 2008-09-28 16:54:12
ComboFix2.txt 2008-09-28 12:01:13
Pre-Run: 48.827.748.352 byte disponibili
Post-Run: 48,861,028,352 byte disponibili
185 --- E O F --- 2008-09-27 08:21:56
Utilisateur anonyme
28 sept. 2008 à 19:24
28 sept. 2008 à 19:24
As-tu tjrs des signes d'infections ?
refait un hijackthis stp
refait un hijackthis stp
Non j'ai plus de sigmes d'infections.
Le rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.26.13, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\aplsts12.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\OEMipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [OLIVETTIEVM] C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117440263707
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d32fbddce0f45c87.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
Le rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.26.13, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\aplsts12.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\OEMipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [OLIVETTIEVM] C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117440263707
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d32fbddce0f45c87.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
Utilisateur anonyme
28 sept. 2008 à 17:48
28 sept. 2008 à 17:48
C'est ok comment va le pc ? pas d'amelioration ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
28 sept. 2008 à 08:58
28 sept. 2008 à 08:58
Bonjour,
-Telecharge Toolbar s&d--> ToolBarSD.exe
-Suis ce tuto--> Tutorial ToolBarSD
-Execute l'option 1 (recherche)
-Poste moi le rapport avant de continuer
********************************
-Telecharge combofix--> ComboFix.exe
-Suis a la lettre ce tuto--> Tutorial Combofix
-/!\Ferme tous tes programmes et deconnecte-toi/!\
-Lance combofix
-Ne touche a rien pendant qu'il bosse
-Poste le rapport
-Telecharge Toolbar s&d--> ToolBarSD.exe
-Suis ce tuto--> Tutorial ToolBarSD
-Execute l'option 1 (recherche)
-Poste moi le rapport avant de continuer
********************************
-Telecharge combofix--> ComboFix.exe
-Suis a la lettre ce tuto--> Tutorial Combofix
-/!\Ferme tous tes programmes et deconnecte-toi/!\
-Lance combofix
-Ne touche a rien pendant qu'il bosse
-Poste le rapport
Bonjour Inferno,
je te remercie de ton intervention:
Cidessus le rapport de Tutorial ToolBarSD :
----------\\ Recherche de Fichiers / Dossiers ...
C:\Programmi\AskSBar
C:\Programmi\AskSBar\bar
C:\Programmi\Crawler
C:\Programmi\Crawler\Download
C:\Programmi\Crawler\Toolbar
C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\Toolbar Crawler
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.it/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://it.yahoo.com/"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 28/09/2008|10.43 - Option : [1]
-----------\\ Fin du rapport a 10.43.23,21
Ensuite celle de ComboFix.exe :
ComboFix 08-09-27.01 - qwerty 2008-09-28 13.50.33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.86 [GMT 2:00]
Eseguito da: C:\Documents and Settings\qwerty\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
[color=red][b]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!/b/color
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programmi\akl
C:\Programmi\akl\akl.dll
C:\Programmi\akl\akl.exe
C:\Programmi\akl\uninstall.exe
C:\Programmi\akl\unsetup.exe
C:\Programmi\Inet Delivery
C:\Programmi\Inet Delivery\inetdl.exe
C:\Programmi\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((( Files Creati Da 2008-08-28 al 2008-09-28 )))))))))))))))))))))))))))))))))))
.
2008-09-28 12:54 . 2008-09-28 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-28 10:42 . 2008-09-28 10:42 2,258 --a------ C:\Documents and Settings\Orph.egd
2008-09-28 10:39 . 2008-09-28 10:43 <DIR> d-------- C:\ToolBar SD
2008-09-28 02:24 . 2008-09-28 02:24 <DIR> d-------- C:\Programmi\Trend Micro
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 02:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 19:34 . 2008-09-27 19:34 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\TuneUp Software
2008-09-27 19:34 . 2008-09-27 19:34 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-27 19:34 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-27 19:33 . 2008-09-27 19:34 <DIR> d-------- C:\Programmi\TuneUp Utilities 2008
2008-09-27 19:33 . 2008-09-27 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2008-09-27 19:32 . 2008-09-27 19:32 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-09-27 18:01 . 2008-09-27 18:01 <DIR> d-------- C:\Programmi\Crawler
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-28 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-27 18:01 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-26 23:33 . 2008-09-27 15:50 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-26 23:20 . 2008-09-26 23:20 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Antispyware
2008-09-26 11:55 . 2008-09-26 11:55 0 --ah----- C:\WINDOWS\.security
2008-09-26 11:55 . 2008-09-26 11:55 0 --ah----- C:\.security
2008-09-26 11:52 . 2008-09-26 12:34 <DIR> d-------- C:\Programmi\PC-Antispy
2008-09-26 01:29 . 2008-09-26 01:29 <DIR> d-------- C:\Programmi\wioyrl
2008-09-26 01:29 . 2008-09-26 01:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\beboxshw
2008-09-26 01:29 . 2008-09-26 01:29 86,016 --a------ C:\WINDOWS\system32\fwhqlmvw.exe
2008-09-24 15:07 . 2008-09-24 15:07 244 --ah----- C:\sqmnoopt10.sqm
2008-09-24 15:07 . 2008-09-24 15:07 232 --ah----- C:\sqmdata10.sqm
2008-09-23 18:21 . 2008-09-23 18:21 244 --ah----- C:\sqmnoopt09.sqm
2008-09-23 18:21 . 2008-09-23 18:21 232 --ah----- C:\sqmdata09.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt06.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata06.sqm
2008-09-23 18:18 . 2008-09-23 18:18 244 --ah----- C:\sqmnoopt05.sqm
2008-09-23 18:18 . 2008-09-23 18:18 232 --ah----- C:\sqmdata05.sqm
2008-09-23 18:15 . 2008-09-23 18:15 244 --ah----- C:\sqmnoopt04.sqm
2008-09-23 18:15 . 2008-09-23 18:15 232 --ah----- C:\sqmdata04.sqm
2008-09-23 12:52 . 2008-09-23 12:52 244 --ah----- C:\sqmnoopt03.sqm
2008-09-23 12:52 . 2008-09-23 12:52 232 --ah----- C:\sqmdata03.sqm
2008-09-23 02:08 . 2008-09-27 09:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-20 23:43 . 2008-09-26 23:38 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Azureus
2008-09-20 23:43 . 2008-09-20 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-09-20 23:42 . 2008-09-26 23:38 <DIR> d-------- C:\Programmi\Vuze
2008-09-20 23:42 . 2008-09-20 23:42 <DIR> d-------- C:\Programmi\AskSBar
2008-09-06 15:44 . 2008-09-06 15:44 244 --ah----- C:\sqmnoopt02.sqm
2008-09-06 15:44 . 2008-09-06 15:44 232 --ah----- C:\sqmdata02.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 19:45 --------- d-----w C:\Documents and Settings\qwerty\Dati applicazioni\Skype
2008-09-26 09:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-08-13 16:54 --------- d-----w C:\Programmi\Google
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-11-26 17:21 19,544 ----a-w C:\Documents and Settings\qwerty\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-07-10 09:20 4,566,925 ----a-w C:\Programmi\eMule0.46b_Installer.exe
2005-07-10 09:17 4,204,404 -c--a-w C:\Programmi\eMule0.46a_Installer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-22 68856]
"DbSys"="C:\WINDOWS\system32\fwhqlmvw.exe" [2008-09-26 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OLIVETTIEVM"="C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe" [2003-02-13 36864]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-23 579584]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-27 1783808]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CbQSXZ2yNz"="C:\Documents and Settings\All Users\Dati applicazioni\beboxshw\zgxunsls.exe" [2008-09-26 65536]
C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-17 113664]
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysInfo"= {448879F1-57A4-F9B4-F77D-038C271D9950} - C:\Programmi\wioyrl\SysInfo.dll [2008-09-26 114688]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ZDWlan.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ZDWlan.lnk
backup=C:\WINDOWS\pss\ZDWlan.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^qwerty^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-01 11:51 190024 C:\Programmi\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Microsoft Office\\Office10\\NSREX.EXE"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Vuze\\Azureus.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-27 141312]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 OEMius12;USB to IEEE-1284.4 Translation Driver OEMius12;C:\WINDOWS\system32\DRIVERS\OEMius12.sys [2003-01-31 21456]
R3 Pml Driver OEM12;Pml Driver OEM12;C:\WINDOWS\system32\OEMipm12.exe [2003-01-10 65795]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-27 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846c0ad6-896f-11dd-b13b-000b6ad34133}]
\Shell\AutoRun\command - uqb0julr.bat
\Shell\explore\Command - uqb0julr.bat
\Shell\open\Command - uqb0julr.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5039248-f1ad-11dc-b0ae-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8761719-1e60-11dc-afc6-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-BearShare - C:\Programmi\BearShare\BearShare.exe
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-Yahoo! Pager - C:\Programmi\Yahoo!\Messenger\ypager.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://it.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Crawler Search - tbr:iemenu
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 13:54:16
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-09-28 14:01:12
ComboFix-quarantined-files.txt 2008-09-28 12:01:07
Pre-Run: 45.068.009.472 byte disponibili
Post-Run: 45,245,739,008 byte disponibili
255 --- E O F --- 2008-09-27 08:21:56
Merci et a+
je te remercie de ton intervention:
Cidessus le rapport de Tutorial ToolBarSD :
----------\\ Recherche de Fichiers / Dossiers ...
C:\Programmi\AskSBar
C:\Programmi\AskSBar\bar
C:\Programmi\Crawler
C:\Programmi\Crawler\Download
C:\Programmi\Crawler\Toolbar
C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\Toolbar Crawler
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.it/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://it.yahoo.com/"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 28/09/2008|10.43 - Option : [1]
-----------\\ Fin du rapport a 10.43.23,21
Ensuite celle de ComboFix.exe :
ComboFix 08-09-27.01 - qwerty 2008-09-28 13.50.33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.86 [GMT 2:00]
Eseguito da: C:\Documents and Settings\qwerty\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
[color=red][b]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!/b/color
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programmi\akl
C:\Programmi\akl\akl.dll
C:\Programmi\akl\akl.exe
C:\Programmi\akl\uninstall.exe
C:\Programmi\akl\unsetup.exe
C:\Programmi\Inet Delivery
C:\Programmi\Inet Delivery\inetdl.exe
C:\Programmi\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((( Files Creati Da 2008-08-28 al 2008-09-28 )))))))))))))))))))))))))))))))))))
.
2008-09-28 12:54 . 2008-09-28 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-28 10:42 . 2008-09-28 10:42 2,258 --a------ C:\Documents and Settings\Orph.egd
2008-09-28 10:39 . 2008-09-28 10:43 <DIR> d-------- C:\ToolBar SD
2008-09-28 02:24 . 2008-09-28 02:24 <DIR> d-------- C:\Programmi\Trend Micro
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-28 02:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-28 02:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 02:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 19:34 . 2008-09-27 19:34 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\TuneUp Software
2008-09-27 19:34 . 2008-09-27 19:34 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-27 19:34 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-27 19:33 . 2008-09-27 19:34 <DIR> d-------- C:\Programmi\TuneUp Utilities 2008
2008-09-27 19:33 . 2008-09-27 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2008-09-27 19:32 . 2008-09-27 19:32 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-09-27 18:01 . 2008-09-27 18:01 <DIR> d-------- C:\Programmi\Crawler
2008-09-27 18:01 . 2008-09-28 12:42 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-28 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-09-27 18:01 . 2008-09-27 18:01 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-26 23:33 . 2008-09-27 15:50 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-26 23:20 . 2008-09-26 23:20 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Antispyware
2008-09-26 11:55 . 2008-09-26 11:55 0 --ah----- C:\WINDOWS\.security
2008-09-26 11:55 . 2008-09-26 11:55 0 --ah----- C:\.security
2008-09-26 11:52 . 2008-09-26 12:34 <DIR> d-------- C:\Programmi\PC-Antispy
2008-09-26 01:29 . 2008-09-26 01:29 <DIR> d-------- C:\Programmi\wioyrl
2008-09-26 01:29 . 2008-09-26 01:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\beboxshw
2008-09-26 01:29 . 2008-09-26 01:29 86,016 --a------ C:\WINDOWS\system32\fwhqlmvw.exe
2008-09-24 15:07 . 2008-09-24 15:07 244 --ah----- C:\sqmnoopt10.sqm
2008-09-24 15:07 . 2008-09-24 15:07 232 --ah----- C:\sqmdata10.sqm
2008-09-23 18:21 . 2008-09-23 18:21 244 --ah----- C:\sqmnoopt09.sqm
2008-09-23 18:21 . 2008-09-23 18:21 232 --ah----- C:\sqmdata09.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 244 --ah----- C:\sqmnoopt06.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata08.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata07.sqm
2008-09-23 18:19 . 2008-09-23 18:19 232 --ah----- C:\sqmdata06.sqm
2008-09-23 18:18 . 2008-09-23 18:18 244 --ah----- C:\sqmnoopt05.sqm
2008-09-23 18:18 . 2008-09-23 18:18 232 --ah----- C:\sqmdata05.sqm
2008-09-23 18:15 . 2008-09-23 18:15 244 --ah----- C:\sqmnoopt04.sqm
2008-09-23 18:15 . 2008-09-23 18:15 232 --ah----- C:\sqmdata04.sqm
2008-09-23 12:52 . 2008-09-23 12:52 244 --ah----- C:\sqmnoopt03.sqm
2008-09-23 12:52 . 2008-09-23 12:52 232 --ah----- C:\sqmdata03.sqm
2008-09-23 02:08 . 2008-09-27 09:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-20 23:43 . 2008-09-26 23:38 <DIR> d-------- C:\Documents and Settings\qwerty\Dati applicazioni\Azureus
2008-09-20 23:43 . 2008-09-20 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-09-20 23:42 . 2008-09-26 23:38 <DIR> d-------- C:\Programmi\Vuze
2008-09-20 23:42 . 2008-09-20 23:42 <DIR> d-------- C:\Programmi\AskSBar
2008-09-06 15:44 . 2008-09-06 15:44 244 --ah----- C:\sqmnoopt02.sqm
2008-09-06 15:44 . 2008-09-06 15:44 232 --ah----- C:\sqmdata02.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 19:45 --------- d-----w C:\Documents and Settings\qwerty\Dati applicazioni\Skype
2008-09-26 09:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-08-13 16:54 --------- d-----w C:\Programmi\Google
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-11-26 17:21 19,544 ----a-w C:\Documents and Settings\qwerty\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-07-10 09:20 4,566,925 ----a-w C:\Programmi\eMule0.46b_Installer.exe
2005-07-10 09:17 4,204,404 -c--a-w C:\Programmi\eMule0.46a_Installer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-22 68856]
"DbSys"="C:\WINDOWS\system32\fwhqlmvw.exe" [2008-09-26 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OLIVETTIEVM"="C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe" [2003-02-13 36864]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-23 579584]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-27 1783808]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CbQSXZ2yNz"="C:\Documents and Settings\All Users\Dati applicazioni\beboxshw\zgxunsls.exe" [2008-09-26 65536]
C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-26 0]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-17 113664]
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysInfo"= {448879F1-57A4-F9B4-F77D-038C271D9950} - C:\Programmi\wioyrl\SysInfo.dll [2008-09-26 114688]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ZDWlan.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ZDWlan.lnk
backup=C:\WINDOWS\pss\ZDWlan.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^qwerty^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\qwerty\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-01 11:51 190024 C:\Programmi\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Microsoft Office\\Office10\\NSREX.EXE"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Vuze\\Azureus.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-27 141312]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 OEMius12;USB to IEEE-1284.4 Translation Driver OEMius12;C:\WINDOWS\system32\DRIVERS\OEMius12.sys [2003-01-31 21456]
R3 Pml Driver OEM12;Pml Driver OEM12;C:\WINDOWS\system32\OEMipm12.exe [2003-01-10 65795]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-27 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846c0ad6-896f-11dd-b13b-000b6ad34133}]
\Shell\AutoRun\command - uqb0julr.bat
\Shell\explore\Command - uqb0julr.bat
\Shell\open\Command - uqb0julr.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5039248-f1ad-11dc-b0ae-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8761719-1e60-11dc-afc6-000b6ad34133}]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-BearShare - C:\Programmi\BearShare\BearShare.exe
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-Yahoo! Pager - C:\Programmi\Yahoo!\Messenger\ypager.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://it.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Crawler Search - tbr:iemenu
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 13:54:16
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-09-28 14:01:12
ComboFix-quarantined-files.txt 2008-09-28 12:01:07
Pre-Run: 45.068.009.472 byte disponibili
Post-Run: 45,245,739,008 byte disponibili
255 --- E O F --- 2008-09-27 08:21:56
Merci et a+
Utilisateur anonyme
28 sept. 2008 à 18:06
28 sept. 2008 à 18:06
Reposte moi un log hijackthis stp
Re-bonjour Inferno,
Le voila:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.07.56, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\aplsts12.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\OEMipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O4 - HKLM\..\Run: [OLIVETTIEVM] C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DbSys] C:\WINDOWS\system32\fwhqlmvw.exe
O4 - HKLM\..\Policies\Explorer\Run: [CbQSXZ2yNz] C:\Documents and Settings\All Users\Dati applicazioni\beboxshw\zgxunsls.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117440263707
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d32fbddce0f45c87.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O21 - SSODL: SysInfo - {448879F1-57A4-F9B4-F77D-038C271D9950} - C:\Programmi\wioyrl\SysInfo.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
Le voila:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.07.56, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\aplsts12.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\OEMipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O4 - HKLM\..\Run: [OLIVETTIEVM] C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DbSys] C:\WINDOWS\system32\fwhqlmvw.exe
O4 - HKLM\..\Policies\Explorer\Run: [CbQSXZ2yNz] C:\Documents and Settings\All Users\Dati applicazioni\beboxshw\zgxunsls.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117440263707
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d32fbddce0f45c87.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O21 - SSODL: SysInfo - {448879F1-57A4-F9B4-F77D-038C271D9950} - C:\Programmi\wioyrl\SysInfo.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
Utilisateur anonyme
28 sept. 2008 à 18:34
28 sept. 2008 à 18:34
Relance hijackthis:
coche devant ces lignes:
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
Relance combofix et poste moi le rapport il y a des restes !
coche devant ces lignes:
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
Relance combofix et poste moi le rapport il y a des restes !
Utilisateur anonyme
28 sept. 2008 à 19:09
28 sept. 2008 à 19:09
-Go ici--> https://www.virustotal.com/gui/ <-- fait analyser ceci: C:\Documents and Settings\Orph.egd
********************************
-Double-Clique sur OTMoveIt2.exe pour le lancer.
-Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :
C:\Documents and Settings\All Users\Dati applicazioni\Azureus
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus
C:\Programmi\Vuze
-Fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.
-Clique sur le bouton rouge Moveit!.
-Ferme OTMoveIt2.
Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.
-Poste le rapport de OTMoveIT ici : C:\_OTMoveIt\MovedFiles
********************************
-Double-Clique sur OTMoveIt2.exe pour le lancer.
-Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :
C:\Documents and Settings\All Users\Dati applicazioni\Azureus
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus
C:\Programmi\Vuze
-Fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.
-Clique sur le bouton rouge Moveit!.
-Ferme OTMoveIt2.
Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.
-Poste le rapport de OTMoveIT ici : C:\_OTMoveIt\MovedFiles
Utilisateur anonyme
28 sept. 2008 à 19:21
28 sept. 2008 à 19:21
Comment ca ? tu as pourtant reussi la 1ere fois refait de la meme facon ou va ici le chercher -->C:\_OTMoveIt\MovedFiles
Le voila enfin:
C:\Documents and Settings\All Users\Dati applicazioni\Azureus moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\torrents moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\tmp moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\shares moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\plugins moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\net moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\media\azpd moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\media moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\logs\save moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\logs moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\dht moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\active moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus moved successfully.
C:\Programmi\Vuze\plugins\azupnpav moved successfully.
C:\Programmi\Vuze\plugins\azupdater moved successfully.
C:\Programmi\Vuze\plugins\azrating moved successfully.
C:\Programmi\Vuze\plugins\azplugins moved successfully.
C:\Programmi\Vuze\plugins\azemp moved successfully.
C:\Programmi\Vuze\plugins moved successfully.
C:\Programmi\Vuze\.install4j moved successfully.
C:\Programmi\Vuze moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09282008_191346
C:\Documents and Settings\All Users\Dati applicazioni\Azureus moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\torrents moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\tmp moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\shares moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\plugins moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\net moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\media\azpd moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\media moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\logs\save moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\logs moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\dht moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus\active moved successfully.
C:\Documents and Settings\qwerty\Dati applicazioni\Azureus moved successfully.
C:\Programmi\Vuze\plugins\azupnpav moved successfully.
C:\Programmi\Vuze\plugins\azupdater moved successfully.
C:\Programmi\Vuze\plugins\azrating moved successfully.
C:\Programmi\Vuze\plugins\azplugins moved successfully.
C:\Programmi\Vuze\plugins\azemp moved successfully.
C:\Programmi\Vuze\plugins moved successfully.
C:\Programmi\Vuze\.install4j moved successfully.
C:\Programmi\Vuze moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09282008_191346
Utilisateur anonyme
28 sept. 2008 à 19:34
28 sept. 2008 à 19:34
Ca ma l'air mieux par contre fait analyser ceci: C:\WINDOWS\.security ; C:\.security
Relance hijackthis et coche devant ces lignes:
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
clique sur fix checked !
Relance hijackthis et coche devant ces lignes:
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
clique sur fix checked !
J'arrive pas a faire analyser le fichier que tuma'as envoyer,
il me dit que c'est vide.
Voila le nouveau rapport de hijackthis;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.38.27, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\aplsts12.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\OEMipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OLIVETTIEVM] C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117440263707
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d32fbddce0f45c87.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
il me dit que c'est vide.
Voila le nouveau rapport de hijackthis;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.38.27, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Olivetti\Aio\Shared\Bin\aplsts12.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\OEMipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OLIVETTIEVM] C:\Programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117440263707
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d32fbddce0f45c87.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9073407-289A-4D50-B4CB-35524D33B88E}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
Utilisateur anonyme
28 sept. 2008 à 19:43
28 sept. 2008 à 19:43
Bon ca ma l'air plus propre !
Utilisateur anonyme
28 sept. 2008 à 20:19
28 sept. 2008 à 20:19
-Telecharge tools cleaner--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner
-Laisse toi guider (option1)
-Poste moi le rapport
-Laisse toi guider (option1)
-Poste moi le rapport
Voila le rapport ci dessous:
-[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\qwerty\Desktop\HijackThis.lnk: trouvé !
C:\Documents and Settings\qwerty\Desktop\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\qwerty\Desktop\ComboFix.exe: trouvé !
C:\Documents and Settings\qwerty\Desktop\ToolBarSD.exe: trouvé !
C:\Documents and Settings\qwerty\Recent\HijackThis.lnk: trouvé !
C:\Programmi\Trend Micro\HijackThis: trouvé !
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Programmi\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\qwerty\Desktop\HijackThis.lnk: supprimé !
C:\Documents and Settings\qwerty\Desktop\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\qwerty\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\qwerty\Desktop\ToolBarSD.exe: supprimé !
C:\Documents and Settings\qwerty\Recent\HijackThis.lnk: supprimé !
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Programmi\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis: supprimé !
C:\Programmi\Trend Micro\HijackThis: supprimé !
-[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\qwerty\Desktop\HijackThis.lnk: trouvé !
C:\Documents and Settings\qwerty\Desktop\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\qwerty\Desktop\ComboFix.exe: trouvé !
C:\Documents and Settings\qwerty\Desktop\ToolBarSD.exe: trouvé !
C:\Documents and Settings\qwerty\Recent\HijackThis.lnk: trouvé !
C:\Programmi\Trend Micro\HijackThis: trouvé !
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Programmi\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\qwerty\Desktop\HijackThis.lnk: supprimé !
C:\Documents and Settings\qwerty\Desktop\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\qwerty\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\qwerty\Desktop\ToolBarSD.exe: supprimé !
C:\Documents and Settings\qwerty\Recent\HijackThis.lnk: supprimé !
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Programmi\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis: supprimé !
C:\Programmi\Trend Micro\HijackThis: supprimé !
Utilisateur anonyme
28 sept. 2008 à 20:28
28 sept. 2008 à 20:28
C'est ok supprime combofix manuellement
C'est fini ouff ^^
C'est fini ouff ^^
Utilisateur anonyme
28 sept. 2008 à 20:32
28 sept. 2008 à 20:32
Derien je suis la pour ca si tu as un probleme tu sais ou aller ;-)
Ciao bon surf attention aux mines de l'internet :)
Ciao bon surf attention aux mines de l'internet :)
28 sept. 2008 à 17:16
j'arrive pas a relancer : Toolbar s&d cette fois ci avec l'option 2
pas de rapport dispos pour toolbar s&d
Ensuite le rapport de OTMoveIT ci dessous :
C:\Programmi\Crawler\Toolbar\WSGData\domains moved successfully.
C:\Programmi\Crawler\Toolbar\WSGData moved successfully.
C:\Programmi\Crawler\Toolbar\Update moved successfully.
C:\Programmi\Crawler\Toolbar\TBR5LanguageAct moved successfully.
C:\Programmi\Crawler\Toolbar\STWSGLanguageAct moved successfully.
C:\Programmi\Crawler\Toolbar\Languages moved successfully.
C:\Programmi\Crawler\Toolbar\Cache\STWSG moved successfully.
C:\Programmi\Crawler\Toolbar\Cache\COMMON moved successfully.
C:\Programmi\Crawler\Toolbar\Cache moved successfully.
Folder move failed. C:\Programmi\Crawler\Toolbar scheduled to be moved on reboot.
C:\Programmi\Crawler\Download moved successfully.
Folder move failed. C:\Programmi\Crawler scheduled to be moved on reboot.
C:\Programmi\PC-Antispy moved successfully.
C:\Programmi\wioyrl moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\beboxshw moved successfully.
C:\WINDOWS\system32\fwhqlmvw.exe moved successfully.
C:\Programmi\AskSBar\bar\Settings moved successfully.
C:\Programmi\AskSBar\bar\History moved successfully.
C:\Programmi\AskSBar\bar\Cache moved successfully.
C:\Programmi\AskSBar\bar\1.bin moved successfully.
C:\Programmi\AskSBar\bar moved successfully.
C:\Programmi\AskSBar moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09282008_162159
Files moved on Reboot...
C:\Programmi\Crawler\Toolbar moved successfully.
C:\Programmi\Crawler moved successfully.
Et aussi le rapport de malwarebyte's antimalwares :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1216
Windows 5.1.2600 Service Pack 2
28/09/2008 17.10.06
mbam-log-2008-09-28 (17-10-06).txt
Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 94143
Temps écoulé: 40 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\clientax.clientinstaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
Merci et a+