Sujet Précédent Sujet Suivant

Infection de pc

Fermé
treviso Messages postés 864 Date d'inscription dimanche 17 août 2008 Statut Membre Dernière intervention 9 janvier 2011 - 12 févr. 2010 à 20:12
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 13 févr. 2010 à 05:55
Bonjour,je demande votre aide.......mon pc est infecté..

info.txt logfile of random's system information tool 1.06 2010-02-12 20:04:51

======Uninstall list======

-->C:\Programmi\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 8.1.2 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Aggiornamento della protezione per Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aggiornamento della protezione per Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Anteprima (Windows Live Toolbar)-->MsiExec.exe /X{AC0A04F7-2BBE-4323-B64C-1B71F2BDBF0D}
Archiveur WinRAR-->C:\Programmi\WinRAR\uninstall.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x10
Assistente per l'accesso a Windows Live-->MsiExec.exe /I{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}
ATI - Programma di disinstallazione -->C:\Programmi\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Auslogics BoostSpeed-->"C:\Programmi\Auslogics\Auslogics BoostSpeed\unins000.exe"
AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Browser ME-->C:\WINDOWS\unin040c.exe -f"C:\Programmi\Chaka Group\Browser ME\DeIsL1.isu" -c"C:\Programmi\Chaka Group\Browser ME\_ISREG32.DLL"
CCleaner-->"C:\Programmi\CCleaner\uninst.exe"
CMTClient-->MsiExec.exe /I{39838CAD-1915-4C42-8D6A-F3538A79E8B0}
Comodo HopSurf-->"C:\Programmi\Comodo\HopSurfToolbar\HopSurf.exe"
COMODO Internet Security-->C:\Programmi\COMODO\COMODO Internet Security\cfpconfg.exe -u
CopyProfile-->MsiExec.exe /I{9A9ED54A-0FAB-4D34-A3B9-F6C659E1F898}
CRYSTAL_REPORT_SETUP_001-->MsiExec.exe /I{86734BC8-463F-41EA-9BB5-EE9453B19094}
Estensione HighMAT per Masterizzazione guidata CD di Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Google Toolbar for Internet Explorer-->"C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 10.0-->C:\Programmi\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 10.0-->C:\Programmi\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Malwarebytes' Anti-Malware-->"C:\Programmi\Malwarebytes' Anti-Malware\unins000.exe"
Menu intelligenti (Windows Live Toolbar)-->MsiExec.exe /X{B3EABECF-D820-4246-94B8-0CF300CA505A}
Microsoft .NET Framework 1.1 Hotfix (KB925168)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M925168\M925168Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0410-0000-0000000FF1CE} /uninstall {0A75DA12-55CB-4DE5-8B6A-74D97847204E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office Access MUI (Italian) 2007-->MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programmi\File comuni\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Italian) 2007-->MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}
Microsoft Office Groove MUI (Italian) 2007-->MsiExec.exe /X{90120000-00BA-0410-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Italian) 2007-->MsiExec.exe /X{90120000-0044-0410-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (Italian) 2007-->MsiExec.exe /X{90120000-00A1-0410-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0410-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Italian) 2007-->MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Italian) 2007-->MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (Italian) 2007-->MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (Italian) 2007-->MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}
Microsoft Office Shared MUI (Italian) 2007-->MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}
Microsoft Office Word MUI (Italian) 2007-->MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows User State Migration Tool version 2.61-->MsiExec.exe /I{2310B571-AB51-4807-9F75-B20BF576FFDC}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.5.6)-->C:\Programmi\Mozilla Firefox\uninstall\helper.exe
MPSI-->"C:\Programmi\MPSI\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Essentials-->MsiExec.exe /X{1C00A3F1-6DA0-49F8-94E4-01AB6FC01040}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{BCCB055C-7F64-4B13-90F5-078DE693EE00}
OmniPage SE-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
P2P_Max_IT Toolbar-->C:\PROGRA~1\P2P_MA~1\UNWISE.EXE /U C:\PROGRA~1\P2P_MA~1\INSTALL.LOG
Pacchetto driver Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9708DC2E84923A97F8CEF3FCA7890B13902C0244\amdk8.inf
PCI Fax Modem-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{19A6FE78-B4CC-4C19-8C94-84EA1423AEA6}\setup.exe" -l0x9
Raccolta foto di Windows Live-->MsiExec.exe /X{9B802669-7722-4F83-8054-930832188033}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Programmi\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0010 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
ScanToWeb-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shop for HP Supplies-->C:\Programmi\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Software per stampante EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
SpeedBit Toolbar-->"C:\Programmi\SpeedBit Toolbar\TRRemove.exe" temp
SpeedBit Video Downloader-->"C:\Programmi\SpeedBit Video Downloader\GRRemove.exe" temp
Strumento di caricamento di Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1}
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VLC media player 0.9.6-->C:\Programmi\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}
Western Australian Time Zone Update-->MsiExec.exe /X{C098DAEC-29EF-4A59-B18E-0E950169CA3C}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programmi\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}
Windows Live Family Safety-->MsiExec.exe /X{B39EFFA7-87C2-49AF-AA2A-BDC60C6272BD}
Windows Live Favorites per Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Mail-->MsiExec.exe /I{E31A24A7-CF73-42B7-8FA1-26644296C9E3}
Windows Live Messenger-->MsiExec.exe /X{E0ABA486-A39B-4B96-BD80-757396151079}
Windows Live Sync-->MsiExec.exe /X{B7DD783E-EE11-4B68-AF39-71AE2C457015}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{3F35D1A3-92AD-401B-ABE2-FA27682F4112}
Windows Live Toolbar-->MsiExec.exe /X{2682CFF5-D807-48F1-AC86-34A1654877EE}
Windows Live Writer-->MsiExec.exe /X{0D343C5F-FE5C-4914-91D9-E9E7A440590E}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programmi\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Programmi\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar con blocco Pop-Up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: COMODO Antivirus (disabled)
FW: COMODO Firewall (disabled)

======System event log======

Computer Name: KEBE-AC9B0ABAF1
Event Code: 20158
Message: L'utente ha stabilito la connessione a Vodafone Mobile Connect utilizzando la periferica COM5.

Record Number: 12787
Source Name: RemoteAccess
Time Written: 20100129160055.000000+060
Event Type: Informazione
User:

Computer Name: KEBE-AC9B0ABAF1
Event Code: 20159
Message: La connessione a Vodafone Mobile Connect eseguita dall'utente mediante la periferica COM5 è stata interrotta.

Record Number: 12786
Source Name: RemoteAccess
Time Written: 20100129160039.000000+060
Event Type: Informazione
User:

Computer Name: KEBE-AC9B0ABAF1
Event Code: 20158
Message: L'utente ha stabilito la connessione a Vodafone Mobile Connect utilizzando la periferica COM5.

Record Number: 12785
Source Name: RemoteAccess
Time Written: 20100129155144.000000+060
Event Type: Informazione
User:

Computer Name: KEBE-AC9B0ABAF1
Event Code: 51
Message: Errore nella periferica \Device\Harddisk6\D durante un'operazione di paging.

Record Number: 12784
Source Name: Disk
Time Written: 20100129153008.000000+060
Event Type: Attenzione
User:

Computer Name: KEBE-AC9B0ABAF1
Event Code: 51
Message: Errore nella periferica \Device\Harddisk6\D durante un'operazione di paging.

Record Number: 12783
Source Name: Disk
Time Written: 20100129152958.000000+060
Event Type: Attenzione
User:

=====Application event log=====

Computer Name: KEBE-AC9B0ABAF1
Event Code: 0
Message: DisplayMessages:MobileConnectAlreadyRunning: Mobile Connect is already running (OpenExistingVmcMutex) PID=2888

Record Number: 6937
Source Name: MobileConnect
Time Written: 20100112095501.000000+060
Event Type: Informazione
User:

Computer Name: KEBE-AC9B0ABAF1
Event Code: 0
Message:
Record Number: 6936
Source Name: hpqddsvc
Time Written: 20100112095419.000000+060
Event Type: Informazione
User:

Computer Name: KEBE-AC9B0ABAF1
Event Code: 0
Message:
Record Number: 6935
Source Name: hpqcxs08
Time Written: 20100112095418.000000+060
Event Type: Informazione
User:

Computer Name: KEBE-AC9B0ABAF1
Event Code: 0
Message:
Record Number: 6934
Source Name: NMIndexingService
Time Written: 20100112095418.000000+060
Event Type: Informazione
User:

Computer Name: KEBE-AC9B0ABAF1
Event Code: 0
Message: INFO: dom=<KEBE-AC9B0ABAF1>; usr=<KEBE SALAM>

Record Number: 6933
Source Name: VMCService
Time Written: 20100112095401.000000+060
Event Type: Informazione
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programmi\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
A voir également:

6 réponses

Réponse 1 / 6
treviso Messages postés 864 Date d'inscription dimanche 17 août 2008 Statut Membre Dernière intervention 9 janvier 2011 124
12 févr. 2010 à 20:13
Logfile of random's system information tool 1.06 (written by random/random)
Run by kebe salam at 2010-02-12 20:04:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 138 GB (91%) free of 153 GB
Total RAM: 2943 MB (82% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{F3C1AD9E-10B9-4F66-9514-24D2274D92B9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{425E30F0-CCC6-4E24-BBEB-BCBD31720B37}]
SPEEDBIT1 Class - C:\Programmi\SpeedBit Toolbar\Toolbar\SpeedBit.dll [2009-08-14 2598896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Guida per l'accesso a Windows Live - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1056498-D09A-41E4-864B-505EDD640D9E}]
SBCONVERT Class - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll [2009-08-14 2498056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-24 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-30 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-24 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d22b76bb-abbd-4eb6-9bbb-f387bf27f76b}]
P2P Max IT Toolbar - C:\Programmi\P2P_Max_IT\tbP2P0.dll [2009-11-27 2166296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programmi\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Programmi\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}]
GrabberObj Class - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll [2009-08-14 198232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar con blocco Pop-Up - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - P2P Max IT Toolbar - C:\Programmi\P2P_Max_IT\tbP2P0.dll [2009-11-27 2166296]
{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - SpeedBit Video Downloader - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll [2009-08-14 2498056]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-24 256112]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Programmi\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
Locked
{E9FAB13D-4600-49E1-90D1-EE961C859D39} - HopSurf toolbar - C:\Programmi\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll [2010-02-12 1122496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe [2009-12-29 155648]
"GrooveMonitor"=C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SMSERIAL"=C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-29 638976]
"Adobe Reader Speed Launcher"=C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HP Software Update"=C:\Programmi\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"ISUSScheduler"=C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"SunJavaUpdateSched"=C:\Programmi\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"MobileConnect"=C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-07-04 2072576]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"COMODO Internet Security"=C:\Programmi\COMODO\COMODO Internet Security\cfp.exe [2010-02-12 1800464]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-29 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"MsnMsgr"=C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"MSMSGS"=C:\Programmi\Messenger\msmsgs.exe [2008-04-14 1695232]
"Auslogics BoostSpeed 4"=C:\Programmi\Auslogics\Auslogics BoostSpeed\boostspeed.exe [2009-01-24 361584]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe
PowerMenu.lnk - C:\Programmi\PowerMenu\PowerMenu.exe

C:\Documents and Settings\kebe salam\Menu Avvio\Programmi\Esecuzione automatica
Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-03-14 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoVisualStyleChoice"=0
"NoColorChoice"=0
"NoSizeChoice"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoSMConfigurePrograms"=1
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE"="C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Modulo di esecuzione DLL come applicazioni"
"C:\Programmi\Java\jre6\bin\javaw.exe"="C:\Programmi\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe"="C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Programmi\HP\Digital Imaging\Bin\hpqste08.exe"="C:\Programmi\HP\Digital Imaging\Bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programmi\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b134ab5e-17f9-11df-aa05-0019dbc4b333}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b134ab5f-17f9-11df-aa05-0019dbc4b333}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence


======List of files/folders created in the last 1 months======

2010-02-12 20:04:47 ----D---- C:\rsit
2010-02-12 01:47:15 ----D---- C:\Documents and Settings\kebe salam\Dati applicazioni\Comodo
2010-02-12 01:47:01 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Comodo
2010-02-12 01:46:57 ----A---- C:\WINDOWS\system32\guard32.dll
2010-02-12 01:46:53 ----D---- C:\Programmi\COMODO
2010-02-12 01:03:35 ----D---- C:\WINDOWS\Prefetch
2010-02-12 00:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-02-12 00:53:25 ----A---- C:\WINDOWS\003123_.tmp
2010-02-12 00:51:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-11 23:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2010-02-11 23:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-02-11 23:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-11 23:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-11 23:29:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-11 23:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-11 23:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-11 23:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-11 22:07:27 ----D---- C:\Programmi\Navilog1
2010-02-11 22:06:12 ----RASHD---- C:\autorun.inf
2010-02-03 11:28:41 ----D---- C:\Programmi\Microsoft Office Outlook Connector
2010-01-14 22:10:00 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Vodafone
2010-01-14 22:09:54 ----D---- C:\Programmi\Vodafone

======List of files/folders modified in the last 1 months======

2010-02-12 20:03:31 ----D---- C:\WINDOWS\Temp
2010-02-12 20:03:31 ----D---- C:\WINDOWS
2010-02-12 20:00:45 ----SHD---- C:\WINDOWS\Installer
2010-02-12 20:00:44 ----HD---- C:\Config.Msi
2010-02-12 19:56:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 19:51:16 ----D---- C:\WINDOWS\system32\drivers
2010-02-12 19:11:12 ----RSD---- C:\WINDOWS\Fonts
2010-02-12 19:10:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-12 18:12:10 ----AC---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2010-02-12 18:11:36 ----HD---- C:\WINDOWS\inf
2010-02-12 13:23:25 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-12 13:08:18 ----D---- C:\Programmi\Mozilla Firefox
2010-02-12 13:04:18 ----D---- C:\Programmi\Malwarebytes' Anti-Malware
2010-02-12 13:04:11 ----SD---- C:\WINDOWS\Tasks
2010-02-12 07:25:54 ----RD---- C:\Programmi
2010-02-12 07:13:48 ----D---- C:\Programmi\MPSI
2010-02-12 01:46:57 ----D---- C:\WINDOWS\system32
2010-02-12 01:42:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-12 01:42:17 ----D---- C:\WINDOWS\system32\config
2010-02-12 01:35:27 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-12 01:35:23 ----D---- C:\WINDOWS\Help
2010-02-12 01:31:05 ----D---- C:\WINDOWS\Debug
2010-02-12 01:20:58 ----D---- C:\Programmi\Internet Explorer
2010-02-12 01:19:06 ----HDC---- C:\WINDOWS\ie8
2010-02-12 01:18:10 ----D---- C:\WINDOWS\system32\it-it
2010-02-12 01:02:58 ----D---- C:\WINDOWS\system32\Setup
2010-02-12 01:02:57 ----D---- C:\WINDOWS\system32\wbem
2010-02-12 01:02:57 ----D---- C:\WINDOWS\AppPatch
2010-02-12 00:59:20 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-12 00:57:54 ----D---- C:\Programmi\Messenger
2010-02-12 00:57:51 ----D---- C:\Programmi\Windows Media Player
2010-02-12 00:57:41 ----D---- C:\WINDOWS\ime
2010-02-12 00:57:32 ----D---- C:\WINDOWS\PeerNet
2010-02-12 00:57:32 ----D---- C:\Programmi\Movie Maker
2010-02-12 00:56:10 ----D---- C:\WINDOWS\system32\Restore
2010-02-12 00:56:10 ----D---- C:\WINDOWS\system32\npp
2010-02-12 00:56:09 ----D---- C:\WINDOWS\msagent
2010-02-12 00:56:08 ----D---- C:\WINDOWS\srchasst
2010-02-12 00:56:08 ----D---- C:\Programmi\NetMeeting
2010-02-12 00:56:07 ----D---- C:\WINDOWS\system32\Com
2010-02-12 00:56:04 ----D---- C:\Programmi\Windows NT
2010-02-12 00:56:04 ----D---- C:\Programmi\Outlook Express
2010-02-12 00:56:02 ----D---- C:\Programmi\File comuni\System
2010-02-12 00:55:48 ----D---- C:\WINDOWS\system32\oobe
2010-02-12 00:55:47 ----D---- C:\WINDOWS\system32\usmt
2010-02-12 00:55:47 ----D---- C:\WINDOWS\system
2010-02-12 00:53:34 ----D---- C:\WINDOWS\security
2010-02-12 00:51:30 ----D---- C:\WINDOWS\EHome
2010-02-12 00:48:36 ----A---- C:\AUTOEXEC.BAT
2010-02-12 00:06:32 ----D---- C:\Documents and Settings\kebe salam\Dati applicazioni\HPAppData
2010-02-11 22:56:58 ----D---- C:\Programmi\VS Revo Group
2010-02-11 22:47:34 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2010-02-11 22:34:39 ----D---- C:\Programmi\TeamViewer
2010-02-11 22:06:09 ----SHD---- C:\RECYCLER
2010-02-10 21:23:31 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2010-02-10 21:20:08 ----AC---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-02-05 21:08:12 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-02-05 20:43:44 ----SD---- C:\Documents and Settings\kebe salam\Dati applicazioni\Microsoft
2010-02-03 20:04:36 ----D---- C:\Programmi\Microsoft Silverlight
2010-02-03 13:13:42 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-03 13:13:17 ----RSD---- C:\WINDOWS\assembly
2010-02-03 11:26:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-03 11:25:33 ----D---- C:\Programmi\Windows Live
2010-02-03 11:23:54 ----D---- C:\WINDOWS\system32\DirectX
2010-01-25 21:05:17 ----AC---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2010-01-19 12:02:36 ----HD---- C:\$AVG8.VAULT$
2010-01-14 21:24:42 ----AC---- C:\WINDOWS\WirelessCard.INI
2010-01-14 21:04:04 ----D---- C:\Programmi\ma-config.com
2010-01-14 21:04:04 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\ma-config.com

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Driver del processore AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-12 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-02-12 25160]
R1 WS2IFSL;Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-14 1972736]
R3 HDAudBus;Driver bus UAA Microsoft per High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 MODEMCSA;Periferica filtro flusso Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-01-29 984832]
R3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Driver miniport per controller open host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 bsusbser;PHD USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\bsusbser.sys [2008-01-23 99456]
S3 catchme;catchme; \??\C:\DOCUME~1\KEBESA~1\IMPOST~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Driver scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-14 446464]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe [2010-02-12 723632]
R2 hpqddsvc;Servizio di rilevamento dispositivi HP CUE; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmi\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programmi\File comuni\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 SeaPort;SeaPort; C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 UPHClean;User Profile Hive Cleanup; C:\Programmi\UPHClean\uphclean.exe [2005-04-27 241725]
R2 VMCService;Vodafone Mobile Connect Service; C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 NMIndexingService;NMIndexingService; C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Servizio Windows Live Family Safety; C:\Programmi\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-24 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 WMPNetworkSvc;Servizio di condivisione in rete Windows Media Player; C:\Programmi\Windows Media Player\WMPNetwk.exe [2006-11-02 918528]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
0
Réponse 2 / 6
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
12 févr. 2010 à 20:18
je t'avais ouvert un sujet mais tu n'as pas compris apparement...

1)

télécharges Hijackthis
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
Lancer HijackThis en double-cliquant sur l'icône du logiciel
Au menu principal, cliquer sur Do a system Scan only and Save a Logfile
Un rapport sera alors généré dans un fichier bloc-notes, il sera situé dans le dossier désinfection initialement créé pour l'installation.
Postes le ici


..................

2)

Téléchargez USBFIX de El Desaparecido, C_xx

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097

/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur le bureau .

Choisir l'option2 suppression
(d’autres options disponibles, voir le tutoriel).
• Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal.

Si un message te demande de redémarrer l'ordinateur fais le ...

● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse


• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html


UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097

Il est enregistré sur ton bureau.

Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.




0
Réponse 3 / 6
treviso Messages postés 864 Date d'inscription dimanche 17 août 2008 Statut Membre Dernière intervention 9 janvier 2011 124
12 févr. 2010 à 20:27
vraiment.tu m'excuses.....................
0
Réponse 4 / 6
treviso Messages postés 864 Date d'inscription dimanche 17 août 2008 Statut Membre Dernière intervention 9 janvier 2011 124
12 févr. 2010 à 20:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.34.21, on 12/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UPHClean\uphclean.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Auslogics\Auslogics BoostSpeed\boostspeed.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe
C:\Programmi\PowerMenu\PowerMenu.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Programmi\SpeedBit Toolbar\Toolbar\SpeedBit.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: P2P Max IT Toolbar - {d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - C:\Programmi\P2P_Max_IT\tbP2P0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: P2P Max IT Toolbar - {d22b76bb-abbd-4eb6-9bbb-f387bf27f76b} - C:\Programmi\P2P_Max_IT\tbP2P0.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Programmi\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Programmi\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\Bin\hpqtra08.exe
O4 - Global Startup: PowerMenu.lnk = C:\Programmi\PowerMenu\PowerMenu.exe
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Programmi\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {76023B57-57C3-4985-AF81-1BF7EC68ABDF} (ACActiveX.MyUserControl) - https://217.220.21.246/italy/ActiveX/ACActiveX.ocx
O16 - DPF: {8C254311-8E82-4031-A00A-8C8102B1BBD5} (ACCL.ACV) - https://217.220.21.246/italy/ActiveX/ACCL.cab
O16 - DPF: {8DD07946-0293-4EFA-A1AA-7633B436E907} (ACCAIT.MainClass) - https://217.220.21.246/italy/ActiveX/ACCAIT.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
12 févr. 2010 à 20:41
apres avoir fait usbfix comme indiqué au dessus


Téléchargez MalwareByte's Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller


Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
0
Réponse 6 / 6
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
13 févr. 2010 à 05:55
c'est ici qu'il faut poster les rapports, je le fais pour toi donc

et dis moi où en sont tes soucis, comment vas le pc ?

############################# | UsbFix V6.083 |

User : kebe salam (Administrators) # KEBE-AC9B0ABAF1
Update on 30/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 20.41.51 | 12/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : COMODO Antivirus 3.9 [ (!) Disabled | Updated ]
FW : COMODO Firewall[ (!) Disabled ]3.9

A:\ -> Disco floppy, 3,5 pollici
C:\ -> Disco rigido locale # 149,04 Go (135,08 Go free) # NTFS
D:\ -> Disco CD-ROM
E:\ -> Disco CD-ROM # 61,33 Mo (0 Mo free) [Vodafone MCInsta] # CDFS
F:\ -> Disco rimovibile
G:\ -> Disco rimovibile
H:\ -> Disco rimovibile
I:\ -> Disco rimovibile
J:\ -> Disco rimovibile # 1,84 Go (1,84 Go free) # FAT
K:\ -> Disco rimovibile # 1,87 Go (910,56 Mo free) [UDISK] # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 664
C:\WINDOWS\system32\csrss.exe 728
C:\WINDOWS\system32\winlogon.exe 756
C:\WINDOWS\system32\services.exe 800
C:\WINDOWS\system32\lsass.exe 812
C:\WINDOWS\system32\Ati2evxx.exe 968
C:\WINDOWS\system32\svchost.exe 1000
C:\WINDOWS\system32\svchost.exe 1064
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe 1112
C:\WINDOWS\system32\svchost.exe 1140
C:\WINDOWS\system32\svchost.exe 1268
C:\WINDOWS\system32\svchost.exe 1292
C:\WINDOWS\system32\logonui.exe 1304
C:\WINDOWS\system32\Ati2evxx.exe 1336
C:\WINDOWS\System32\svchost.exe 1384
C:\WINDOWS\system32\spoolsv.exe 1516
C:\WINDOWS\system32\svchost.exe 1704
C:\Programmi\Java\jre6\bin\jqs.exe 1724
C:\WINDOWS\system32\userinit.exe 1768
C:\Programmi\File comuni\LightScribe\LSSrvc.exe 1840
C:\WINDOWS\Explorer.EXE 1860
C:\WINDOWS\System32\svchost.exe 1896
C:\WINDOWS\System32\svchost.exe 1920
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1940
C:\WINDOWS\system32\svchost.exe 2016
C:\Programmi\UPHClean\uphclean.exe 140
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe 308
C:\WINDOWS\system32\wbem\wmiprvse.exe 124
C:\WINDOWS\system32\wuauclt.exe 1236

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-2000478354-1417001333-839522115-1004
Non supprimé ! E:\helper.exe
Non supprimé ! E:\autorun.inf
Supprimé ! K:\log.txt

################## | Registre |


################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{b134ab5e-17f9-11df-aa05-0019dbc4b333}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[12/02/2010 00.48|--a------|4] C:\AUTOEXEC.BAT
[01/01/2002 00.40|---hs----|223] C:\boot.ini
[02/03/2006 13.00|-rahs----|4952] C:\Bootfont.bin
[28/06/2008 23.04|--a------|0] C:\CONFIG.SYS
[28/06/2008 23.04|-rahs----|0] C:\IO.SYS
[28/06/2008 23.04|-rahs----|0] C:\MSDOS.SYS
[02/03/2006 13.00|-rahs----|47564] C:\NTDETECT.COM
[12/10/2008 21.30|-rahs----|251600] C:\ntldr
[?|?|?] C:\pagefile.sys
[12/02/2010 20.44|--a------|3110] C:\UsbFix.txt
[18/07/2009 15.21|--a------|450] C:\WUTransactionsList.csv
[07/07/2008 21.46|-r-------|113] E:\Autorun.inf
[05/07/2008 07.23|-r-------|39716715] E:\helper.exe
[08/07/2008 03.27|-r-------|327680] E:\setup_vmc_lite.exe
[18/01/2010 23.43|--a------|4179293] K:\everest_2.20_fr(2).exe
[18/01/2010 23.50|--a------|244758] K:\Report.htm
[19/01/2010 01.40|--a------|16409960] K:\spybotsd162.exe
[16/01/2010 21.50|--a------|2798206] K:\xion_v1.0b125(4).exe
[16/01/2010 21.26|--a------|3357024] K:\ccsetup227.exe
[16/01/2010 22.40|--a------|806401] K:\speedswitchxp_speedswitchxp_1.52_allemand_66498.exe
[19/01/2010 08.26|--a------|40603920] K:\CIS_Setup_3.13.125662.579_XP_Vista_x32.exe
[20/01/2010 16.17|--a------|156815352] K:\OOo_3.1.1_Win32Intel_install_wJRE_it.exe
[20/01/2010 08.13|--a------|11164696] K:\dap93_bros.exe
[20/01/2010 06.41|--a------|1114576] K:\revosetup.exe
[22/01/2010 01.52|--a------|25823304] K:\wmp11-windowsxp-x86-it-it.exe
[21/01/2010 23.56|--a------|66659] K:\17979_220262242998_771912998_2963114_1263012_n.jpg
[07/02/2010 18.19|--a------|34119] K:\17979_220320932998_771912998_2963499_3494289_n.jpg
[22/01/2010 11.24|--a------|79245136] K:\9-11_legacy_xp32-64_dd_ccc(2).exe
[21/01/2010 06.39|--a------|7906312] K:\Firefox Setup 3.5.7.exe
[23/01/2010 00.59|--a------|18734784] K:\WDM_A406.exe
[22/01/2010 22.24|--a------|2875520] K:\MaConfig_4_0_1_3.exe
[23/01/2010 14.23|--a------|3762464] K:\rcsetup134.exe
[23/01/2010 17.28|--a------|1162056] K:\wlsetup-custom.exe
[31/01/2010 04.18|--a------|34291200] K:\eav_nt32_fra.msi
[31/01/2010 19.04|--a------|144765768] K:\wlsetup-all.exe
[31/01/2010 19.12|--a------|2420544] K:\TeamViewer_Host_Setup.exe
[16/01/2010 21.49|--a------|2798206] K:\XION_V1.0B125(3).EXE
[07/02/2010 18.18|--a------|47795] K:\17476_1255126951831_1639305345_613809_2727564_n.jpg
[31/01/2010 09.08|--a------|1262986] K:\AD-R.exe
[31/01/2010 09.01|--a------|228116] K:\Navilog1.exe
[31/01/2010 09.07|--a------|1481255] K:\UsbFix.exe
[30/01/2010 11.01|--a------|781909] K:\RSIT.exe
[31/01/2010 09.00|--a------|781909] K:\RSIT(2).exe
[30/01/2010 10.39|--a------|1090530] K:\Setup.exe
[11/02/2010 23.23|--a------|1578758] K:\List_Killem_Install.exe
[11/02/2010 23.46|--a------|21444] K:\info.txt
[12/02/2010 00.30|--a------|16968544] K:\IE8-WindowsXP-x86-ITA.exe
[12/02/2010 19.40|--a------|781909] K:\RSIT(3).exe
[12/02/2010 20.30|--a------|812344] K:\HJTInstall.exe
[12/02/2010 20.34|--a------|11240] K:\hijackthis.log
[12/02/2010 20.41|--a------|1496] K:\BOOTEX.LOG

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# K:\autorun.inf -> Dossier créé par UsbFix.

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_KEBE-AC9B0ABAF1.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.083 ! |


...........................................

Malwarebytes' Anti-Malware 1.44
Versione del database: 3729
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/02/2010 21.51.28
mbam-log-2010-02-12 (21-51-21).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Elementi scansionati: 180103
Tempo trascorso: 50 minute(s), 1 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 11

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\R­P16\A0006600.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006601.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006602.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006603.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006604.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006605.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006606.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006607.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006608.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006609.dll (Trojan.Exploit) -> No action taken.
C:\System Volume Information\_restore{8B95E5E1-A84F-496D-A614-D7DAD4D3F5C6}\RP16\A0006610.dll (Trojan.Exploit) -> No action taken.

0