Aller au contenu

Zufi

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français italien anglais

Zufi's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Zufi
    Merci quand même ! Je vais essayer de me débrouiller... Bonne soirée. Zufi
  2. Zufi
    Merci pour ta réponse rapide ! Voici le résultat de HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:16:05, on 18/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\WINDOWS.0\system32\lkcitdl.exe C:\WINDOWS.0\system32\lkads.exe C:\WINDOWS.0\system32\lktsrv.exe C:\MSC.Software\MSC.Patran\2003\p3manager_files\bin\WINNT\QueMgr.exe C:\MSC.Software\MSC.Patran\2003\p3manager_files\bin\WINNT\RmtMgr.exe C:\Programmi\National Instruments\MAX\nimxs.exe C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe C:\WINDOWS.0\system32\nisvcloc.exe C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe C:\flexlm\lmgrd.exe C:\WINDOWS.0\system32\svchost.exe C:\flexlm\msc.exe C:\WINDOWS.0\system32\nipalsm.exe C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Programmi\National Instruments\NI-DAQ\HWConfig\nidevmon.exe C:\Programmi\Java\jre6\bin\jusched.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS.0\system32\ctfmon.exe C:\WINDOWS.0\explorer.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Programmi\Windows Live\Contacts\wlcomm.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmi\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmi\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FILECO~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [niDevMon] C:\Programmi\National Instruments\NI-DAQ\HWConfig\nidevmon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS.0\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS.0\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS.0\system32\lktsrv.exe O23 - Service: MSCQueMgr - Unknown owner - C:\MSC.Software\MSC.Patran\2003\p3manager_files\bin\WINNT\QueMgr.exe O23 - Service: MSCRmtMgr - Unknown owner - C:\MSC.Software\MSC.Patran\2003\p3manager_files\bin\WINNT\RmtMgr.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Programmi\National Instruments\MAX\nimxs.exe O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS.0\system32\nipalsm.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NILM License Manager - Macrovision Corporation - C:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS.0\system32\nipalsm.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS.0\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: PatranNastran - GLOBEtrotter Software Inc. - C:\flexlm\lmgrd.exe -- End of file - 10890 bytes
  3. Zufi
    Bonjour, Et merci par avance à ceux qui voudront bien avoir la gentillesse de me donner un coup de main. Mon ordi a commencé à faire des choses bizarres : plus d'horloge, anti virus disparu ... J'ai réinstallé Kaspersky. En effectuant un scan complet , plusieurs menaces sont apparues, la plus dangereuse selon Kaspersky, qui ne réussissait pas à l'éliminer, étant Packed Win32.TDSS.z J'ai téléchargé Combofix, voici le rapport (mon XP est en italien, Combofix est passé automatiquement dans cette langue, j'espère que cela ne posera pas de problème). ComboFix 10-03-17.07 - sophie 18/03/2010 12:50:53.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.705 [GMT 1:00] Eseguito da: c:\documents and settings\sophie.SOPHIE-LAPTOP\Desktop\CBF1.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !! . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-3779375807-4278909908-1602068789-1000 c:\recycler\S-1-5-21-448539723-152049171-1417001333-1005 . ((((((((((((((((((((((((( Files Creati Da 2010-02-18 al 2010-03-18 ))))))))))))))))))))))))))))))))))) . 2010-03-18 05:23 . 2010-03-18 05:40 -------- d-----w- C:\Temp 2010-03-03 17:33 . 2008-04-13 18:13 21504 -c--a-w- c:\windows.0\system32\dllcache\hidserv.dll 2010-03-03 17:33 . 2008-04-13 18:13 21504 ----a-w- c:\windows.0\system32\hidserv.dll 2010-03-03 17:33 . 2008-04-13 10:45 32128 -c--a-w- c:\windows.0\system32\dllcache\usbccgp.sys 2010-03-03 17:33 . 2008-04-13 10:45 32128 ----a-w- c:\windows.0\system32\drivers\usbccgp.sys 2010-03-01 10:55 . 2010-02-12 10:03 293376 ------w- c:\windows.0\system32\browserchoice.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-18 12:08 . 2009-04-22 12:55 933920 --sha-w- c:\windows.0\system32\drivers\fidbox2.dat 2010-03-18 12:08 . 2009-04-22 12:55 4272 --sha-w- c:\windows.0\system32\drivers\fidbox2.idx 2010-03-18 12:07 . 2009-04-22 12:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Dati applicazioni\Kaspersky Lab 2010-03-18 12:02 . 2009-04-22 12:55 7580192 --sha-w- c:\windows.0\system32\drivers\fidbox.dat 2010-03-18 12:02 . 2009-04-22 12:55 61348 --sha-w- c:\windows.0\system32\drivers\fidbox.idx 2010-03-18 05:28 . 2009-04-22 13:23 95259 ----a-w- c:\windows.0\system32\drivers\klick.dat 2010-03-18 05:28 . 2009-04-22 13:23 108059 ----a-w- c:\windows.0\system32\drivers\klin.dat 2010-03-15 18:09 . 2008-07-19 20:03 -------- d-----w- c:\programmi\eMule 2010-03-12 18:29 . 2008-10-19 11:35 -------- d-----w- c:\documents and settings\sophie.SOPHIE-LAPTOP\Dati applicazioni\Skype 2010-03-11 16:02 . 2009-11-28 20:23 -------- d-----w- c:\documents and settings\sophie.SOPHIE-LAPTOP\Dati applicazioni\skypePM 2010-03-10 22:18 . 2008-09-17 10:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Dati applicazioni\Microsoft Help 2010-02-03 18:53 . 2009-10-31 18:26 -------- d-----w- c:\programmi\iTunes 2010-02-03 18:52 . 2010-02-03 18:52 -------- d-----w- c:\programmi\iPod 2010-02-03 18:52 . 2009-10-31 18:23 -------- d-----w- c:\programmi\File comuni\Apple 2010-02-03 18:46 . 2008-09-20 11:09 -------- d-----w- c:\programmi\QuickTime 2010-02-03 18:38 . 2010-02-03 18:38 72488 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-03 18:32 . 2010-02-03 18:32 56064 ---ha-w- c:\windows.0\system32\mlfcache.dat 2010-01-30 20:37 . 2006-03-02 12:00 84778 ----a-w- c:\windows.0\system32\perfc010.dat 2010-01-30 20:37 . 2006-03-02 12:00 491942 ----a-w- c:\windows.0\system32\perfh010.dat 2010-01-28 21:11 . 2010-01-28 21:11 -------- d-----w- c:\programmi\Microsoft Silverlight 2010-01-26 16:15 . 2010-01-26 16:15 823296 ----a-w- c:\documents and settings\sophie.SOPHIE-LAPTOP\Dati applicazioni\Sun\Java\Deployment\cache\6.0\9\59d1d89-361b7dad-n\j3dcore-d3d.dll 2010-01-26 16:15 . 2010-01-26 16:15 163840 ----a-w- c:\documents and settings\sophie.SOPHIE-LAPTOP\Dati applicazioni\Sun\Java\Deployment\cache\6.0\40\12028968-5e307ca8-n\j3dcore-ogl.dll 2010-01-26 16:15 . 2010-01-26 16:15 49152 ----a-w- c:\documents and settings\sophie.SOPHIE-LAPTOP\Dati applicazioni\Sun\Java\Deployment\cache\6.0\16\adf6550-2a1efbaf-n\j3dcore-ogl-chk.dll 2010-01-16 09:44 . 2008-09-17 10:58 76592 ----a-w- c:\documents and settings\sophie.SOPHIE-LAPTOP\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT 2010-01-13 15:17 . 2008-10-18 09:52 1 ----a-w- c:\documents and settings\sophie.SOPHIE-LAPTOP\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-31 16:50 . 2008-04-13 10:15 353792 ----a-w- c:\windows.0\system32\drivers\srv.sys 2009-12-21 19:06 . 2008-05-12 07:12 916480 ----a-w- c:\windows.0\system32\wininet.dll 2007-11-19 21:58 . 2008-10-11 10:32 101893 ----a-w- c:\programmi\TLR Single USM Capture Sharpening for CS3.jsx 2007-10-16 06:09 . 2008-10-11 10:32 21242 ----a-w- c:\programmi\TLR Single USM Creative Sharpening for CS3.jsx 2007-10-16 06:08 . 2008-10-11 10:32 106067 ----a-w- c:\programmi\TLR SS Capture Sharpening for CS3.jsx 2007-10-16 06:08 . 2008-10-11 10:32 24840 ----a-w- c:\programmi\TLR SS Creative Sharpening for CS3.jsx 2007-10-16 06:08 . 2008-10-11 10:32 23864 ----a-w- c:\programmi\TLR Web Output Sharpening for CS3.jsx 2007-10-16 06:07 . 2008-10-11 10:32 25041 ----a-w- c:\programmi\TLR Dual USM Creative Sharpening for CS3.jsx 2007-10-16 06:07 . 2008-10-11 10:32 26044 ----a-w- c:\programmi\TLR Halftone Output Sharpening for CS3.jsx 2007-10-16 06:07 . 2008-10-11 10:32 25279 ----a-w- c:\programmi\TLR Inkjet Output Sharpening for CS3.jsx 2007-10-16 06:07 . 2008-10-11 10:32 21234 ----a-w- c:\programmi\TLR Local Contrast Enhancement for CS3.jsx 2007-10-16 06:06 . 2008-10-11 10:32 106343 ----a-w- c:\programmi\TLR Dual USM Capture Sharpening for CS3.jsx 2007-10-16 06:06 . 2008-10-11 10:32 24357 ----a-w- c:\programmi\TLR Contone Output Sharpening for CS3.jsx 2007-10-16 06:06 . 2008-10-11 10:32 20152 ----a-w- c:\programmi\TLR Creative Blur for CS3.jsx 2007-10-16 06:06 . 2008-10-11 10:32 20025 ----a-w- c:\programmi\TLR Creative Texture Effect for CS3.jsx 2007-10-16 06:05 . 2008-10-11 10:32 55550 ----a-w- c:\programmi\TLR Digital Noise Reduction for CS3.jsx 2004-03-15 15:51 . 2004-03-15 15:51 114688 ----a-w- c:\programmi\internet explorer\plugins\LV71ActiveXControl.dll 2006-01-23 08:32 . 2006-01-23 08:32 131072 ----a-w- c:\programmi\internet explorer\plugins\LV80ActiveXControl.dll 2007-02-08 08:48 . 2007-02-08 08:48 133920 ----a-w- c:\programmi\internet explorer\plugins\LV82ActiveXControl.dll 2007-07-24 17:03 . 2007-07-24 17:03 118784 ----a-w- c:\programmi\internet explorer\plugins\LV85ActiveXControl.dll . ------- Sigcheck ------- [-] 2008-05-12 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Gestionnaire Antidote.exe"="c:\progra~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2005-06-22 386752] "ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "niDevMon"="c:\programmi\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2007-07-14 106064] "SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792] "iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-01-22 141608] "AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-22 201992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2009-03-08 128512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-12-10 12:35 2356088 ----a-w- c:\programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 14:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\Programmi\\File comuni\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\MSC.Software\\MSC.Patran\\2003\\p3manager_files\\bin\\WINNT\\P3Mgr.exe"= "c:\\MSC.Software\\MSC.Patran\\2003\\p3manager_files\\bin\\WINNT\\JobMgr.exe"= "c:\\Programmi\\eMule\\emule.exe"= "c:\\WINDOWS.0\\system32\\dpvsetup.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\Bonjour\\mDNSResponder.exe"= "c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programmi\\iTunes\\iTunes.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows.0\system32\drivers\klbg.sys [29/01/2008 17:29 33808] R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows.0\system32\drivers\nipbcfk.sys [10/07/2007 19:08 15448] R2 MSCQueMgr;MSCQueMgr;c:\msc.software\MSC.Patran\2003\p3manager_files\bin\WINNT\QueMgr.exe [27/11/2002 11:26 241664] R2 MSCRmtMgr;MSCRmtMgr;c:\msc.software\MSC.Patran\2003\p3manager_files\bin\WINNT\RmtMgr.exe [27/11/2002 11:26 118784] R2 nidevldu;NI Device Loader;c:\windows.0\system32\nipalsm.exe [16/02/2007 10:21 12696] R2 nipxirmk;nipxirmk;c:\windows.0\system32\drivers\nipxirmkl.sys [22/02/2007 11:18 11552] R2 NiViPxiK;NI-VISA PXI Driver;c:\windows.0\system32\drivers\NiViPxiKl.sys [19/07/2007 10:56 11360] R2 PatranNastran;PatranNastran;c:\flexlm\lmgrd.exe [05/10/2008 15:51 597504] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows.0\system32\drivers\klim5.sys [25/03/2008 19:07 24592] R3 nidimk;nidimk;c:\windows.0\system32\drivers\nidimkl.sys [12/07/2007 17:18 11360] R3 nimru2k;nimru2k;c:\windows.0\system32\drivers\nimru2kl.sys [24/07/2007 11:19 11360] R3 nimstsk;nimstsk;c:\windows.0\system32\drivers\nimstskl.sys [13/07/2007 19:00 11360] S3 lvalarmk;lvalarmk;c:\windows.0\system32\drivers\lvalarmk.sys [11/01/2007 09:18 20256] S3 MCHPUSB;MCHPUSB;c:\windows.0\system32\drivers\mchpusb.sys [30/11/2009 08:29 53760] S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows.0\system32\drivers\ni1006k.sys [22/02/2007 11:40 25888] S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows.0\system32\drivers\ni1045kl.sys [22/02/2007 11:43 11552] S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows.0\system32\drivers\ni1065k.sys [25/05/2007 12:26 22360] S3 nicdrk;nicdrk;c:\windows.0\system32\drivers\nicdrkl.sys [15/07/2007 16:44 11352] S3 nidmxfk;nidmxfk;c:\windows.0\system32\drivers\nidmxfkl.sys [13/07/2007 21:38 11336] S3 nidsark;nidsark;c:\windows.0\system32\drivers\nidsarkl.sys [27/07/2007 14:37 11344] S3 niemrk;niemrk;c:\windows.0\system32\drivers\niemrkl.sys [24/07/2007 18:37 11336] S3 niemrkw;niemrkw;c:\windows.0\system32\drivers\niemrkw.sys [14/04/2009 13:14 11336] S3 niesrk;niesrk;c:\windows.0\system32\drivers\niesrkl.sys [24/07/2007 18:37 11336] S3 nifslk;nifslk;c:\windows.0\system32\drivers\nifslkl.sys [15/07/2007 17:31 11352] S3 nimsdrk;nimsdrk;c:\windows.0\system32\drivers\nimsdrkl.sys [18/07/2007 09:47 11392] S3 nimslk;nimslk;c:\windows.0\system32\drivers\nimslk.dll [20/06/2007 23:19 14464] S3 nimsrlk;nimsrlk;c:\windows.0\system32\drivers\nimsrlk.dll [20/06/2007 23:19 151683] S3 nimxpk;nimxpk;c:\windows.0\system32\drivers\nimxpkl.sys [13/07/2007 19:01 11368] S3 ninshsdk;ninshsdk;c:\windows.0\system32\drivers\ninshsdkl.sys [19/07/2007 12:49 11360] S3 nipalfwedl;nipalfwedl;c:\windows.0\system32\drivers\nipalfwedl.sys [18/07/2007 20:11 11904] S3 nipalusbedl;nipalusbedl;c:\windows.0\system32\drivers\nipalusbedl.sys [18/07/2007 20:12 11896] S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows.0\system32\drivers\nipxigpk.sys [22/02/2007 11:45 20768] S3 niscdk;niscdk;c:\windows.0\system32\drivers\niscdkl.sys [19/07/2007 01:32 11376] S3 nisdigk;nisdigk;c:\windows.0\system32\drivers\nisdigkl.sys [16/07/2007 23:27 11352] S3 nisftk;nisftk;c:\windows.0\system32\drivers\nisftkl.sys [16/07/2007 11:52 11344] S3 nispdk;nispdk;c:\windows.0\system32\drivers\nispdkl.sys [19/07/2007 01:32 11376] S3 nissrk;nissrk;c:\windows.0\system32\drivers\nissrkl.sys [24/07/2007 18:37 11336] S3 nistc2k;nistc2k;c:\windows.0\system32\drivers\nistc2kl.sys [15/07/2007 15:48 11312] S3 nistcrk;nistcrk;c:\windows.0\system32\drivers\nistcrkl.sys [15/07/2007 16:50 11360] S3 niswdk;niswdk;c:\windows.0\system32\drivers\niswdkl.sys [17/07/2007 03:18 11336] S3 nitiork;nitiork;c:\windows.0\system32\drivers\nitiorkl.sys [18/07/2007 21:15 11360] S3 NiViFWK;NI-VISA FireWire Driver;c:\windows.0\system32\drivers\NiViFWKl.sys [19/07/2007 10:48 11384] S3 NiViPciK;NI-VISA PCI Driver;c:\windows.0\system32\drivers\NiViPciKl.sys [19/07/2007 10:56 11360] S3 niwfrk;niwfrk;c:\windows.0\system32\drivers\niwfrkl.sys [24/07/2007 18:37 11336] S3 nixsrk;nixsrk;c:\windows.0\system32\drivers\nixsrkl.sys [24/07/2007 18:38 11336] S3 P1171VID;Creative WebCam Notebook #2;c:\windows.0\system32\drivers\P1171Vid.sys [10/01/2010 21:49 91392] S3 usb6xxxk;usb6xxxk;\??\c:\windows.0\system32\drivers\usb6xxxkl.sys --> c:\windows.0\system32\drivers\usb6xxxkl.sys [?] --- Altri Servizi/Drivers In Memoria --- *NewlyCreated* - NIPALK . Contenuto della cartella 'Scheduled Tasks' 2010-03-05 c:\windows.0\Tasks\AppleSoftwareUpdate.job - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-03-18 c:\windows.0\Tasks\User_Feed_Synchronization-{0C84A178-DD49-4664-A57F-275099D30380}.job - c:\windows.0\system32\msfeedssync.exe [2008-05-12 02:31] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Ajouter au fichier PDF existant - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir en Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-18 13:10 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'winlogon.exe'(1068) c:\windows.0\system32\Ati2evxx.dll c:\windows.0\system32\klogon.dll - - - - - - - > 'explorer.exe'(452) c:\windows.0\system32\WININET.dll c:\windows.0\system32\webcheck.dll c:\windows.0\system32\wpdshserviceobj.dll c:\windows.0\system32\portabledevicetypes.dll c:\windows.0\system32\portabledeviceapi.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\windows.0\system32\Ati2evxx.exe c:\windows.0\system32\Ati2evxx.exe c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programmi\Bonjour\mDNSResponder.exe c:\programmi\Java\jre6\bin\jqs.exe c:\windows.0\system32\lkcitdl.exe c:\windows.0\system32\lkads.exe c:\windows.0\system32\lktsrv.exe c:\programmi\National Instruments\MAX\nimxs.exe c:\programmi\National Instruments\Shared\Security\nidmsrv.exe c:\windows.0\system32\nisvcloc.exe c:\programmi\National Instruments\Shared\Tagger\tagsrv.exe c:\flexlm\msc.exe c:\programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\programmi\iPod\bin\iPodService.exe . ************************************************************************** . Ora fine scansione: 2010-03-18 13:16:07 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2010-03-18 12:16 Pre-Run: 97 298 366 464 byte disponibili Post-Run: 105 427 501 056 byte disponibili - - End Of File - - B51CE4071107C09C42A1A45CB86D1DAB Comment puis-je poursuivre la procédure de désinfectation ? Merci de vos conseils! Zufi.
×
×
  • Créer...