Se connecter / S'enregistrer
Votre question

Infection multiple: win32.mutant.yf / trojan.pandex + malware

Tags :
  • Malware
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Novembre 2008 18:28:01

Bonsoir à tous,

Je suis semble-t-il victime d'une infection multiple au trojan.mutant.yf et trojan pandex (identiques ?) ainsi que du malware winctrl32.dll

Malgréplusieurs tentatives je n'arrive pas à me défaire de ces 2 virus qui travaillent coinjointement apparement...

Merci beaucoup de m'aider car je désespère...!

JF

Autres pages sur : infection multiple win32 mutant trojan pandex malware

7 Novembre 2008 19:20:46

Merci pour la réponse, voici le rapport (désolé un peu long) :-(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.17.16, on 07/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Equant\Dialer\EACSvrMngr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmi\Symantec AntiVirus\SavRoam.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Update0809191255.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://goldreloaded/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://goldreloaded/default.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by INTERBULK TRADING SA
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.itcgr.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.itcgr.net;*goldreloaded*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FAD9CF06-4086-41C2-A18D-3F41E3FDBF78} - C:\WINDOWS\system32\blackbo.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BEWDeactivateSafenet] C:\Programmi\CoSine Communications\IPSec Dial Client\vpn -deactivate
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA355] command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1332] cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB2811] command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2517] cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SoftRemote.lnk = C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
O4 - Global Startup: Update0809191255.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://goldreloaded/default.aspx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_c...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = int.itcgr.net
O17 - HKLM\Software\..\Telephony: DomainName = int.itcgr.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = int.itcgr.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = int.itcgr.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = int.itcgr.net
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Programmi\Equant\Dialer\EACSvrMngr.exe
O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Programmi\Equant\Dialer\EACSys.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10660 bytes
Contenus similaires
a b 8 Sécurité
7 Novembre 2008 19:53:24

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    7 Novembre 2008 23:48:49

    Voici le log de malwarebyte's:
    Malwarebytes' Anti-Malware 1.30
    Database version: 1373
    Windows 5.1.2600 Service Pack 2

    07/11/2008 23.38.27
    mbam-log-2008-11-07 (23-38-13).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 104236
    Time elapsed: 2 hour(s), 19 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 4
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{fad9cf06-4086-41c2-a18d-3f41e3fdbf78} (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fad9cf06-4086-41c2-a18d-3f41e3fdbf78} (Trojan.Agent) -> No action taken.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\blackbo.dll (Trojan.Agent) -> No action taken.
    8 Novembre 2008 08:28:21

    Apparement, après redémarrage, les fichiers ont été nettoyés, et ce matin ni symantec, ni spybot ne détecte de fichiers corrompus...

    Il semblerait que cela ait marché, à moins que tu n'aies un avis différent, un autre controle à faire ?

    En tout cas merci et tiens-moi au courant !
    a b 8 Sécurité
    8 Novembre 2008 13:57:22

    Reposte un rapport Hijackthis.
    8 Novembre 2008 15:30:40

    Voici le dernier rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15.29.28, on 08/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\Programmi\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    C:\Programmi\Equant\Dialer\EACSvrMngr.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Symantec AntiVirus\SavRoam.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programmi\Symantec AntiVirus\Rtvscan.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\HPQ\SHARED\HPQWMI.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Programmi\TomTom HOME\TomTomHOME.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Microsoft ActiveSync\wcescomm.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://goldreloaded/default.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://goldreloaded/default.aspx
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by INTERBULK TRADING SA
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.itcgr.net:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.itcgr.net;*goldreloaded*;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {FAD9CF06-4086-41C2-A18D-3F41E3FDBF78} - C:\WINDOWS\system32\blackbo.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BEWDeactivateSafenet] C:\Programmi\CoSine Communications\IPSec Dial Client\vpn -deactivate
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: SoftRemote.lnk = C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
    O4 - Global Startup: Update0809191255.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://goldreloaded/default.aspx
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_c...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\Software\..\Telephony: DomainName = int.itcgr.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Programmi\Equant\Dialer\EACSvrMngr.exe
    O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Programmi\Equant\Dialer\EACSys.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 10407 bytes

    Y-a-t-il encore des trucs à faire, risques ?
    a b 8 Sécurité
    8 Novembre 2008 18:18:28

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    9 Novembre 2008 13:44:38

    Bonjour,
    En fait la lecture du tutoriel m'a un peu refroidi, etant donné qu'il s'agit d'un ordi de boulot et qu'il y a toute une série de programme et paramètres par défaut, je ne voudrais pas supprimer des fichiers ou autre qui sont censés etre installés sur mon ordi.
    Y-a-t-il un risque à ne pas faire tourner combofix alors que tout à l'air d'etre rentré dans l'ordre ?
    Merci!
    a b 8 Sécurité
    9 Novembre 2008 14:45:04

    Il y a des restes. On peut faire autrement si tu as peur.

    Télécharge Random's System Information Tool (RSIT) par (random/random[/#f]) et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt [#ff0000](affiché)

  • ainsi que de info.txt (réduit dans la Barre des Tâches).
  • Veille bien à poster l'intégralité des rapports. Vérifie qu'ils soient complets une fois que tu les as postés.

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    9 Novembre 2008 15:17:49

    Ok, voici le log info.txt:

    info.txt logfile of random's system information tool 1.04 2008-11-09 15:14:52

    ======Uninstall list======

    -->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
    -->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
    -->MsiExec.exe /I{B5D8CCBF-08D8-46C0-8B04-3BC0CAEDA094}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.56 beta-->"C:\Programmi\7-Zip\Uninstall.exe"
    Access Companion-->C:\WINDOWS\System32\AcUninst.exe -dm
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Reader 9 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A90000000001}
    Agere Systems AC'97 Modem-->agrsmdel
    Aggiornamento per Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    All To MP3 Converter 2.15-->"C:\Programmi\LitexMedia\All To MP3 Converter\unins000.exe"
    belote 1.2-->C:\WINDOWS\st6unst.exe -n "C:\Programmi\belote 1.2\ST6UNST.LOG"
    Belote Bridgée-->C:\WINDOWS\system32\GKSUI16.EXE C:\Programmi\Belote Bridgée\UNINSTAL.DAT
    Bluetooth by hp-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
    Broadcom Driver Installer-->C:\Programmi\File comuni\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1040
    Citrix Presentation Server Client-->MsiExec.exe /I{E89956F9-5B89-470E-818D-BD46102D0A01}
    Compatibilità con le versioni precedenti a Microsoft SQL Server 2005-->MsiExec.exe /I{805A39C9-7B32-434A-A3EA-8BC37F861984}
    Diagnostici per Windows-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{1881AE03-2BD4-11D4-86BF-00508B10AA88}\setup.exe" UNINSTALL
    Etisalat USB Modem E170-->C:\Programmi\Etisalat USB Modem E170\uninst.exe
    File di supporto dell'installazione di Microsoft SQL Server (Italiano)-->MsiExec.exe /X{6379FD0A-8964-4A50-80A6-B20B65117905}
    GTK+ Runtime 2.10.13 rev a (remove only)-->C:\Programmi\Dico\uninst.exe
    HijackThis 2.0.2-->"C:\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    HP Integrated Wireless LAN W400-W500 Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{5C3DA2A1-03B2-44BD-B5AA-A44BD6E0C0C1}\setup.exe" -l0x10
    HP Mobile Printing-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B668CB7B-A9DF-43B6-8876-A373A8E1D438}\setup.exe" -l0x9 AnyText
    Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
    Intel(R) PROSet for Wireless-->MsiExec.exe /I{5380063E-2909-4d72-BFA3-625881F2E78B}
    InterVideo WinDVD-->"C:\Programmi\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
    Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    LiveUpdate 3.1 (Symantec Corporation)-->"C:\Programmi\Symantec\LiveUpdate\LSETUP.EXE" /U
    Malwarebytes' Anti-Malware-->"C:\Programmi\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 2.0 - Language Pack (italiano)-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ITA\install.exe
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Dynamics NAV 5.0 CSIDE Client-->MsiExec.exe /I{00000000-0000-5000-7800-0000836BD2D2}
    Microsoft Office 2003 - Componenti Web-->MsiExec.exe /I{90A40410-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110410-6000-11D3-8CFE-0150048383C9}
    Microsoft SQL Server 2005-->"C:\Programmi\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server Native Client-->MsiExec.exe /I{E7F4CA4E-0CC1-4FB7-B625-CF3D6C799AAD}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual Studio 2005 Premier Partner Edition - ITA-->MsiExec.exe /I{7E86D124-30EE-4082-B7FB-8E40B4D2333F}
    Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Non Driver CIO Components-->C:\WINDOWS\IsUninst.exe -f"C:\Programmi\HP\Non Driver CIO Components\Uninst.isu"
    O2Micro MemoryCardBus Windows Driver-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083} /l1033
    Parser MSXML 6.0-->MsiExec.exe /I{EDAED426-FE30-482A-8AA7-87AD7642107F}
    Pdf995-->c:\pdf995\setup.exe uninstall
    Quick Launch Buttons 5.00 C2-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x10 -uninst
    QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    Remote Diagnostics Enabling Agent-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{71A470E1-27E7-424E-803A-F9C0D41968D3}\SETUP.EXE" -l0x10
    Remote Services Driver-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\swsetup\cpqrs\DeIsL1.isu -c"C:\WINDOWS\swsetup\cpqrs\uninst32.dll
    SafeNet SoftRemote-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\CoSine Communications\IPSec Dial Client\Setup\Setup.exe" -l0x9
    SAP Front End-->"C:\WINDOWS\SapWksta\setup\sapsetup.exe" /uninstall /noRestart
    Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
    Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
    SoundMAX-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x10 -removeonly
    SQLXML4-->MsiExec.exe /I{B0B34FF7-4288-4310-A742-40D20C6CC67F}
    StarDict (remove only)-->C:\Programmi\StarDict\stardict-uninst.exe
    Strumenti di Microsoft SQL Server 2005-->MsiExec.exe /I{B03FBBA3-CCE4-40CC-A0F1-01F952E7EB3E}
    Symantec AntiVirus-->MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Programmi\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Texas Instruments PCIxx20 drivers.-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F16F258A-6300-4A1C-BC49-7929EFF455E2}
    Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1040
    Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Programmi\InstallShield Installation Information\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}\setup.exe -runfromtemp -l0x0410
    TomTom HOME-->C:\Programmi\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0010 -removeonly -removeonly
    VideoLAN VLC media player 0.8.6d-->C:\Programmi\VideoLAN\VLC\uninstall.exe
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Media Format 11 runtime-->"C:\Programmi\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Programmi\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

    ======Hosts File======

    10.40.10.18 int657srv01
    10.31.0.37 bwgdev01 bwgdev01.itcgr.net
    10.31.0.38 bwgdev02 bwgdev02.itcgr.net
    10.31.0.40 itcgr999bwg01 itcgr999bwg01.itcgr.net
    10.31.0.41 itcgr999bwg02 itcgr999bwg02.itcgr.net

    ======Security center information======

    AV: Symantec AntiVirus Corporate Edition (outdated)

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programmi\Microsoft SQL Server\80\Tools\Binn\;C:\Programmi\Microsoft SQL Server\90\Tools\binn\;C:\Programmi\Microsoft SQL Server\90\DTS\Binn\;C:\Programmi\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Programmi\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
    "PROCESSOR_REVISION"=0d08
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "lib"=C:\Programmi\SQLXML 4.0\bin\

    -----------------EOF-----------------

    et le log.txt:

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by U800TORIELLIJ at 2008-11-09 15:14:29
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 36 GB (63%) free of 57 GB
    Total RAM: 503 MB (52% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15.14.47, on 09/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\Programmi\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    C:\Programmi\Equant\Dialer\EACSvrMngr.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Programmi\Symantec AntiVirus\SavRoam.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programmi\Symantec AntiVirus\Rtvscan.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Programmi\HPQ\SHARED\HPQWMI.exe
    C:\Programmi\TomTom HOME\TomTomHOME.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Microsoft ActiveSync\wcescomm.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
    C:\Programmi\Equant\Dialer\EACSys.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    \int657vrt01\Private\u800toriellij\Desktop\RSIT.exe
    C:\HijackThis\U800TORIELLIJ.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://goldreloaded/default.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://goldreloaded/default.aspx
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by INTERBULK TRADING SA
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.itcgr.net:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.itcgr.net;*goldreloaded*;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {FAD9CF06-4086-41C2-A18D-3F41E3FDBF78} - C:\WINDOWS\system32\blackbo.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BEWDeactivateSafenet] C:\Programmi\CoSine Communications\IPSec Dial Client\vpn -deactivate
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: SoftRemote.lnk = C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
    O4 - Global Startup: Update0809191255.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://goldreloaded/default.aspx
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_c...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\Software\..\Telephony: DomainName = int.itcgr.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Programmi\Equant\Dialer\EACSvrMngr.exe
    O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Programmi\Equant\Dialer\EACSys.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 10260 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAD9CF06-4086-41C2-A18D-3F41E3FDBF78}]
    C:\WINDOWS\system32\blackbo.dll [2008-10-04 116992]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"=C:\Programmi\Synaptics\SynTP\SynTPLpr.exe [2004-11-04 98394]
    "SynTPEnh"=C:\Programmi\Synaptics\SynTP\SynTPEnh.exe [2004-11-04 688218]
    "Cpqset"=C:\Programmi\HPQ\Default Settings\cpqset.exe [2004-03-01 200766]
    "PRONoMgr.exe"=c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [2003-12-10 86016]
    "eabconfg.cpl"=C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe [2004-09-17 290816]
    "UpdateManager"=C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
    "SoundMAXPnP"=C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
    "SoundMAX"=C:\Programmi\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
    "IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-12-21 155648]
    "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-12-21 126976]
    "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-08-24 88363]
    "BEWDeactivateSafenet"=C:\Programmi\CoSine Communications\IPSec Dial Client\vpn -deactivate []
    "ccApp"=C:\Programmi\File comuni\Symantec Shared\ccApp.exe [2006-07-19 52896]
    "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168]
    "Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-19 143872]
    "TomTomHOME.exe"=C:\Programmi\TomTom HOME\TomTomHOME.exe [2007-03-14 3770024]
    "QuickTime Task"=C:\Programmi\QuickTime\qttask.exe [2007-11-08 98304]
    "SunJavaUpdateSched"=C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
    "Adobe Reader Speed Launcher"=C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
    "H/PC Connection Agent"=C:\Programmi\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
    "MSMSGS"=C:\Programmi\Messenger\msmsgs.exe [2004-08-19 1667584]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe [2007-06-11 190696]

    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
    BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
    SoftRemote.lnk - C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
    Update0809191255.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-12-21 348160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
    c:\WINDOWS\System32\LgNotify.dll [2003-12-16 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winls28.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintc18.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winls28.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wintc18.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Programmi\Microsoft ActiveSync\rapimgr.exe"="C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"="C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe"="C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe:*:Enabled:IreIke"
    "C:\Programmi\CoSine Communications\IPSec Dial Client\ViewLog.exe"="C:\Programmi\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
    "C:\Programmi\CoSine Communications\IPSec Dial Client\CmonApp.exe"="C:\Programmi\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
    "C:\Programmi\CoSine Communications\IPSec Dial Client\vpn.exe"="C:\Programmi\CoSine Communications\IPSec Dial Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Programmi\Microsoft ActiveSync\rapimgr.exe"="C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"="C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe"="C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe:*:Enabled:IreIke"
    "C:\Programmi\CoSine Communications\IPSec Dial Client\ViewLog.exe"="C:\Programmi\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
    "C:\Programmi\CoSine Communications\IPSec Dial Client\CmonApp.exe"="C:\Programmi\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
    "C:\Programmi\CoSine Communications\IPSec Dial Client\vpn.exe"="C:\Programmi\CoSine Communications\IPSec Dial Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    shell\AutoRun\command - D:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{182b8614-be26-11dc-9518-000fb0bcd291}]
    shell\AutoRun\command - E:\
    shell\explore\command - RECYCLED\INFO.exe
    shell\open\command - RECYCLED\INFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f78e792-ec6f-11dc-9544-0015002fad7c}]
    shell\AutoRun\command - E:\
    shell\explore\command - E:\RECYCLED\INFO.exe
    shell\open\command - E:\RECYCLED\INFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bef395f-7804-11dd-95d5-0015002fad7c}]
    shell\AutoRun\command - D:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bef3961-7804-11dd-95d5-0015002fad7c}]
    shell\AutoRun\command - D:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ac1b6ee-a34e-11dd-9612-0015002fad7c}]
    shell\AutoRun\command - D:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ac1b6ef-a34e-11dd-9612-0015002fad7c}]
    shell\AutoRun\command - D:\AutoRun.exe


    ======List of files/folders created in the last 1 months======

    2008-11-09 15:14:29 ----D---- C:\rsit
    2008-11-09 15:04:58 ----A---- C:\WINDOWS\IE4 Error Log.txt
    2008-11-07 20:29:12 ----D---- C:\Documents and Settings\u800toriellij\Dati applicazioni\Malwarebytes
    2008-11-07 20:28:46 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
    2008-11-07 20:28:45 ----D---- C:\Programmi\Malwarebytes' Anti-Malware
    2008-11-07 19:16:35 ----D---- C:\HijackThis
    2008-11-07 19:15:02 ----A---- C:\HiJackThis.exe
    2008-11-05 19:56:27 ----D---- C:\WINDOWS\pss
    2008-11-05 19:46:16 ----D---- C:\Programmi\Trend Micro
    2008-11-05 19:43:00 ----A---- C:\HJTInstall.exe
    2008-11-05 11:11:56 ----A---- C:\WINDOWS\wininit.ini
    2008-11-05 10:49:42 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-11-05 09:21:08 ----D---- C:\Programmi\Spybot - Search & Destroy
    2008-11-05 09:21:08 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
    2008-10-27 13:09:24 ----A---- C:\WINDOWS\ModemLog_GlobeTrotter 3G+ Modem Interface.txt
    2008-10-26 12:08:31 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
    2008-10-21 13:34:00 ----D---- C:\Programmi\MSECache

    ======List of files/folders modified in the last 1 months======

    2008-11-09 15:08:10 ----D---- C:\Programmi\Belote Bridgée
    2008-11-09 15:08:10 ----A---- C:\WINDOWS\Bbt97.INI
    2008-11-09 15:04:58 ----D---- C:\WINDOWS
    2008-11-09 14:47:25 ----A---- C:\WINDOWS\TAPECALC.INI
    2008-11-09 14:04:29 ----D---- C:\WINDOWS\Temp
    2008-11-09 14:04:18 ----D---- C:\WINDOWS\security
    2008-11-09 12:01:26 ----D---- C:\Programmi\Symantec AntiVirus
    2008-11-08 21:17:27 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-11-08 07:25:44 ----D---- C:\WINDOWS\Prefetch
    2008-11-07 23:40:23 ----RD---- C:\Programmi
    2008-11-07 23:40:23 ----D---- C:\WINDOWS\system32\drivers
    2008-11-07 20:37:42 ----D---- C:\WINDOWS\system32
    2008-11-07 15:40:01 ----SHD---- C:\RECYCLER
    2008-11-07 11:32:19 ----RASH---- C:\boot.ini
    2008-11-07 11:32:19 ----A---- C:\WINDOWS\win.ini
    2008-11-07 11:32:19 ----A---- C:\WINDOWS\system.ini
    2008-11-07 10:39:46 ----D---- C:\Documents and Settings
    2008-11-05 16:19:14 ----SHD---- C:\WINDOWS\CSC
    2008-11-05 10:57:22 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-11-05 07:49:13 ----D---- C:\WINDOWS\system32\Restore
    2008-11-04 11:40:48 ----SHD---- C:\System Volume Information
    2008-11-04 08:30:33 ----D---- C:\Documents and Settings\u800toriellij\Dati applicazioni\U3
    2008-11-04 05:27:58 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-11-03 17:49:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-11-03 15:03:09 ----D---- C:\WINDOWS\system32\CatRoot
    2008-11-03 15:02:13 ----HD---- C:\WINDOWS\inf
    2008-11-02 10:37:43 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
    2008-10-30 07:10:26 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\pdf995
    2008-10-29 11:07:51 ----SD---- C:\Documents and Settings\u800toriellij\Dati applicazioni\Microsoft
    2008-10-24 13:51:45 ----A---- C:\WINDOWS\harrapsf.ini
    2008-10-21 13:34:50 ----SHD---- C:\WINDOWS\Installer
    2008-10-21 13:34:36 ----RSD---- C:\WINDOWS\Fonts
    2008-10-21 13:34:28 ----D---- C:\Programmi\Microsoft Office
    2008-10-21 13:34:25 ----D---- C:\Programmi\File comuni\Microsoft Shared

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 ClntMgmt.sys;ClntMgmt.sys; C:\WINDOWS\System32\Drivers\ClntMgmt.sys [2002-03-22 54254]
    R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\System32\drivers\EABFiltr.sys []
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 EQDRV5;EQUANT NDIS 5 Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\eqdrv5.sys [2007-10-30 16000]
    R1 intelppm;Driver processore Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40192]
    R1 IPSECDRV;SafeNet IPSec Plugin; \??\C:\WINDOWS\System32\Drivers\IPSECDRV.sys []
    R1 SAVRT;SAVRT; \??\C:\Programmi\Symantec AntiVirus\savrt.sys []
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Programmi\Symantec AntiVirus\Savrtpel.sys []
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
    R1 WmiAcpi;Strumentazione gestione Microsoft Windows per ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
    R2 cpqdfw;Diagnostics Driver; \??\C:\WINDOWS\System32\drivers\cpqdfw.sys []
    R2 cq_mem;Diagnostics Memory Driver; \??\C:\WINDOWS\System32\drivers\cq_mem.sys []
    R2 cqcpu;Diagnostics CPU Driver; \??\C:\WINDOWS\System32\drivers\cqcpu.sys []
    R2 Crypto;Crypto; C:\WINDOWS\system32\drivers\Crypto.sys [2004-11-10 521786]
    R2 irda;Protocollo IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
    R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2007-10-30 14037]
    R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2003-09-15 11258]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-11-08 127744]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-08-24 1268204]
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-11-16 190592]
    R3 CmBatt;Driver scheda AC Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
    R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\System32\DRIVERS\dne2000.sys [2003-09-05 139604]
    R3 DniVap;SafeNet WAN Miniport (VA); C:\WINDOWS\System32\DRIVERS\vap.sys [2001-12-14 36188]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 GTIPCI21;GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [2005-05-31 87936]
    R3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-12-21 776349]
    R3 mouhid;Driver di mouse HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-30 12160]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20080409.009\naveng.sys []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20080409.009\navex15.sys []
    R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-08-03 67584]
    R3 SMCIRDA;Driver periferica Miniport SMC IrCC; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-30 36937]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-13 259840]
    R3 SymEvent;SymEvent; \??\C:\Programmi\Symantec\SYMEVENT.SYS []
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-11-04 186016]
    R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-23 162176]
    R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;Driver hub USB standard Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    R3 w29n51;Driver di Intel(R) PRO/Wireless 2200BG Network Connection Driver per Windows XP; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2008-01-07 2216064]
    S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
    S1 kbdhid;Driver di tastiera HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
    S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-06-02 53816]
    S3 dot4;Driver MS IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2004-08-03 207360]
    S3 Dot4Print;Driver classe Print per IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
    S3 dot4usb;Filtro Dot4USB Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-30 23936]
    S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
    S3 GTF32BUS;GT F32 BUS; C:\WINDOWS\System32\DRIVERS\gtf32bus.sys [2007-10-30 32640]
    S3 GTPTSER;GT PT SER; C:\WINDOWS\System32\DRIVERS\gtptser.sys [2007-10-30 8064]
    S3 GTSCSER;GT SC SER; C:\WINDOWS\System32\DRIVERS\gtscser.sys [2007-10-30 19328]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
    S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
    S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
    S3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbstor;Driver archiviazione di massa USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 w22n51;Driver per Intel(R) PRO/Wireless 2200 Adapter; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-22 1657344]
    S3 W8335XP;Marvell Libertas 802.11b/g Driver for Windows XP (8335); C:\WINDOWS\System32\DRIVERS\Mrvw125.sys [2007-10-30 282752]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 sr;Driver filtro Ripristino configurazione di sistema; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-19 73472]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 btwdins;Bluetooth Service; C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe [2004-06-03 163840]
    R2 ccEvtMgr;Symantec Event Manager; C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
    R2 ccSetMgr;Symantec Settings Manager; C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
    R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Programmi\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
    R2 DfwWebAgent;Remote Diagnostics Enabling Agent; C:\WINDOWS\Cpqdiag\Cpqdfwag.exe [2003-03-13 212992]
    R2 EACSvrMngr;(Equant Access Companion) Services Manager; C:\Programmi\Equant\Dialer\EACSvrMngr.exe [2007-02-08 151552]
    R2 IPSECMON;SafeNet Monitor Service; C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe [2005-02-24 65590]
    R2 IreIKE;SafeNet IKE Service; C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe [2005-02-24 360498]
    R2 Irmon;Monitor infrarossi; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
    R2 MDM;Machine Debug Manager; C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2003-12-16 122880]
    R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2003-12-16 311363]
    R2 SavRoam;SAVRoam; C:\Programmi\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
    R2 SPBBCSvc;Symantec SPBBCSvc; C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
    R2 Symantec AntiVirus;Symantec AntiVirus; C:\Programmi\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
    R3 EACSys;(Equant Access Companion) Devices and Services Monitoring; C:\Programmi\Equant\Dialer\EACSys.exe [2007-02-08 229376]
    R3 hpqwmi;HP WMI Interface; C:\Programmi\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
    S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 SNDSrvc;Symantec Network Drivers Service; C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
    S3 WMPNetworkSvc;Servizio di condivisione in rete Windows Media Player; C:\Programmi\Windows Media Player\WMPNetwk.exe [2006-11-02 918528]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Programmi\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-12-09 2799808]

    -----------------EOF-----------------
    a b 8 Sécurité
    9 Novembre 2008 18:15:34

    Re,

    Tu as touché au fichiers Hosts ?

    Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :files
    C:\WINDOWS\system32\blackbo.dll

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAD9CF06-4086-41C2-A18D-3F41E3FDBF78}]


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    9 Novembre 2008 19:23:31

    Je ne sais pas ce que sont les fichiers Hosts, mais le fichier:

    C:\WINDOWS\system32\blackbo.dll

    a été supprimé par malwarebytes' en temps que Trojan (cf log de malwarebytes.

    Si je le remets,ca va me recoller un virus non ? (désolé pour mon ignorance, mais je ne comprends pas grand chose à tout ce que je fais !) :-)
    En tout cas, j'ai tenté à maintes reprises (sans succès jusqu'à l'utilisation de malwarebyte) de supprimer une clé du regedit (sur instruction du service informatique de ma boite).
    a b 8 Sécurité
    9 Novembre 2008 19:27:29

    Fais ce que j'ai dit. Le fichier est apparemment là (voir log Hijackthis de RSTI)
    10 Novembre 2008 06:11:47

    Voici le log the OTMoveit:

    ========== FILES ==========
    C:\WINDOWS\system32\blackbo.dll unregistered successfully.
    File move failed. C:\WINDOWS\system32\blackbo.dll scheduled to be moved on reboot.
    ========== REGISTRY ==========
    Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAD9CF06-4086-41C2-A18D-3F41E3FDBF78}\\ .

    OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11102008_060913
    10 Novembre 2008 06:23:39

    Apparement ca n'a pas marché, le fichier blackbo.dll est encore présent sur mon C:\ en suivant le parcours indiqué... Tout comme la clé de registre. Je vais réessayer en mode safeboot.
    10 Novembre 2008 07:43:57

    Pas de succès non plus en safe mode.... Décidemment ce virus est coriace... Peut-on essayer de supprimer la clé manuellement peut-etre ?
    a b 8 Sécurité
    10 Novembre 2008 17:26:40

    Reposte un rapport Hijackthis pour voir.
    10 Novembre 2008 19:27:30

    Malheureusement, il y est encore... Manifestement les 2 sont liés:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19.26.07, on 10/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\Programmi\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    C:\Programmi\Equant\Dialer\EACSvrMngr.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Programmi\Symantec AntiVirus\SavRoam.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programmi\Symantec AntiVirus\Rtvscan.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\1XConfig.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Programmi\HPQ\SHARED\HPQWMI.exe
    C:\Programmi\TomTom HOME\TomTomHOME.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Microsoft ActiveSync\wcescomm.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Update0809191255.exe
    C:\Programmi\StarDict\stardict.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Programmi\Windows Media Player\wmplayer.exe
    C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://goldreloaded/default.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://goldreloaded/default.aspx
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by INTERBULK TRADING SA
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.itcgr.net:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.itcgr.net;*goldreloaded*;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {FAD9CF06-4086-41C2-A18D-3F41E3FDBF78} - C:\WINDOWS\system32\blackbo.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BEWDeactivateSafenet] C:\Programmi\CoSine Communications\IPSec Dial Client\vpn -deactivate
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: SoftRemote.lnk = C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
    O4 - Global Startup: Update0809191255.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://goldreloaded/default.aspx
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_c...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\Software\..\Telephony: DomainName = int.itcgr.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Programmi\Equant\Dialer\EACSvrMngr.exe
    O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Programmi\Equant\Dialer\EACSys.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 10308 bytes
    a b 8 Sécurité
    10 Novembre 2008 20:11:46

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    11 Novembre 2008 05:46:41

    J'ai désinstallé spybot, mais je n'arrive pas à désactiver symantec qui est fourni, comme mon ordi par ma boite... Comment faire avant de lancer combofix ?
    11 Novembre 2008 10:56:26

    Bon c'est bon j'ai réussi, voici le log combo fix + le dernier hijack (message suivant):

    ComboFix 08-11-10.01 - interbulk 2008-11-11 10.36.51.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.99 [GMT 1:00]
    Eseguito da: c:\documents and settings\interbulk\Desktop\ComboFix.exe
    Interruttori di comando utilizzati :: c:\documents and settings\interbulk\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
    * Creato nuovo punto di ripristino
    .

    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\IE4 Error Log.txt

    .
    ((((((((((((((((((((((((( Files Creati Da 2008-10-11 al 2008-11-11 )))))))))))))))))))))))))))))))))))
    .

    2008-11-11 07:23 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
    2008-11-11 07:23 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
    2008-11-11 06:41 . 2008-11-11 06:41 410,976 --a------ c:\windows\system32\deploytk.dll
    2008-11-10 06:09 . 2008-11-10 06:09 <DIR> d-------- C:\_OTMoveIt
    2008-11-10 06:08 . 2008-11-09 19:16 334,848 --a------ C:\OTMoveIt3.exe
    2008-11-10 06:05 . 2008-11-10 06:08 <DIR> d-------- C:\i_OTMoveIt
    2008-11-09 15:14 . 2008-11-09 15:14 <DIR> d-------- C:\rsit
    2008-11-07 20:39 . 2008-11-07 20:39 <DIR> d-------- c:\documents and settings\interbulk\Dati applicazioni\Malwarebytes
    2008-11-07 20:29 . 2008-11-07 20:29 <DIR> d-------- c:\documents and settings\u800toriellij\Dati applicazioni\Malwarebytes
    2008-11-07 20:28 . 2008-11-07 20:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
    2008-11-07 19:16 . 2008-11-11 06:55 <DIR> d-------- C:\HijackThis
    2008-11-07 19:15 . 2008-11-07 19:15 401,720 --a------ C:\HiJackThis.exe
    2008-11-07 15:46 . 2008-11-07 15:51 16,896 --------- c:\windows\system32\dwzxqzmp.muq
    2008-11-07 13:39 . 2008-11-07 13:39 16,896 --------- c:\windows\system32\onvepeoo.gqz
    2008-11-07 10:39 . 2007-10-30 11:21 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
    2008-11-07 10:39 . 2007-10-30 11:21 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
    2008-11-07 10:39 . 2007-10-30 11:21 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
    2008-11-07 10:39 . 2007-10-30 11:29 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
    2008-11-07 10:39 . 2007-10-30 11:21 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
    2008-11-07 10:39 . 2008-11-11 10:40 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
    2008-11-07 10:39 . 2007-10-30 11:21 <DIR> d-------- c:\documents and settings\Administrator\Documenti
    2008-11-07 10:39 . 2007-10-30 11:21 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
    2008-11-07 10:39 . 2008-11-07 10:39 <DIR> d-------- c:\documents and settings\Administrator
    2008-11-05 19:58 . 2008-11-07 13:13 16,896 --------- c:\windows\system32\oiyqwwno.kwc
    2008-11-05 19:46 . 2008-11-05 19:46 <DIR> d-------- c:\programmi\Trend Micro
    2008-11-05 19:43 . 2008-11-05 19:43 812,344 --a------ C:\HJTInstall.exe
    2008-11-05 11:11 . 2008-11-07 19:10 505 --a------ c:\windows\wininit.ini
    2008-11-05 09:21 . 2008-11-08 20:57 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
    2008-11-05 09:21 . 2008-11-08 20:55 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
    2008-11-04 05:28 . 2008-11-04 05:29 101,999,934 --a------ C:\SYM_REGISTRY_BACKUP.reg
    2008-11-03 13:23 . 2008-11-07 18:33 <DIR> dr------- c:\documents and settings\LocalService\Preferiti
    2008-10-21 13:34 . 2008-10-21 13:34 <DIR> d-------- c:\programmi\MSECache
    2008-10-14 09:46 . 2008-11-11 08:31 16,517 --a------ c:\windows\system32\FAX_410.HLP

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-11 09:37 --------- d-----w c:\programmi\Symantec AntiVirus
    2008-11-11 05:41 --------- d-----w c:\programmi\Java
    2008-11-10 12:34 --------- d-----w c:\programmi\Belote Bridgée
    2008-11-04 07:30 --------- d-----w c:\documents and settings\u800toriellij\Dati applicazioni\U3
    2008-10-30 06:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\pdf995
    2008-10-04 14:53 116,992 ----a-w c:\windows\system32\blackbo.dll
    2008-09-23 11:15 --------- d-----w c:\programmi\NOS
    2008-09-23 11:15 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NOS
    2008-09-23 09:13 --------- d-----w c:\programmi\File comuni\Adobe
    2008-09-19 13:26 --------- d-----w c:\documents and settings\u800toriellij\Dati applicazioni\StarDict
    2008-09-18 14:02 7,291,184 ----a-w C:\12.0.4.0_X_Drivers[1].zip
    .

    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAD9CF06-4086-41C2-A18D-3F41E3FDBF78}]
    2008-10-04 15:53 116992 --a------ c:\windows\system32\blackbo.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
    "HP Mobile Printing"="c:\programmi\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [2003-05-23 630784]
    "H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BEWDeactivateSafenet"="c:\programmi\CoSine Communications\IPSec Dial Client\vpn -deactivate" [X]
    "SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
    "PRONoMgr.exe"="c:\programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
    "eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
    "UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-12-21 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-12-21 126976]
    "ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2006-07-19 52896]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
    "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-19 143872]
    "TomTomHOME.exe"="c:\programmi\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
    "QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-11-08 98304]
    "SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-11 136600]
    "Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 c:\windows\AGRSMMSG.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "CPQDFWAG"="c:\windows\Cpqdiag\CpqDfwAg.exe" [2003-03-13 212992]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

    c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
    BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2004-06-02 565309]
    SoftRemote.lnk - c:\programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe [2007-10-30 69684]
    Update0809191255.exe [2008-09-19 24064]

    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    2003-12-16 16:49 110592 c:\windows\system32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Programmi\\CoSine Communications\\IPSec Dial Client\\IreIKE.exe"=
    "c:\programmi\CoSine Communications\IPSec Dial Client\ViewLog.exe"= c:\programmi\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
    "c:\programmi\CoSine Communications\IPSec Dial Client\CmonApp.exe"= c:\programmi\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
    "c:\programmi\CoSine Communications\IPSec Dial Client\vpn.exe"= c:\programmi\CoSine Communications\IPSec Dial Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 gplvgzip;gplvgzip;c:\windows\system32\drivers\fopnhjpe.dat [ ]
    R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\System32\Drivers\IPSECDRV.sys [2005-02-24 129592]
    R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2004-11-10 521786]
    R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\DRIVERS\vap.sys [2001-12-14 36188]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
    S3 GTF32BUS;GT F32 BUS;c:\windows\system32\DRIVERS\gtf32bus.sys [2007-10-30 32640]
    S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-10-30 8064]
    S3 GTSCSER;GT SC SER;c:\windows\system32\DRIVERS\gtscser.sys [2007-10-30 19328]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programmi\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-12-09 2799808]

    *Newly Created Service* - PROCEXP90
    .
    - - - - ORFÃOS REMOVIDOS - - - -

    SafeBoot-Winls28.sys
    SafeBoot-Wintc18.sys


    .
    ------- Supplementare di scansione -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.hp.com/
    R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.hp.com/
    R1 -: HKCU-Internet Settings,ProxyServer = proxy.int.itcgr.net:8080
    O8 -: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 -: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-11 10:40:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe???????????????????|?@???? ???B???????????????B????????

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\gplvgzip]
    "ImagePath"="system32\drivers\fopnhjpe.dat"
    .
    Ora fine scansione: 2008-11-11 10.42.08
    ComboFix-quarantined-files.txt 2008-11-11 09:42:00

    Pre-Run: 37.256.990.720 byte disponibili
    Post-Run: 37,566,025,728 byte disponibili

    WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    167
    11 Novembre 2008 10:57:12

    Le log hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10.47.18, on 11/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\Programmi\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    C:\Programmi\Equant\Dialer\EACSvrMngr.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Programmi\Symantec AntiVirus\SavRoam.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programmi\Symantec AntiVirus\Rtvscan.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Programmi\TomTom HOME\TomTomHOME.exe
    C:\Programmi\HPQ\SHARED\HPQWMI.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Programmi\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
    C:\Programmi\Microsoft ActiveSync\Wcescomm.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Programmi\internet explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.itcgr.net:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FAD9CF06-4086-41C2-A18D-3F41E3FDBF78} - C:\WINDOWS\system32\blackbo.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BEWDeactivateSafenet] C:\Programmi\CoSine Communications\IPSec Dial Client\vpn -deactivate
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [HP Mobile Printing] C:\Programmi\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: SoftRemote.lnk = C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
    O4 - Global Startup: Update0809191255.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://goldreloaded/default.aspx
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_c...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\Software\..\Telephony: DomainName = int.itcgr.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Programmi\Equant\Dialer\EACSvrMngr.exe
    O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Programmi\Equant\Dialer\EACSys.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 10436 bytes
    11 Novembre 2008 12:26:55

    Je voulais juste signaler que le problème est réglé, je me suis fais aidé pour créer une commande combofix de destruction et le problème est réglé. Je tenais à te remercier très sincèrement pour le soutien et les solutions apportées pour ce(s) coriace(s) virus.

    Merci encore, amitiés.

    PS: voici le dernier log hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12.26.23, on 11/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Programmi\TomTom HOME\TomTomHOME.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Programmi\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\Programmi\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
    C:\Programmi\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    C:\Programmi\Microsoft ActiveSync\Wcescomm.exe
    C:\Programmi\Equant\Dialer\EACSvrMngr.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Programmi\Symantec AntiVirus\SavRoam.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
    C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Programmi\Symantec AntiVirus\Rtvscan.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\Programmi\HPQ\SHARED\HPQWMI.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\internet explorer\iexplore.exe
    C:\Programmi\internet explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.itcgr.net:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BEWDeactivateSafenet] C:\Programmi\CoSine Communications\IPSec Dial Client\vpn -deactivate
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [HP Mobile Printing] C:\Programmi\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: SoftRemote.lnk = C:\Programmi\CoSine Communications\IPSec Dial Client\SafeCfg.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_c...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\Software\..\Telephony: DomainName = int.itcgr.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = int.itcgr.net
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Programmi\Equant\Dialer\EACSvrMngr.exe
    O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Programmi\Equant\Dialer\EACSys.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Programmi\CoSine Communications\IPSec Dial Client\IreIKE.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 10294 bytes

    a b 8 Sécurité
    11 Novembre 2008 13:37:17

    L'infection est coriace. J'ai demandé de désactiver les protections, pas de désinstaller :/ 

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Rootkit::
    c:\windows\system32\blackbo.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAD9CF06-4086-41C2-A18D-3F41E3FDBF78}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    12 Novembre 2008 16:37:50

    Bonsoir,

    Comme expliqué dans mon post précédent le problème a été réglé (d'ailleurs par la meme méthode que la tienne) et mon dernier rapport hijack le montre. ;-)

    Merci beaucoup pour l'aide efficace, car il a été particulièrement coriace... Infection multiple et résistante, il fallait des antibiotiques puissants !

    Juste une petite question d'éventuelles informations sur la nature des virus et de leurs conséquences?

    Encore merci!
    a b 8 Sécurité
    12 Novembre 2008 16:44:04

    Citation :
    Juste une petite question d'éventuelles informations sur la nature des virus et de leurs conséquences?

    Bah tout dépend desquels.
    12 Novembre 2008 17:25:47

    Eh bien en l'occurence, ceux qui m'avaient infectés: blackbo.dll et winctrl32.dll (si tant est que ce sont les virus, ou du moins les fichiers de fonctionnement).

    A la lecture des logs (entre le 1er et le dernier) combien y-a-t-il de trojans, virus supprimés ?
    a b 8 Sécurité
    13 Novembre 2008 19:06:16

    C'est MBAM qui a supprimé le gros de l'infection, suffit de voir le rapport :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS