Vundo et choses bizarres
Fermé
algeriendu71
Messages postés
3
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
4 août 2008
-
4 août 2008 à 16:51
jm31 - 7 sept. 2010 à 15:33
jm31 - 7 sept. 2010 à 15:33
A voir également:
- Vundo et choses bizarres
- Je suis une chose que les garçons utilisent deux fois par jour et les filles une fois toute leur vie - Forum Loisirs / Divertissements
- Mon ordinateur fait des choses tout seul - Forum Pilotes (drivers)
- Comment afficher deux choses différentes sur 2 écrans ? - Guide
- Pc qui écrit tout seul ✓ - Forum Virus
- Devinette ✓ - Forum Loisirs / Divertissements
11 réponses
Salut algérien71!!, 2 ans après ton post je sais pas si t'auras ce mess. Ya que pas ici que j'ai pu te retrouver. Ca fait quelques années qu'on s'est pas vu ni parlé...
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
4 août 2008 à 17:06
4 août 2008 à 17:06
Salut,
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
algeriendu71
Messages postés
3
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
4 août 2008
4 août 2008 à 17:40
4 août 2008 à 17:40
Merci d avoir preté attention a mon message
voila le rapport que j ai
ComboFix 08-08-03.05 - fodil.abed 2008-08-04 17:22:19.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.276 [GMT 2:00]
Endroit: C:\Documents and Settings\fodil.abed\Bureau\ComboFixsolution.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMcfff78b8.txt
C:\WINDOWS\BMcfff78b8.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adkgapgq.ini
C:\WINDOWS\system32\igppbuwd.ini
C:\WINDOWS\system32\iivpispl.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nbgicfbc.ini
C:\WINDOWS\system32\qxtlkggb.ini
C:\WINDOWS\system32\serlqwle.ini
C:\WINDOWS\system32\swjnrdwy.ini
C:\WINDOWS\system32\vwHiQqru.ini
C:\WINDOWS\system32\vwHiQqru.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-04 to 2008-08-04 ))))))))))))))))))))))))))))))))))))
.
2008-08-04 17:27 . 2008-08-04 17:28 22 --a------ C:\WINDOWS\pskt.ini
2008-08-04 17:27 . 2008-08-04 17:27 0 --a------ C:\WINDOWS\BMcfff78b8.xml
2008-08-04 16:33 . 2008-08-04 16:34 <REP> d-------- C:\HIJACKTHIS
2008-08-04 16:31 . 2008-08-04 16:31 318,369 --a------ C:\HiJackThis.zip
2008-08-04 15:59 . 2008-08-04 16:11 <REP> d-------- C:\VundoFix Backups
2008-08-04 03:39 . 2008-08-04 03:39 114,176 --a------ C:\WINDOWS\system32\ncypvgyn.dll
2008-08-04 03:39 . 2008-08-04 03:39 114,176 --a------ C:\WINDOWS\system32\gihrys.dll
2008-08-04 03:38 . 2008-08-04 03:38 91,648 --a------ C:\WINDOWS\system32\vbysndhd.dll
2008-07-31 23:40 . 2008-07-31 23:40 105,472 --a------ C:\WINDOWS\system32\uebjfm.dll
2008-07-31 23:40 . 2008-07-31 23:40 105,472 --a------ C:\WINDOWS\system32\pmymkbtc.dll
2008-07-31 23:34 . 2008-07-31 23:34 91,648 --a------ C:\WINDOWS\system32\vfikuaxb.dll
2008-07-30 23:32 . 2008-07-30 23:32 105,472 --a------ C:\WINDOWS\system32\jsjdpcmi.dll
2008-07-30 23:32 . 2008-07-30 23:32 105,472 --a------ C:\WINDOWS\system32\bgfjyn.dll
2008-07-30 23:24 . 2008-07-30 23:24 91,648 --a------ C:\WINDOWS\system32\bpqspxls.dll
2008-07-29 19:07 . 2008-07-29 20:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-29 18:51 . 2008-07-29 18:51 105,472 --a------ C:\WINDOWS\system32\yzbabc.dll
2008-07-29 18:51 . 2008-07-29 18:51 105,472 --a------ C:\WINDOWS\system32\vcaqbxnn.dll
2008-07-29 18:51 . 2008-07-29 18:51 91,648 --a------ C:\WINDOWS\system32\cejnvrtt.dll
2008-07-28 13:47 . 2008-07-28 13:47 105,472 --a------ C:\WINDOWS\system32\wlodbcco.dll
2008-07-28 13:47 . 2008-07-28 13:47 105,472 --a------ C:\WINDOWS\system32\mtvmxt.dll
2008-07-28 13:47 . 2008-07-28 13:47 91,648 --a------ C:\WINDOWS\system32\xbatgolg.dll
2008-07-27 23:45 . 2008-07-27 23:45 314,880 --a------ C:\WINDOWS\system32\urqQiHwv.dll
2008-07-25 20:50 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-25 20:50 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-25 20:49 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-25 20:49 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-15 13:08 . 2008-07-15 13:08 313,856 --a------ C:\WINDOWS\system32\nsxC.dll
2008-07-11 04:20 . 2008-07-11 04:20 <REP> d-------- C:\Program Files\Lavasoft
2008-07-11 04:20 . 2008-07-11 04:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-11 04:19 . 2008-07-11 04:19 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 06:28 --------- d-----w C:\Program Files\OCS Inventory Agent
2008-08-04 01:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-02 11:04 --------- d-----w C:\Program Files\MSN Games
2008-07-02 11:02 --------- d-----w C:\Program Files\PokerStars
2008-06-26 14:15 --------- d-----w C:\Documents and Settings\fodil.abed\Application Data\GARMIN
2008-06-26 14:14 --------- d-----w C:\Program Files\Garmin
2008-06-23 17:35 --------- d-----w C:\Documents and Settings\fodil.abed\Application Data\NSeries
2008-06-23 17:32 --------- d-----w C:\Documents and Settings\fodil.abed\Application Data\Nokia
2008-06-23 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-23 17:31 --------- d-----w C:\Program Files\Nokia
2008-06-23 17:30 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-06-23 17:29 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-06-23 17:29 --------- d-----w C:\Program Files\DIFX
2008-06-23 17:29 --------- d-----w C:\Documents and Settings\fodil.abed\Application Data\PC Suite
2008-06-17 08:33 --------- d-----w C:\Program Files\Microsoft Office Communicator
2008-06-17 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Applications
2005-12-07 09:03 30,323 ----a-w C:\Documents and Settings\windows XP SP2\Windows XP Pro 2 activation crack.zip
.
((((((((((((((((((((((((((((( snapshot@2008-07-28_ 0.44.18.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 17:07:38 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-07-29 17:07:38 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-07-29 17:07:38 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-07-29 17:07:43 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-07-29 17:07:45 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-07-29 17:07:39 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05c921b6-fa93-543f-6018-13679683935a}]
2008-07-15 13:08 313856 --a------ C:\WINDOWS\system32\nsxC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{637BDED7-4621-4C29-9DC0-2E72E19C2070}]
2008-07-27 23:45 314880 --a------ C:\WINDOWS\system32\urqQiHwv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fda572fe-48ca-4509-a1d6-f78066d550ab}]
2008-08-04 03:39 114176 --a------ C:\WINDOWS\system32\gihrys.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-02-21 00:13 190024]
"COMMUNICATOR"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 10:33 5803368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 22:10 335872]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 17:19 290816]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 08:00 98304]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-25 04:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 10:48 147514]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-02-21 00:13 190024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"VMSnap5"="C:\WINDOWS\VMSnap5.EXE" [2006-06-28 18:39 49152]
"Domino"="C:\WINDOWS\Domino.EXE" [2006-06-28 18:54 49152]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 21:14 57344]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 12:28 45056]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 20:07 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 14:40 20480]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 16:30 3096576]
"BMcfff78b8"="C:\WINDOWS\system32\vbysndhd.dll" [2008-08-04 03:38 91648]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 19:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=gihrys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\[u]0[/u]]
"Script"=\\ce.int.amecspie.com\SysVol\ce.int.amecspie.com\Policies\{530749A5-4AC8-4362-AD5D-10747AA150AD}\User\Scripts\Logon\10.222.22.137.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3645348317-1517958546-2996639927-56137\Scripts\Logoff\[u]0[/u]\[u]0[/u]]
"Script"=OCScpserviceini.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3645348317-1517958546-2996639927-56137\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=DumpsterAlwaysOn.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3645348317-1517958546-2996639927-56137\Scripts\Logon\1\[u]0[/u]]
"Script"=DumpsterAlwaysOn.cmd
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"C:\\WINDOWS\\system32\\lxdicfg.exe"=
"C:\\WINDOWS\\system32\\lxdicoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
R1 ClntMgmt;HP Client Management Driver;C:\WINDOWS\system32\Drivers\ClntMgmt.sys [2003-03-06 10:50]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-04-26 17:38]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;C:\Program Files\OCS Inventory Agent\ocsservice.exe [2007-02-27 21:32]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 02:49]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 16:50]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys [2003-07-17 18:06]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 17:38]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-07-14 20:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{318e6870-0ae2-11dd-9964-000fb3905982}]
\Shell\AutoRun\command - F:\PortableVault.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-cccc4b24 - C:\WINDOWS\system32\lpsipvii.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 -: Trusted Zone: *.amecspie.com
O15 -: Trusted Zone: *.spie.com
O15 -: Trusted Zone: *.amecspie.com
O15 -: Trusted Zone: *.spie.com
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 17:27:48
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?5?8?5??????? ???B???????????????B? ??????
Balayage des fichiers cach‚s ...
C:\WINDOWS\BMcfff78b8.txt 393 bytes
C:\WINDOWS\BMcfff78b8.xml 0 bytes
Scan termin‚ avec succŠs
Les fichiers cach‚s: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\DWRCST.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-04 17:32:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 15:32:08
ComboFix2.txt 2008-07-27 22:45:13
Pre-Run: 13,112,938,496 octets libres
Post-Run: 13,094,412,288 octets libres
233 --- E O F --- 2008-03-11 12:02:34
voila le rapport que j ai
ComboFix 08-08-03.05 - fodil.abed 2008-08-04 17:22:19.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.276 [GMT 2:00]
Endroit: C:\Documents and Settings\fodil.abed\Bureau\ComboFixsolution.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMcfff78b8.txt
C:\WINDOWS\BMcfff78b8.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adkgapgq.ini
C:\WINDOWS\system32\igppbuwd.ini
C:\WINDOWS\system32\iivpispl.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nbgicfbc.ini
C:\WINDOWS\system32\qxtlkggb.ini
C:\WINDOWS\system32\serlqwle.ini
C:\WINDOWS\system32\swjnrdwy.ini
C:\WINDOWS\system32\vwHiQqru.ini
C:\WINDOWS\system32\vwHiQqru.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-04 to 2008-08-04 ))))))))))))))))))))))))))))))))))))
.
2008-08-04 17:27 . 2008-08-04 17:28 22 --a------ C:\WINDOWS\pskt.ini
2008-08-04 17:27 . 2008-08-04 17:27 0 --a------ C:\WINDOWS\BMcfff78b8.xml
2008-08-04 16:33 . 2008-08-04 16:34 <REP> d-------- C:\HIJACKTHIS
2008-08-04 16:31 . 2008-08-04 16:31 318,369 --a------ C:\HiJackThis.zip
2008-08-04 15:59 . 2008-08-04 16:11 <REP> d-------- C:\VundoFix Backups
2008-08-04 03:39 . 2008-08-04 03:39 114,176 --a------ C:\WINDOWS\system32\ncypvgyn.dll
2008-08-04 03:39 . 2008-08-04 03:39 114,176 --a------ C:\WINDOWS\system32\gihrys.dll
2008-08-04 03:38 . 2008-08-04 03:38 91,648 --a------ C:\WINDOWS\system32\vbysndhd.dll
2008-07-31 23:40 . 2008-07-31 23:40 105,472 --a------ C:\WINDOWS\system32\uebjfm.dll
2008-07-31 23:40 . 2008-07-31 23:40 105,472 --a------ C:\WINDOWS\system32\pmymkbtc.dll
2008-07-31 23:34 . 2008-07-31 23:34 91,648 --a------ C:\WINDOWS\system32\vfikuaxb.dll
2008-07-30 23:32 . 2008-07-30 23:32 105,472 --a------ C:\WINDOWS\system32\jsjdpcmi.dll
2008-07-30 23:32 . 2008-07-30 23:32 105,472 --a------ C:\WINDOWS\system32\bgfjyn.dll
2008-07-30 23:24 . 2008-07-30 23:24 91,648 --a------ C:\WINDOWS\system32\bpqspxls.dll
2008-07-29 19:07 . 2008-07-29 20:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-29 18:51 . 2008-07-29 18:51 105,472 --a------ C:\WINDOWS\system32\yzbabc.dll
2008-07-29 18:51 . 2008-07-29 18:51 105,472 --a------ C:\WINDOWS\system32\vcaqbxnn.dll
2008-07-29 18:51 . 2008-07-29 18:51 91,648 --a------ C:\WINDOWS\system32\cejnvrtt.dll
2008-07-28 13:47 . 2008-07-28 13:47 105,472 --a------ C:\WINDOWS\system32\wlodbcco.dll
2008-07-28 13:47 . 2008-07-28 13:47 105,472 --a------ C:\WINDOWS\system32\mtvmxt.dll
2008-07-28 13:47 . 2008-07-28 13:47 91,648 --a------ C:\WINDOWS\system32\xbatgolg.dll
2008-07-27 23:45 . 2008-07-27 23:45 314,880 --a------ C:\WINDOWS\system32\urqQiHwv.dll
2008-07-25 20:50 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-25 20:50 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-25 20:49 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-25 20:49 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-15 13:08 . 2008-07-15 13:08 313,856 --a------ C:\WINDOWS\system32\nsxC.dll
2008-07-11 04:20 . 2008-07-11 04:20 <REP> d-------- C:\Program Files\Lavasoft
2008-07-11 04:20 . 2008-07-11 04:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-11 04:19 . 2008-07-11 04:19 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 06:28 --------- d-----w C:\Program Files\OCS Inventory Agent
2008-08-04 01:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-02 11:04 --------- d-----w C:\Program Files\MSN Games
2008-07-02 11:02 --------- d-----w C:\Program Files\PokerStars
2008-06-26 14:15 --------- d-----w C:\Documents and Settings\fodil.abed\Application Data\GARMIN
2008-06-26 14:14 --------- d-----w C:\Program Files\Garmin
2008-06-23 17:35 --------- d-----w C:\Documents and Settings\fodil.abed\Application Data\NSeries
2008-06-23 17:32 --------- d-----w C:\Documents and Settings\fodil.abed\Application Data\Nokia
2008-06-23 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-23 17:31 --------- d-----w C:\Program Files\Nokia
2008-06-23 17:30 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-06-23 17:29 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-06-23 17:29 --------- d-----w C:\Program Files\DIFX
2008-06-23 17:29 --------- d-----w C:\Documents and Settings\fodil.abed\Application Data\PC Suite
2008-06-17 08:33 --------- d-----w C:\Program Files\Microsoft Office Communicator
2008-06-17 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Applications
2005-12-07 09:03 30,323 ----a-w C:\Documents and Settings\windows XP SP2\Windows XP Pro 2 activation crack.zip
.
((((((((((((((((((((((((((((( snapshot@2008-07-28_ 0.44.18.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 17:07:38 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-07-29 17:07:38 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-07-29 17:07:38 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-07-29 17:07:43 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-07-29 17:07:45 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-07-29 17:07:39 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05c921b6-fa93-543f-6018-13679683935a}]
2008-07-15 13:08 313856 --a------ C:\WINDOWS\system32\nsxC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{637BDED7-4621-4C29-9DC0-2E72E19C2070}]
2008-07-27 23:45 314880 --a------ C:\WINDOWS\system32\urqQiHwv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fda572fe-48ca-4509-a1d6-f78066d550ab}]
2008-08-04 03:39 114176 --a------ C:\WINDOWS\system32\gihrys.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-02-21 00:13 190024]
"COMMUNICATOR"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 10:33 5803368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 22:10 335872]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 17:19 290816]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 08:00 98304]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-25 04:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 10:48 147514]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-02-21 00:13 190024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"VMSnap5"="C:\WINDOWS\VMSnap5.EXE" [2006-06-28 18:39 49152]
"Domino"="C:\WINDOWS\Domino.EXE" [2006-06-28 18:54 49152]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 21:14 57344]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 12:28 45056]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 20:07 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 14:40 20480]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 16:30 3096576]
"BMcfff78b8"="C:\WINDOWS\system32\vbysndhd.dll" [2008-08-04 03:38 91648]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 19:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=gihrys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\[u]0[/u]]
"Script"=\\ce.int.amecspie.com\SysVol\ce.int.amecspie.com\Policies\{530749A5-4AC8-4362-AD5D-10747AA150AD}\User\Scripts\Logon\10.222.22.137.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3645348317-1517958546-2996639927-56137\Scripts\Logoff\[u]0[/u]\[u]0[/u]]
"Script"=OCScpserviceini.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3645348317-1517958546-2996639927-56137\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=DumpsterAlwaysOn.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3645348317-1517958546-2996639927-56137\Scripts\Logon\1\[u]0[/u]]
"Script"=DumpsterAlwaysOn.cmd
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"C:\\WINDOWS\\system32\\lxdicfg.exe"=
"C:\\WINDOWS\\system32\\lxdicoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
R1 ClntMgmt;HP Client Management Driver;C:\WINDOWS\system32\Drivers\ClntMgmt.sys [2003-03-06 10:50]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-04-26 17:38]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;C:\Program Files\OCS Inventory Agent\ocsservice.exe [2007-02-27 21:32]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 02:49]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 16:50]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys [2003-07-17 18:06]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 17:38]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-07-14 20:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{318e6870-0ae2-11dd-9964-000fb3905982}]
\Shell\AutoRun\command - F:\PortableVault.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-cccc4b24 - C:\WINDOWS\system32\lpsipvii.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 -: Trusted Zone: *.amecspie.com
O15 -: Trusted Zone: *.spie.com
O15 -: Trusted Zone: *.amecspie.com
O15 -: Trusted Zone: *.spie.com
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 17:27:48
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?5?8?5??????? ???B???????????????B? ??????
Balayage des fichiers cach‚s ...
C:\WINDOWS\BMcfff78b8.txt 393 bytes
C:\WINDOWS\BMcfff78b8.xml 0 bytes
Scan termin‚ avec succŠs
Les fichiers cach‚s: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\DWRCST.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-04 17:32:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 15:32:08
ComboFix2.txt 2008-07-27 22:45:13
Pre-Run: 13,112,938,496 octets libres
Post-Run: 13,094,412,288 octets libres
233 --- E O F --- 2008-03-11 12:02:34
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
4 août 2008 à 17:44
4 août 2008 à 17:44
C'est un PC venant d'une entreprise ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
algeriendu71
Messages postés
3
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
4 août 2008
4 août 2008 à 17:46
4 août 2008 à 17:46
c est mon pc du boulot je l utilise a titre personnel egalement
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
4 août 2008 à 17:51
4 août 2008 à 17:51
Ok.
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Desole pour le retard mais je me sis fais avoir avec le mode sans echec en passant par msconfig car je n avais pas le mot de passe admin
voila mon rapport malware
Malwarebytes' Anti-Malware 1.24
Database version: 1027
Windows 5.1.2600 Service Pack 2
23:50:35 05/08/2008
mbam-log-8-5-2008 (23-50-35).txt
Scan type: Full Scan (C:\|)
Objects scanned: 86846
Time elapsed: 1 hour(s), 2 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba486aca-705a-4d21-b861-892cd675ac80} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ba486aca-705a-4d21-b861-892cd675ac80} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmcfff78b8 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqihwv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqihwv -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\urqQiHwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vwHiQqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vwHiQqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DD3515DF-79F8-415F-A666-10670545F713}\RP108\A0026136.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DD3515DF-79F8-415F-A666-10670545F713}\RP108\A0026138.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ouwqqtme.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcfff78b8.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcfff78b8.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
voila mon rapport malware
Malwarebytes' Anti-Malware 1.24
Database version: 1027
Windows 5.1.2600 Service Pack 2
23:50:35 05/08/2008
mbam-log-8-5-2008 (23-50-35).txt
Scan type: Full Scan (C:\|)
Objects scanned: 86846
Time elapsed: 1 hour(s), 2 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba486aca-705a-4d21-b861-892cd675ac80} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ba486aca-705a-4d21-b861-892cd675ac80} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmcfff78b8 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqihwv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqihwv -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\urqQiHwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vwHiQqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vwHiQqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DD3515DF-79F8-415F-A666-10670545F713}\RP108\A0026136.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DD3515DF-79F8-415F-A666-10670545F713}\RP108\A0026138.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ouwqqtme.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcfff78b8.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcfff78b8.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
7 août 2008 à 01:20
7 août 2008 à 01:20
---> Mets à jour Internet Explorer :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr
---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp
---> Télécharge OTMoveIt2 à partir du lien ci-dessous :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
---> Enregistre le fichier sur le Bureau.
---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.
---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste Standard List of Files/Folders to be moved.
C:\WINDOWS\pskt.ini
C:\WINDOWS\BMcfff78b8.xml
C:\VundoFix Backups\
C:\WINDOWS\system32\ncypvgyn.dll
C:\WINDOWS\system32\gihrys.dll
C:\WINDOWS\system32\vbysndhd.dll
C:\WINDOWS\system32\uebjfm.dll
C:\WINDOWS\system32\pmymkbtc.dll
C:\WINDOWS\system32\vfikuaxb.dll
C:\WINDOWS\system32\jsjdpcmi.dll
C:\WINDOWS\system32\bgfjyn.dll
C:\WINDOWS\system32\bpqspxls.dll
C:\WINDOWS\system32\yzbabc.dll
C:\WINDOWS\system32\vcaqbxnn.dll
C:\WINDOWS\system32\vcaqbxnn.dll
C:\WINDOWS\system32\wlodbcco.dll
C:\WINDOWS\system32\mtvmxt.dll
C:\WINDOWS\system32\xbatgolg.dll
C:\WINDOWS\system32\urqQiHwv.dll
C:\WINDOWS\system32\nsxC.dll
---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.
Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.
---> Redémarre ton PC et poste un nouveau rapport HijackThis
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr
---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp
---> Télécharge OTMoveIt2 à partir du lien ci-dessous :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
---> Enregistre le fichier sur le Bureau.
---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.
---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste Standard List of Files/Folders to be moved.
C:\WINDOWS\pskt.ini
C:\WINDOWS\BMcfff78b8.xml
C:\VundoFix Backups\
C:\WINDOWS\system32\ncypvgyn.dll
C:\WINDOWS\system32\gihrys.dll
C:\WINDOWS\system32\vbysndhd.dll
C:\WINDOWS\system32\uebjfm.dll
C:\WINDOWS\system32\pmymkbtc.dll
C:\WINDOWS\system32\vfikuaxb.dll
C:\WINDOWS\system32\jsjdpcmi.dll
C:\WINDOWS\system32\bgfjyn.dll
C:\WINDOWS\system32\bpqspxls.dll
C:\WINDOWS\system32\yzbabc.dll
C:\WINDOWS\system32\vcaqbxnn.dll
C:\WINDOWS\system32\vcaqbxnn.dll
C:\WINDOWS\system32\wlodbcco.dll
C:\WINDOWS\system32\mtvmxt.dll
C:\WINDOWS\system32\xbatgolg.dll
C:\WINDOWS\system32\urqQiHwv.dll
C:\WINDOWS\system32\nsxC.dll
---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.
Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.
---> Redémarre ton PC et poste un nouveau rapport HijackThis
Voici le rapport OTmove it
File/Folder C:\WINDOWS\pskt.ini not found.
File/Folder C:\WINDOWS\BMcfff78b8.xml not found.
C:\VundoFix Backups moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ncypvgyn.dll
C:\WINDOWS\system32\ncypvgyn.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ncypvgyn.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\gihrys.dll not found.
File/Folder C:\WINDOWS\system32\vbysndhd.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uebjfm.dll
C:\WINDOWS\system32\uebjfm.dll NOT unregistered.
C:\WINDOWS\system32\uebjfm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmymkbtc.dll
C:\WINDOWS\system32\pmymkbtc.dll NOT unregistered.
C:\WINDOWS\system32\pmymkbtc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vfikuaxb.dll
C:\WINDOWS\system32\vfikuaxb.dll NOT unregistered.
C:\WINDOWS\system32\vfikuaxb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jsjdpcmi.dll
C:\WINDOWS\system32\jsjdpcmi.dll NOT unregistered.
C:\WINDOWS\system32\jsjdpcmi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bgfjyn.dll
C:\WINDOWS\system32\bgfjyn.dll NOT unregistered.
C:\WINDOWS\system32\bgfjyn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bpqspxls.dll
C:\WINDOWS\system32\bpqspxls.dll NOT unregistered.
C:\WINDOWS\system32\bpqspxls.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yzbabc.dll
C:\WINDOWS\system32\yzbabc.dll NOT unregistered.
C:\WINDOWS\system32\yzbabc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vcaqbxnn.dll
C:\WINDOWS\system32\vcaqbxnn.dll NOT unregistered.
C:\WINDOWS\system32\vcaqbxnn.dll moved successfully.
File/Folder C:\WINDOWS\system32\vcaqbxnn.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wlodbcco.dll
C:\WINDOWS\system32\wlodbcco.dll NOT unregistered.
C:\WINDOWS\system32\wlodbcco.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mtvmxt.dll
C:\WINDOWS\system32\mtvmxt.dll NOT unregistered.
C:\WINDOWS\system32\mtvmxt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xbatgolg.dll
C:\WINDOWS\system32\xbatgolg.dll NOT unregistered.
C:\WINDOWS\system32\xbatgolg.dll moved successfully.
File/Folder C:\WINDOWS\system32\urqQiHwv.dll not found.
C:\WINDOWS\system32\nsxC.dll unregistered successfully.
C:\WINDOWS\system32\nsxC.dll moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_055700
Files moved on Reboot...
File C:\WINDOWS\system32\ncypvgyn.dll not found!
File/Folder C:\WINDOWS\pskt.ini not found.
File/Folder C:\WINDOWS\BMcfff78b8.xml not found.
C:\VundoFix Backups moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ncypvgyn.dll
C:\WINDOWS\system32\ncypvgyn.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ncypvgyn.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\gihrys.dll not found.
File/Folder C:\WINDOWS\system32\vbysndhd.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uebjfm.dll
C:\WINDOWS\system32\uebjfm.dll NOT unregistered.
C:\WINDOWS\system32\uebjfm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmymkbtc.dll
C:\WINDOWS\system32\pmymkbtc.dll NOT unregistered.
C:\WINDOWS\system32\pmymkbtc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vfikuaxb.dll
C:\WINDOWS\system32\vfikuaxb.dll NOT unregistered.
C:\WINDOWS\system32\vfikuaxb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jsjdpcmi.dll
C:\WINDOWS\system32\jsjdpcmi.dll NOT unregistered.
C:\WINDOWS\system32\jsjdpcmi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bgfjyn.dll
C:\WINDOWS\system32\bgfjyn.dll NOT unregistered.
C:\WINDOWS\system32\bgfjyn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bpqspxls.dll
C:\WINDOWS\system32\bpqspxls.dll NOT unregistered.
C:\WINDOWS\system32\bpqspxls.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yzbabc.dll
C:\WINDOWS\system32\yzbabc.dll NOT unregistered.
C:\WINDOWS\system32\yzbabc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vcaqbxnn.dll
C:\WINDOWS\system32\vcaqbxnn.dll NOT unregistered.
C:\WINDOWS\system32\vcaqbxnn.dll moved successfully.
File/Folder C:\WINDOWS\system32\vcaqbxnn.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wlodbcco.dll
C:\WINDOWS\system32\wlodbcco.dll NOT unregistered.
C:\WINDOWS\system32\wlodbcco.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mtvmxt.dll
C:\WINDOWS\system32\mtvmxt.dll NOT unregistered.
C:\WINDOWS\system32\mtvmxt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xbatgolg.dll
C:\WINDOWS\system32\xbatgolg.dll NOT unregistered.
C:\WINDOWS\system32\xbatgolg.dll moved successfully.
File/Folder C:\WINDOWS\system32\urqQiHwv.dll not found.
C:\WINDOWS\system32\nsxC.dll unregistered successfully.
C:\WINDOWS\system32\nsxC.dll moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_055700
Files moved on Reboot...
File C:\WINDOWS\system32\ncypvgyn.dll not found!
le rapport hijackthis (merci de prendre le tps de m aider)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:41, on 2008-08-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\VMSnap5.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\zeropop.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\HIJACKTHIS\MONHJK.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\system32\0pop.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VMSnap5] C:\WINDOWS\VMSnap5.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: 0pop.lnk = C:\Program Files\zeropop.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amecspie.com
O15 - Trusted Zone: http://archivemail.spie.com
O15 - Trusted Zone: http://wss.spie.com
O15 - Trusted Zone: *.spie.com
O15 - Trusted Zone: http://*.spie.com
O15 - Trusted Zone: *.amecspie.com (HKLM)
O15 - Trusted Zone: http://archivemail.spie.com (HKLM)
O15 - Trusted Zone: http://wss.spie.com (HKLM)
O15 - Trusted Zone: *.spie.com (HKLM)
O15 - Trusted Zone: http://*.spie.com (HKLM)
O15 - ESC Trusted Zone: http://*.frsv001217
O15 - ESC Trusted Zone: http://*.frsv001217 (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ce.int.amecspie.com
O17 - HKLM\Software\..\Telephony: DomainName = ce.int.amecspie.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C6D0275-5986-454A-9241-D779119C445C}: Domain = ce.int.amecspie.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ce.int.amecspie.com,dyn.ce.int.amecspie.com,spiethermatome.fr
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://ocsinventory.sourceforge.net - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:41, on 2008-08-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\VMSnap5.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\zeropop.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\HIJACKTHIS\MONHJK.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\system32\0pop.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VMSnap5] C:\WINDOWS\VMSnap5.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: 0pop.lnk = C:\Program Files\zeropop.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amecspie.com
O15 - Trusted Zone: http://archivemail.spie.com
O15 - Trusted Zone: http://wss.spie.com
O15 - Trusted Zone: *.spie.com
O15 - Trusted Zone: http://*.spie.com
O15 - Trusted Zone: *.amecspie.com (HKLM)
O15 - Trusted Zone: http://archivemail.spie.com (HKLM)
O15 - Trusted Zone: http://wss.spie.com (HKLM)
O15 - Trusted Zone: *.spie.com (HKLM)
O15 - Trusted Zone: http://*.spie.com (HKLM)
O15 - ESC Trusted Zone: http://*.frsv001217
O15 - ESC Trusted Zone: http://*.frsv001217 (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ce.int.amecspie.com
O17 - HKLM\Software\..\Telephony: DomainName = ce.int.amecspie.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C6D0275-5986-454A-9241-D779119C445C}: Domain = ce.int.amecspie.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ce.int.amecspie.com,dyn.ce.int.amecspie.com,spiethermatome.fr
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://ocsinventory.sourceforge.net - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
7 août 2008 à 15:38
7 août 2008 à 15:38
---> Tu peux désinstaller HijackThis
---> Tu peux supprimer ComboFix, OTMoveIt2 et les dossiers Qoobox et _OTMoveIt qui se trouve dans C:\
---> Mets à jour MBAM et fais un scan rapide
---> Tu peux supprimer ComboFix, OTMoveIt2 et les dossiers Qoobox et _OTMoveIt qui se trouve dans C:\
---> Mets à jour MBAM et fais un scan rapide
