Aller au contenu

MarlN71

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    11

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par MarlN71

  1. MarlN71
    Oui il est bien cocher mais ca ne se connecte pas automatiquement a ce reseau, il faut que j'aille ds propriete de la connexion, ensuite reseau san fil, et que je coche la cache "utiliser windows pour configurer les parametres de mon reseau sans fil" et c'est a ce moment la qu'il me trouve mon reseau auquel je me connecte. Et je dois faire ca tous les jours, je ne comprend pas pourquoi la case ne reste pas cochee pour que la connection se fasse automatiquement. J'espere que je suis claire ds mes explications. Merc d'avoir essayer Arfing
  2. MarlN71
    Qui se trouve ou ?
  3. MarlN71
    Bonjour a tous, Voila j'ai un petit souci avec ma connexion wifi sur mon ordi portable qui est un Dell Inspiron 6000. A chaque fois que je demarre mon ordi, je suis obligee d'aller dans les parametres de ma connexion wifi, c'est a dire checker la boite ou ca dit : Utiliser windows pour trouver un serveur (un truc de ce genre car j'ai une version americaine) pour que ca puisse me trouver mon reseau pour que je puisse me connecter a internet. Et puis defois, la connection va me dire que je suis connectee mais il va m'etre impossible d'aller sur le net. Donc j'essaye de deconnecter et reconnecter et la ca me bugue l'ordi Ca me fait ca tout les jours et je comprend pas car j'avais pas de probleme avant quand je l'ai acheter. Est-ce que quelqu'un peut m'aider a resoudre mon probleme ? Merci
  4. MarlN71
    Ok cool, je vais les supprimer car je pense pas qu'ils me servent a grand chose a par mettre du desordre ds mon disque dur Merci de ta reponse. A bientot Marlene
  5. MarlN71
    Bonjour a tous, Me voila apres quelques mois, J'ai juste une simple question a propos de fichier qui sont dans le fichier de mon disc C. Lorsque j'ouvre mon disque dur, j'ai mes dossiers program file, windows, etc mais j'ai aussi des fichiers LOG.tmp (avec la version text aussi). Je ne sais pas du tout a quoi ca sert, je ne sais pas si je peux les supprimer ou si il faut que je les deplace dans un autres dossier ou si il faut que je les gardent ou ils sont. Merci de votre aide. Bien a vous. Marlene
  6. MarlN71
    Suuuuuuuuuuupeeeeeeeeeer !!! Un grand grand merci a toi ! Je saurais ou me diriger la prochaine fois qu'il m'arrivera un souci Bonne continuation... A bientot... Marlene
  7. MarlN71
    Hello hello, je viens de faire la procedure. Merci encore pour ton aide Styx, mon ordinateur va beaucoup mieux depuis que je suis tes conseils :P ...Voici mon rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16.35.35, on 09-01-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 6305 bytes
  8. MarlN71
    Wow, je viens de faire la procedure et je vois deja une grosse difference : PLUS de POP UP au demarrage d'internet !!! Merci encore... En esperant que ca sera fini... Voici les rapports... Rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12.02.21, on 08-01-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {99F98EB1-5B99-4361-AF75-5D31E01F6639} - C:\Program Files\Windows NT\qusocylatC:\WINDOWS\system32\oc9\qopre83122.exe.dll (file missing) O2 - BHO: (no name) - {c15f43da-f588-41e6-b9a7-401247311c8f} - C:\WINDOWS\system32\uejqqniy.dll (file missing) O2 - BHO: {50fd37af-cba8-664b-f5f4-434d429bd45c} - {c54db924-d434-4f5f-b466-8abcfa73df05} - C:\WINDOWS\system32\kxyrqoth.dll (file missing) O2 - BHO: (no name) - {D08FDDFF-EF46-41F9-BEC3-49106B1D4493} - C:\WINDOWS\system32\vtsqo.dll (file missing) O2 - BHO: (no name) - {FF24F8DD-EDA8-41DF-AD9B-F8158AC2A71A} - C:\WINDOWS\system32\awvvu.dll (file missing) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [18d5c3d1] rundll32.exe "C:\WINDOWS\system32\fpssyecm.dll",b O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: awvvu - C:\WINDOWS\ O20 - Winlogon Notify: pmnljki - pmnljki.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7463 bytes Rapport Vundofix : VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 11.05.09 08-01-2008 Listing files found while scanning.... C:\WINDOWS\system32\aapdbjmi.ini C:\WINDOWS\system32\bplcwlus.exe C:\WINDOWS\system32\cqcxbukd.dll C:\WINDOWS\system32\dcvpgrdy.dll C:\WINDOWS\system32\elcfasvj.dll C:\WINDOWS\system32\fbydaglc.exe C:\WINDOWS\system32\fdwdqnhs.dll C:\WINDOWS\system32\ffminftt.dll C:\WINDOWS\system32\fpssyecm.dll C:\WINDOWS\system32\fwhcfurq.dll C:\WINDOWS\system32\ghqnjbga.dll C:\WINDOWS\system32\glqntdxw.dll C:\WINDOWS\system32\hwmnojmd.dll C:\WINDOWS\system32\imjbdpaa.dll C:\WINDOWS\system32\ixklmxqv.exe C:\WINDOWS\system32\kiqqwckf.dll C:\WINDOWS\system32\kqdjwksx.dll C:\WINDOWS\system32\kusyyoql.dll C:\WINDOWS\system32\kxyrqoth.dll C:\WINDOWS\system32\lpreryqx.dll C:\WINDOWS\system32\lqsubonu.exe C:\WINDOWS\system32\mceysspf.ini C:\WINDOWS\system32\mgetwspf.dll C:\WINDOWS\system32\mnpedsgr.dll C:\WINDOWS\system32\mrvkaike.dll C:\WINDOWS\system32\mtxvobdj.dll C:\WINDOWS\system32\natgwuel.exe C:\WINDOWS\system32\nibvsnif.dll C:\WINDOWS\system32\npmxokbp.dll C:\WINDOWS\system32\nrddkphj.dll C:\WINDOWS\system32\odktgfuw.dll C:\WINDOWS\system32\otlbrqan.dll C:\WINDOWS\system32\pavrcnfp.dll C:\WINDOWS\system32\pbogcyys.exe C:\WINDOWS\system32\ptffhscb.dll C:\WINDOWS\system32\ptghaudn.dll C:\WINDOWS\system32\qmkuegfb.dll C:\WINDOWS\system32\qywdemov.dll C:\WINDOWS\system32\rgfudryd.dll C:\WINDOWS\system32\saxrepfd.dll C:\WINDOWS\system32\sxbwlygr.exe C:\WINDOWS\system32\tfpsnqjn.exe C:\WINDOWS\system32\uejqqniy.dll C:\WINDOWS\system32\ugsfibim.exe C:\WINDOWS\system32\urehtfpb.exe C:\WINDOWS\system32\veqydjyo.exe C:\WINDOWS\system32\vtsqo.dll C:\WINDOWS\system32\wgoqmcko.exe C:\WINDOWS\system32\wiqwioye.dll C:\WINDOWS\system32\wkukenby.dll C:\WINDOWS\system32\wrugfjfe.exe C:\WINDOWS\system32\xmeaemks.dll C:\WINDOWS\system32\ykjglsxg.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\aapdbjmi.ini C:\WINDOWS\system32\aapdbjmi.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\bplcwlus.exe C:\WINDOWS\system32\bplcwlus.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\cqcxbukd.dll C:\WINDOWS\system32\cqcxbukd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\dcvpgrdy.dll C:\WINDOWS\system32\dcvpgrdy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\elcfasvj.dll C:\WINDOWS\system32\elcfasvj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fbydaglc.exe C:\WINDOWS\system32\fbydaglc.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\fdwdqnhs.dll C:\WINDOWS\system32\fdwdqnhs.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ffminftt.dll C:\WINDOWS\system32\ffminftt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fpssyecm.dll C:\WINDOWS\system32\fpssyecm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fwhcfurq.dll C:\WINDOWS\system32\fwhcfurq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ghqnjbga.dll C:\WINDOWS\system32\ghqnjbga.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\glqntdxw.dll C:\WINDOWS\system32\glqntdxw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\hwmnojmd.dll C:\WINDOWS\system32\hwmnojmd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\imjbdpaa.dll C:\WINDOWS\system32\imjbdpaa.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ixklmxqv.exe C:\WINDOWS\system32\ixklmxqv.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\kiqqwckf.dll C:\WINDOWS\system32\kiqqwckf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kqdjwksx.dll C:\WINDOWS\system32\kqdjwksx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kusyyoql.dll C:\WINDOWS\system32\kusyyoql.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kxyrqoth.dll C:\WINDOWS\system32\kxyrqoth.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\lpreryqx.dll C:\WINDOWS\system32\lpreryqx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\lqsubonu.exe C:\WINDOWS\system32\lqsubonu.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\mceysspf.ini C:\WINDOWS\system32\mceysspf.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\mgetwspf.dll C:\WINDOWS\system32\mgetwspf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mnpedsgr.dll C:\WINDOWS\system32\mnpedsgr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mrvkaike.dll C:\WINDOWS\system32\mrvkaike.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mtxvobdj.dll C:\WINDOWS\system32\mtxvobdj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\natgwuel.exe C:\WINDOWS\system32\natgwuel.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\nibvsnif.dll C:\WINDOWS\system32\nibvsnif.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\npmxokbp.dll C:\WINDOWS\system32\npmxokbp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nrddkphj.dll C:\WINDOWS\system32\nrddkphj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\odktgfuw.dll C:\WINDOWS\system32\odktgfuw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\otlbrqan.dll C:\WINDOWS\system32\otlbrqan.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pavrcnfp.dll C:\WINDOWS\system32\pavrcnfp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pbogcyys.exe C:\WINDOWS\system32\pbogcyys.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ptffhscb.dll C:\WINDOWS\system32\ptffhscb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ptghaudn.dll C:\WINDOWS\system32\ptghaudn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qmkuegfb.dll C:\WINDOWS\system32\qmkuegfb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qywdemov.dll C:\WINDOWS\system32\qywdemov.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rgfudryd.dll C:\WINDOWS\system32\rgfudryd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\saxrepfd.dll C:\WINDOWS\system32\saxrepfd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\sxbwlygr.exe C:\WINDOWS\system32\sxbwlygr.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\tfpsnqjn.exe C:\WINDOWS\system32\tfpsnqjn.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\uejqqniy.dll C:\WINDOWS\system32\uejqqniy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ugsfibim.exe C:\WINDOWS\system32\ugsfibim.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\urehtfpb.exe C:\WINDOWS\system32\urehtfpb.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\veqydjyo.exe C:\WINDOWS\system32\veqydjyo.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqo.dll C:\WINDOWS\system32\vtsqo.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wgoqmcko.exe C:\WINDOWS\system32\wgoqmcko.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\wiqwioye.dll C:\WINDOWS\system32\wiqwioye.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wkukenby.dll C:\WINDOWS\system32\wkukenby.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wrugfjfe.exe C:\WINDOWS\system32\wrugfjfe.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\xmeaemks.dll C:\WINDOWS\system32\xmeaemks.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ykjglsxg.dll C:\WINDOWS\system32\ykjglsxg.dll Has been deleted! Performing Repairs to the registry. Done! Et enfin Rapport Combofix : ComboFix 08-01-07.5 - Marlene 2008-01-08 11.37.57.1 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.365 [GMT -5:00] Running from: C:\Documents and Settings\Marlene\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\Program Files\Common Files\Yazzle1281OinAdmin.exe C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe C:\temp\0b9 C:\temp\0b9\tmpTF.log C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\iee C:\temp\iee\tmpZTF.log C:\temp\tn3 C:\Temp\tpBe12 C:\Temp\tpBe12\etFr.log C:\WINDOWS\cookies.ini C:\WINDOWS\system32\abc2 C:\WINDOWS\system32\abc2\bmbrpl2.exe C:\WINDOWS\system32\adhdxqte.ini C:\WINDOWS\system32\algnwfag.ini C:\WINDOWS\system32\aqiwvsrb.ini C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\cigktjja.ini C:\WINDOWS\system32\deonhsbu.ini C:\WINDOWS\system32\dnmuyrim.ini C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\epjhtsus.ini C:\WINDOWS\system32\ex1 C:\WINDOWS\system32\frdojxcb.ini C:\WINDOWS\system32\ineWc01 C:\WINDOWS\system32\ineWc01\ineWc011065.exe C:\WINDOWS\system32\ipd1 C:\WINDOWS\system32\jdbovxtm.ini C:\WINDOWS\system32\jhpkddrn.ini C:\WINDOWS\system32\lqoyysuk.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mpmvqmmj.ini C:\WINDOWS\system32\naqrblto.ini C:\WINDOWS\system32\nvmmruuq.ini C:\WINDOWS\system32\o02PrEz C:\WINDOWS\system32\oc9 C:\WINDOWS\system32\oqstv.bak1 C:\WINDOWS\system32\oqstv.bak2 C:\WINDOWS\system32\oqstv.ini C:\WINDOWS\system32\oqstv.ini2 C:\WINDOWS\system32\oqstv.tmp C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pfncrvap.ini C:\WINDOWS\system32\piqrdyrd.ini C:\WINDOWS\system32\plofvvfw.ini C:\WINDOWS\system32\qotsnlcu.ini C:\WINDOWS\system32\qsxpodhs.ini C:\WINDOWS\system32\rnaurwek.ini C:\WINDOWS\system32\shel9 C:\WINDOWS\system32\sujwkodr.ini C:\WINDOWS\system32\tmdeviwb.ini C:\WINDOWS\system32\toaqdxdm.ini C:\WINDOWS\system32\unwcbufx.dll C:\WINDOWS\system32\vbuwdsth.ini C:\WINDOWS\system32\win C:\WINDOWS\system32\wjgnckce.ini C:\WINDOWS\system32\wvqgcklt.ini C:\WINDOWS\system32\X1 C:\WINDOWS\system32\X2 C:\WINDOWS\system32\X3 C:\WINDOWS\system32\X4 C:\WINDOWS\system32\X5 C:\WINDOWS\system32\X9 C:\WINDOWS\system32\xkiejtmi.ini C:\WINDOWS\system32\ydmtcchf.ini C:\WINDOWS\system32\yvskbsrc.ini C:\WINDOWS\wbun.exe C:\WINDOWS\wr.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\LEGACY_WINDOWS_OVERLAY_COMPONENTS -------\core -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))) . 2008-01-08 11:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 11:05 . 2008-01-08 11:05 <DIR> d-------- C:\VundoFix Backups 2008-01-08 10:54 . 2008-01-08 10:54 <DIR> d-------- C:\Program Files\CCleaner 2008-01-08 08:31 . 2008-01-08 08:31 0 --a------ C:\[documentary] Ku Klux Klan - A Secret History [divx].avi.MP4.bak 2008-01-08 08:05 . 2008-01-08 08:31 491,034,851 --a------ C:\[documentary] Ku Klux Klan - A Secret History [divx].avi.MP4 2008-01-07 23:04 . 2008-01-07 23:04 <DIR> d-------- C:\Program Files\AviSynth 2.5 2008-01-07 23:04 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll 2008-01-07 23:04 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe 2008-01-07 23:04 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll 2008-01-07 23:04 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll 2008-01-07 23:04 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2008-01-07 23:04 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe 2008-01-07 23:04 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-01-07 23:04 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2008-01-07 23:04 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe 2008-01-07 23:04 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2008-01-07 23:02 . 2008-01-07 23:02 <DIR> d-------- C:\Program Files\eRightSoft 2008-01-07 22:18 . 2008-01-07 22:26 <DIR> d-------- C:\Program Files\MediaCoder 2008-01-07 16:01 . 2008-01-07 16:01 <DIR> d-------- C:\Documents and Settings\Marlene\Application Data\AVS4YOU 2008-01-07 16:01 . 2008-01-07 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-01-07 15:57 . 2008-01-08 09:23 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2008-01-07 15:56 . 2008-01-08 09:23 <DIR> d-------- C:\Program Files\AVS4YOU 2008-01-07 15:56 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2008-01-04 18:02 . 2008-01-04 18:02 129 --a------ C:\Documents 2008-01-04 16:52 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-01-04 16:52 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-01-04 16:51 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-01-04 16:51 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-01-04 16:51 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-01-04 16:51 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-01-04 16:51 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-01-04 16:51 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-01-04 16:51 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-01-04 16:44 . 2008-01-04 16:53 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-01-03 20:31 . 2008-01-04 18:01 <DIR> d-------- C:\Program Files\Navilog1 2008-01-03 11:45 . 2008-01-04 15:53 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-01-03 11:45 . 2008-01-04 15:53 270,336 --a------ C:\WINDOWS\system32\imon.dll 2008-01-03 10:18 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-01-03 10:18 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2008-01-03 10:18 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll 2008-01-03 10:17 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll 2008-01-03 10:17 . 2008-01-03 10:17 1,024 --a------ C:\.rnd 2008-01-03 10:16 . 2008-01-08 00:07 <DIR> d-------- C:\Program Files\LogMeIn 2008-01-02 08:37 . 2008-01-02 08:37 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-25 01:46 . 2007-12-25 01:46 <DIR> d-------- C:\Program Files\iPod 2007-12-25 01:29 . 2007-12-25 01:29 <DIR> d-------- C:\Program Files\Apple Software Update 2007-12-25 01:28 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2007-12-25 01:26 . 2007-12-25 01:26 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-12-25 01:26 . 2007-12-25 01:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-19 15:54 . 2007-12-19 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-18 13:51 . 2007-12-18 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft 2007-12-18 13:45 . 2007-12-18 13:49 <DIR> d-------- C:\Program Files\Dell Support Center 2007-12-18 13:45 . 2007-12-18 13:45 <DIR> d-------- C:\Program Files\Common Files\supportsoft 2007-12-18 13:21 . 2007-12-18 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell 2007-12-17 13:32 . 2007-12-17 13:32 532,911 --a------ C:\Temp\ulSaa1212.exe 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-08 05:05 --------- d-----w C:\Program Files\Trillian 2008-01-04 21:14 --------- d-----w C:\Program Files\IrfanView 2008-01-04 20:39 --------- d-----w C:\Program Files\Common Files\aolshare 2008-01-04 20:39 --------- d-----w C:\Program Files\Common Files\AOL 2008-01-04 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-27 17:39 --------- d-----w C:\Program Files\Google 2007-12-27 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-27 16:17 --------- d-----w C:\Program Files\Yahoo! 2007-12-25 06:47 --------- d-----w C:\Program Files\iTunes 2007-12-25 06:40 --------- d-----w C:\Program Files\QuickTime 2007-12-25 06:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-05 19:15 --------- d-----w C:\Documents and Settings\Marlene\Application Data\Canon 2007-12-05 19:03 --------- d-----w C:\Program Files\Canon 2007-12-05 18:57 --------- d-----w C:\Program Files\ArcSoft 2007-12-04 19:11 --------- d-----w C:\Program Files\DivX 2007-12-04 19:10 --------- d-----w C:\Program Files\Common Files\Corel 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-09 21:32 --------- d-----w C:\Program Files\Common Files\Control Panels 2007-11-09 21:32 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-09 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-11-09 20:19 --------- d-----w C:\Program Files\Bonjour 2007-11-09 20:05 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-06-14 19:55 143 ----a-w C:\Program Files\Common Files\xunek.html 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99F98EB1-5B99-4361-AF75-5D31E01F6639}] C:\Program Files\Windows NT\qusocylatC:\WINDOWS\system32\oc9\qopre83122.exe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c15f43da-f588-41e6-b9a7-401247311c8f}] C:\WINDOWS\system32\uejqqniy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c54db924-d434-4f5f-b466-8abcfa73df05}] C:\WINDOWS\system32\kxyrqoth.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D08FDDFF-EF46-41F9-BEC3-49106B1D4493}] C:\WINDOWS\system32\vtsqo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF24F8DD-EDA8-41DF-AD9B-F8158AC2A71A}] C:\WINDOWS\system32\awvvu.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 07:13 176128] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12 94208] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 18:24 684032] "Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-04 15:53 917504] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-31 10:38 180269] "18d5c3d1"="C:\WINDOWS\system32\fpssyecm.dll" [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-01 09:49:50] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-03-21 12:44:35] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvu] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljki] pmnljki.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09] S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09] S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-08-03 15:04] . Contents of the 'Scheduled Tasks' folder "2008-01-08 15:37:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-08 11:49:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-08 11:53:09 ComboFix-quarantined-files.txt 2008-01-08 16:53:03 . 2008-01-08 05:07:16 --- E O F ---
  9. MarlN71
    Voici le rapport : Rapport GenProc 0.73 [1] effectué le 04-01-2008 à 18.02.18,92 - SystemRoot = C:\WINDOWS # Etape 1/ Télécharge : - CCleaner http://www.ccleaner.com/download/builds/downloading-slim Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme. - VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau - combofix.exe (par sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau ***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici http://www.pcloisirs.eu/mode_sans_echec.htm (choisis ta session courante "Marlene") ***** # Etape 2/ * Double-clique VundoFix.exe afin de le lancer Clique sur le bouton Scan for Vundo Lorsque le scan est complété, clique sur le bouton "Remove Vundo" Une invite te demandera si tu veux supprimer les fichiers, clique YES Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo * Double clique combofix.exe. Tape sur la touche Y (Yes) pour démarrer le scan. Lorsque le scan sera complété, un rapport apparaîtra # Etape 3/ Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout. # Etape 4/ Redémarre normalement et poste : - Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/th.../HiJackThis.exe ; - Le contenu du rapport situé dans C:\vundofix.txt ; - Le contenu du rapport situé dans C:\Combofix.txt ; Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
  10. MarlN71
    Voici le rapport Merci de votre aide... Search Navipromo version 3.3.8 commencé le 03-01-2008 à 20.35.51,84 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO Microsoft Windows XP [Version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** *** Recherche dossiers dans "C:\Documents and Settings\Marlene\application data" *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\WINDOWS\system32 * * Recherche dans "C:\Documents and Settings\Marlene\local settings\application data" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans C:\WINDOWS\system32 : * Dans "C:\Documents and Settings\Marlene\local settings\application data" : 3)Recherche Certificats : Certificat Egroup absent ! 4)Recherche fichiers connus : C:\WINDOWS\system32\oqstv.ini2 trouvé ! infection Vundo possible non traitée par cet outil ! C:\WINDOWS\system32\oqstv.bak1 trouvé ! infection Vundo possible non traitée par cet outil ! C:\WINDOWS\system32\uvvwa.bak1 trouvé ! infection Vundo possible non traitée par cet outil ! C:\WINDOWS\system32\oqstv.bak2 trouvé ! infection Vundo possible non traitée par cet outil ! C:\WINDOWS\system32\uvvwa.bak2 trouvé ! infection Vundo possible non traitée par cet outil ! *** Analyse terminée le 03-01-2008 à 20.43.13,31 ***
  11. MarlN71
    Bonjour a tous, Je voudrais l'opinion ainsi qu'une aide pour nettoyer mon pc car apparement dans mon analize d'hijack this, j'aurais pas mal d'infection sur mon ordi qui m'apporte plein de pop-up et un ralentissement de mon ordinateur. Merci de votre aide, je m'y connais rien dans ce domaine et je ne veux pas faire n'importe quoi. Voici l'analise : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19.52.26, on 02-01-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Web Buying\v1.8.6\webbuying.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trillian\trillian.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.6\webbuying.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly Here and Now\Images\armhelper.ocx O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ffnrwodh.exe (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 9485 bytes
×
×
  • Créer...