Virus ukvr.bat

marion -  
Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour, je suis infectée par le virus ukvr.bat
comment m'en debarasser?

5 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Salut,

    et qu'est ce qui te fait dire que tu es infecté?
    Quels sont les symptomes ?
    Il y a que ce fichier qui est détecté ?

    Fais ça pour voir :

    - Télécharge http://www.trendsecure.com/portal/fr/_download/HJTInstall.exe ton bureau.
    - Double-clic sur HijackThis
    - Génère un rapport en suivant ces indications :
    - Exécute le et clique sur Do a scan and save log file.
    - Le rapport s'ouvre sur le Bloc-Note
    - Colle le rapport ici, pour cela :
    - Menu Edition / Selectionner Tout
    - Menu Edition / copier
    - Ici dans un nouveau message : clic droit / coller

    Rise Against rules :D
    0
    1. marion
       
      AVG me dit que je suis infectée
      les symptomes: mon clavier et ma souris ne marchent pas bien (un peu en galere pour écrire ce petit message!!)
      oui il y a que ce fichier de detecté
      j'essaye ta solution tout de suite
      0
    2. marion
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:00:26, on 27/07/2010
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v8.00 (8.00.6001.18928)
      Boot mode: Normal

      Running processes:
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\System32\WLTRAY.EXE
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Dell\MediaDirect\PCMService.exe
      C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam\Quickcam.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
      C:\Program Files\AVG\AVG8\avgtray.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
      C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.bin
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      C:\Program Files\AVG\AVG8\avgui.exe
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\system32\rundll32.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\Windows\system32\SearchFilterHost.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
      O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
      O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
      O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
      O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
      O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
      O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
      O4 - HKCU\..\Run: [fsjhzv] rundll32.exe "C:\Users\Marion\AppData\Roaming\tbzouuun.dll",kytfmb
      O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
      O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
      O4 - Global Startup: QuickSet.lnk = ?
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
      O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O13 - Gopher Prefix:
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
      O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
      O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
      O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
      O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
  2. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Sauvegarde tes documents importants.

    Désactive les logiciels de protection (Antivirus, Antispywares) puis :

    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.

    Eventuellement, installe la console de récupération comme cela est conseillé

    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    Si le rapport ne passe pas, envoie le sur ce site : http://www.cijoint.fr/
    et donne le lien ici :)

    Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

    Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

    0
  3. marion
     
    par contre je crois qu'il est sur mon disque dur externe ou il y a tout mes doc important
    0
    1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
       
      déjà fait ce quie est demandé, on verra plus tard pour ton disque externe, ne l'utilise pas pour le moment.
      0
  4. marion
     
    ComboFix 10-07-26.04 - Marion 27/07/2010 18:40:34.1.2 - x86
    Microsoft® Windows Vista(TM) Professionnel 6.0.6002.2.1252.33.1036.18.2038.880 [GMT 2:00]
    Lancé depuis: c:\users\Marion\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\ContextTool
    c:\program files\ContextTool\ContextHelper.dat
    c:\program files\ContextTool\pcre3.dll
    c:\program files\ContextTool\uninstall.exe
    c:\program files\FBrowsingAdvisor
    c:\program files\FBrowsingAdvisor\IXPCOMEvents.xpt
    c:\program files\FBrowsingAdvisor\Logo.png
    c:\program files\FBrowsingAdvisor\main.db
    c:\program files\FBrowsingAdvisor\unins000.dat
    c:\program files\FBrowsingAdvisor\unins000.exe
    c:\program files\PlayMP3z
    c:\program files\PlayMP3z\uninstall.exe
    c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMP3z
    c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
    c:\users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z
    c:\windows\system32\st325614.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-06-27 au 2010-07-27 ))))))))))))))))))))))))))))))))))))
    .

    2010-07-27 16:53 . 2010-07-27 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-07-27 15:57 . 2010-07-27 15:57 -------- d-----w- c:\program files\Trend Micro
    2010-07-23 15:11 . 2010-07-23 15:11 456200 ----a-w- c:\users\Marion\AppData\Roaming\Real\Update\setup3.12\setup.exe
    2010-06-28 11:34 . 2010-06-28 11:34 -------- d-----w- c:\program files\Microsoft.NET
    2010-06-28 11:29 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-06-28 11:29 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-06-28 11:29 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-06-28 11:29 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-06-28 11:29 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-26 16:31 . 2009-10-26 21:46 -------- d-----w- c:\users\Marion\AppData\Roaming\Winamp
    2010-07-19 14:49 . 2008-11-10 17:57 1 ----a-w- c:\users\Marion\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-07-16 14:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-07-16 11:38 . 2006-11-02 15:47 679042 ----a-w- c:\windows\system32\perfh00C.dat
    2010-07-16 11:38 . 2006-11-02 15:47 126626 ----a-w- c:\windows\system32\perfc00C.dat
    2010-07-16 11:33 . 2007-07-29 17:13 -------- d-----w- c:\program files\Dl_cats
    2010-07-05 12:07 . 2009-12-21 08:28 -------- d-----w- c:\programdata\CanonIJPLM
    2010-06-15 01:25 . 2008-03-24 19:17 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-05-26 17:06 . 2010-06-14 19:24 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-26 14:47 . 2010-06-14 19:24 289792 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-21 12:14 . 2009-10-02 18:39 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-04 05:59 . 2010-06-14 19:23 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 05:55 . 2010-06-14 19:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-05-04 05:55 . 2010-06-14 19:23 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-05-04 04:31 . 2010-06-14 19:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-05-01 14:13 . 2010-06-14 19:23 2037248 ----a-w- c:\windows\system32\win32k.sys
    2010-07-04 17:22 . 2008-09-30 17:20 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2007-07-19 17:12 . 2007-07-19 17:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-27 39408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 102400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-04 30192]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
    "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-04 312200]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
    "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
    "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-04 304008]
    "DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-23 198160]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

    c:\users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-19 50688]
    QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-19 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Marion^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
    path=c:\users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
    backup=c:\windows\pss\OpenOffice.org 2.2.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):f1,2b,6e,e8,5f,5a,ca,01

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 135664]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-04 30192]
    R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-04 335240]
    S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-30 108552]
    S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-09-04 908056]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-04 297752]
    S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-04 537480]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-07-15 233472]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-15 36608]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contenu du dossier 'Tâches planifiées'

    2010-04-12 c:\windows\Tasks\Driver Robot.job
    - c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-16 12:53]

    2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 23:34]

    2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 23:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.duxet.com/
    mStart Page = hxxp://www.duxet.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    FF - ProfilePath - c:\users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\tn5wzga9.default\
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\users\Marion\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\Marion\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    .
    ------- Associations de fichier -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    HKCU-Run-fsjhzv - c:\users\Marion\AppData\Roaming\tbzouuun.dll
    HKLM-Run-YeppStudioAgent - c:\program files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
    HKLM-Run-NPSStartup - (no file)
    AddRemove-ContextTool - c:\program files\ContextTool\uninstall.exe
    AddRemove-FBrowsingAdvisor_is1 - c:\program files\FBrowsingAdvisor\unins000.exe
    AddRemove-Zylom Games Player Plugin - c:\program files\Zylom Games\UninstallPlugin.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-27 18:55
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Heure de fin: 2010-07-27 19:01:58
    ComboFix-quarantined-files.txt 2010-07-27 17:01

    Avant-CF: 13 474 476 032 octets libres
    Après-CF: 14 441 840 640 octets libres

    - - End Of File - - E90DAF977B2ECBB1A5F3C042836D33B2
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Fais un scan AVG.
    Enregistre le rapport.

    Envoie le sur cijoint et donne le lien ici.
    0