Se connecter / S'enregistrer
Votre question

problem avec trojan-downloader.win32. agent.bq

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Septembre 2008 15:38:46

Après m'être débarrassé du fichier signalé comme infecté par avast. Il me reste ce pop up simulant un message du par feu et destiné à me faire acheter de la désinfection en ligne pour regler le probleme.

Voici deux rapports :

Hi Jack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:59, on 06/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\DELL\E-Center\EULALauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\jobwnefq.exe
C:\Users\MaRmArA BiTcH\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MaRmArA BiTcH\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ProcMsg] C:\Windows\system32\jobwnefq.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\MaRmArA BiTcH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: sysactsrv - {451DEF0E-171A-BE8C-0C4C-0050E5348CC8} - C:\Program Files\kojkhlb\sysactsrv.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6454 bytes







combo fix :

ComboFix 08-09-05.01 - MaRmArA BiTcH 2008-09-06 3:20:50.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1277 [GMT 2:00]
Endroit: C:\Users\MaRmArA BiTcH\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Windows\a.bat
C:\Windows\base64.tmp
C:\Windows\bdn.com
C:\Windows\FVProtect.exe
C:\Windows\iTunesMusic.exe
C:\Windows\mslagent
C:\Windows\mslagent\2_mslagent.dll
C:\Windows\mslagent\mslagent.exe
C:\Windows\mslagent\uninstall.exe
C:\Windows\mssecu.exe
C:\Windows\system32\akttzn.exe
C:\Windows\system32\anticipator.dll
C:\Windows\system32\awtoolb.dll
C:\Windows\system32\bdn.com
C:\Windows\system32\bsva-egihsg52.exe
C:\Windows\system32\dpcproxy.exe
C:\Windows\system32\emesx.dll
C:\Windows\system32\h@tkeysh@@k.dll
C:\Windows\system32\hoproxy.dll
C:\Windows\system32\hxiwlgpm.dat
C:\Windows\system32\hxiwlgpm.exe
C:\Windows\system32\medup012.dll
C:\Windows\system32\medup020.dll
C:\Windows\system32\msgp.exe
C:\Windows\system32\msnbho.dll
C:\Windows\system32\mssecu.exe
C:\Windows\system32\msvchost.exe
C:\Windows\system32\mtr2.exe
C:\Windows\system32\mwin32.exe
C:\Windows\system32\netode.exe
C:\Windows\system32\newsd32.exe
C:\Windows\system32\ps1.exe
C:\Windows\system32\psof1.exe
C:\Windows\system32\psoft1.exe
C:\Windows\system32\regc64.dll
C:\Windows\system32\regm64.dll
C:\Windows\system32\Rundl1.exe
C:\Windows\system32\smp
C:\Windows\system32\smp\msrc.exe
C:\Windows\system32\sncntr.exe
C:\Windows\system32\ssurf022.dll
C:\Windows\system32\ssvchost.com
C:\Windows\system32\ssvchost.exe
C:\Windows\system32\sysreq.exe
C:\Windows\system32\taack.dat
C:\Windows\system32\taack.exe
C:\Windows\system32\temp#01.exe
C:\Windows\system32\thun.dll
C:\Windows\system32\thun32.dll
C:\Windows\system32\VBIEWER.OCX
C:\Windows\system32\vbsys2.dll
C:\Windows\system32\vcatchpi.dll
C:\Windows\system32\winlogonpc.exe
C:\Windows\system32\winsystem.exe
C:\Windows\system32\WINWGPX.EXE
C:\Windows\userconfig9x.dll
C:\Windows\winsystem.exe
C:\Windows\zip1.tmp
C:\Windows\zip2.tmp
C:\Windows\zip3.tmp
C:\Windows\zipped.tmp

.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 00:57 28,095 ----a-w C:\Users\MaRmArA BiTcH\AppData\Roaming\nvModes.dat
2008-09-05 21:51 --------- d-----w C:\ProgramData\TrackMania
2008-09-05 11:18 --------- d-----w C:\Users\MaRmArA BiTcH\AppData\Roaming\GrabIt
2008-09-04 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 15:37 --------- d-----w C:\Program Files\Sega
2008-09-04 13:22 --------- d-----w C:\ProgramData\Codemasters
2008-09-04 13:10 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-09-04 13:10 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-09-04 13:10 --------- d-----w C:\Program Files\OpenAL
2008-09-04 12:28 --------- d-----w C:\Program Files\Codemasters
2008-09-03 21:39 304,528 ----a-w C:\Windows\System32\appdrvrem01.exe
2008-09-03 21:39 2,915,944 ----a-w C:\Windows\system32\drivers\appdrv01.sys
2008-09-03 20:01 --------- d-----w C:\Program Files\Ubisoft
2008-09-03 13:50 --------- d-----w C:\Program Files\GSC World Publishing
2008-09-01 23:46 --------- d-----w C:\Users\MaRmArA BiTcH\AppData\Roaming\skypePM
2008-09-01 23:46 --------- d-----w C:\Users\MaRmArA BiTcH\AppData\Roaming\Skype
2008-09-01 13:22 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-01 13:15 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-01 00:35 106,496 ----a-w C:\Windows\System32\jobwnefq.exe
2008-09-01 00:35 --------- d-----w C:\ProgramData\vmrsdgzc
2008-09-01 00:35 --------- d-----w C:\Program Files\kojkhlb
2008-09-01 00:32 --------- d-----w C:\Program Files\Microsoft Works
2008-09-01 00:31 --------- d-----w C:\Program Files\MSBuild
2008-09-01 00:29 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-01 00:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-31 19:50 --------- d-----w C:\Program Files\CCleaner
2008-08-31 18:28 --------- d-----w C:\Program Files\WordBiz
2008-08-30 20:41 --------- d-----w C:\Users\MaRmArA BiTcH\AppData\Roaming\Media Player Classic
2008-08-30 19:00 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-08-30 18:56 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-30 18:52 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-08-30 18:52 --------- d-----w C:\Users\MaRmArA BiTcH\AppData\Roaming\DAEMON Tools
2008-08-30 18:44 --------- d-----w C:\ProgramData\Skype
2008-08-30 18:44 --------- d-----w C:\Program Files\Skype
2008-08-30 18:44 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-30 18:00 --------- d-----w C:\Program Files\Smart Projects
2008-08-30 17:54 --------- d-----w C:\Program Files\PowerISO
2008-08-30 09:53 --------- d-----w C:\Users\MaRmArA BiTcH\AppData\Roaming\vlc
2008-08-29 23:22 --------- d-----w C:\Program Files\Freeplayer
2008-08-29 23:21 --------- d-----w C:\Program Files\VideoLAN
2008-08-29 23:08 --------- d-----w C:\ProgramData\Lavasoft
2008-08-29 23:06 --------- d-----w C:\Program Files\Lavasoft
2008-08-29 23:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-29 15:33 --------- d-----w C:\Program Files\Alwil Software
2008-08-29 13:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-08-28 22:40 --------- d-----w C:\Program Files\Java
2008-08-28 01:05 --------- d-----w C:\Program Files\Windows Mail
2008-08-27 17:05 --------- d-----w C:\ProgramData\eMule
2008-08-27 17:04 --------- d-----w C:\Program Files\eMule
2008-08-27 16:50 --------- d-----w C:\Program Files\MSN Messenger
2008-08-27 16:33 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-27 16:29 --------- d-----w C:\Program Files\Windows Live
2008-08-27 16:28 --------- d-----w C:\ProgramData\WLInstaller
2008-08-17 15:26 --------- d--h--w C:\Users\MaRmArA BiTcH\AppData\Roaming\GTek
2008-08-17 15:19 --------- d-----w C:\ProgramData\NVIDIA
2008-08-06 21:49 --------- d-----w C:\Program Files\TmNationsForever
2008-08-06 21:24 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-06 21:17 --------- d-----w C:\Program Files\QuickPar
2008-08-06 20:38 --------- d-sh--w C:\ProgramData\Modèles
2008-08-06 20:38 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-08-06 20:38 --------- d-sh--w C:\ProgramData\Favoris
2008-08-06 20:38 --------- d-sh--w C:\ProgramData\Documents
2008-08-06 20:38 --------- d-sh--w C:\ProgramData\Bureau
2008-08-06 20:38 --------- d-sh--w C:\ProgramData\Application Data
2008-08-06 20:38 --------- d-sh--w C:\Program Files\Fichiers communs
2008-08-06 19:43 --------- d-----w C:\Program Files\GrabIt
2008-08-06 19:39 174 --sha-w C:\Program Files\desktop.ini
2008-08-06 19:37 --------- d-----w C:\ProgramData\McAfee
2008-08-06 19:36 --------- d-----w C:\Program Files\Google
2008-08-06 19:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-06 19:35 --------- d-----w C:\Program Files\Windows Calendar
2008-08-06 19:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-08-06 19:30 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-08-06 19:30 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-08-06 19:28 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-08-06 19:28 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-08-06 19:27 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-08-06 19:27 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-08-06 19:27 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-08-06 19:27 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-08-06 19:26 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-08-06 19:26 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-08-06 19:26 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-06 19:26 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-08-06 19:26 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-08-06 19:26 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-08-06 19:26 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-08-06 19:26 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-08-06 19:25 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-08-06 19:25 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-08-06 19:25 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-08-06 19:25 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-08-06 19:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-08-06 19:22 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-08-06 19:20 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-08-06 19:20 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-08-06 19:20 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-08-06 19:20 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-08-06 19:20 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-08-06 19:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"ProcMsg"="C:\Windows\system32\jobwnefq.exe" [2008-09-01 106496]
"Google Update"="C:\Users\MaRmArA BiTcH\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 C:\Windows\sttray.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-10-31 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sysactsrv"= {451DEF0E-171A-BE8C-0C4C-0050E5348CC8} - C:\Program Files\kojkhlb\sysactsrv.dll [2008-09-01 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8F689C48-BF6F-4C75-9E09-42F6DC0305C9}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{E6F5A91F-7E15-4183-9F4C-FA52677390FD}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{C58C54C1-C32F-4BC0-88BD-FB2B9DE587E0}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{D305A829-1C89-4204-AB06-26A6A21A3202}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{B66D1B40-A3CD-48FA-8DFE-59F23B2C6D8C}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{5660CDF2-67D2-4F6C-B5D1-77EA1AB3F79F}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"{D4A4FFD8-9E9E-46D9-9561-58376625805C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{FEF5CDEF-2897-488F-8F7B-87C44F4F9CAB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{79C5D7A4-CA66-41B8-A218-958263E5C33B}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{0485CFB9-794B-4C7F-A045-7ACA49EC20B8}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{963EA694-DA2E-4C5E-875B-DFB864B199E0}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DBD932EA-5426-4114-AA8E-048761098F7A}"= UDP:C:\Program Files\GSC World Publishing\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\xrEngine.exe:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (CLI)
"{33F0AE6A-E3DC-44F1-AB40-5FCED6EEFF3D}"= TCP:C:\Program Files\GSC World Publishing\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\xrEngine.exe:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (CLI)
"{E488B05D-23CC-435F-8160-93E76A5021C6}"= UDP:C:\Program Files\GSC World Publishing\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\dedicated\xrEngine.exe:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (SRV)
"{0037C473-9185-468E-9433-3E80FF17D167}"= TCP:C:\Program Files\GSC World Publishing\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\dedicated\xrEngine.exe:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (SRV)
"{2D7F5B09-6B1A-45C8-8CE5-F8F96163A37A}"= UDP:C:\Program Files\Codemasters\GRID\GRID.exe:GRID
"{68924CD9-4B00-4FD5-A35D-764254332611}"= TCP:C:\Program Files\Codemasters\GRID\GRID.exe:GRID

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 appdrv01;Application Driver (01);C:\Windows\system32\Drivers\appdrv01.sys [2008-09-03 2915944]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\Windows\System32\appdrvrem01.exe svc [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7bfbd34-76c4-11dd-ad67-8f426018483e}]
\shell\AutoRun\command - G:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\MaRmArA BiTcH\AppData\Roaming\Mozilla\Firefox\Profiles\h2vuha48.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 03:24:34
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-06 3:26:15
ComboFix-quarantined-files.txt 2008-09-06 01:26:10

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 5,716,934,656 octets libres

274 --- E O F --- 2008-09-01 13:22:25


D'avance merci de m'aider à me débarrasser de cet saleté de Pop up !

Autres pages sur : problem trojan downloader win32 agent

a b 8 Sécurité
6 Septembre 2008 16:43:55

Un bonjour ?

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    6 Septembre 2008 22:14:35

    J'ai dû rater une étape car je ne trouve pas le Log que MB m'à créé à l'issu du scan complet. Toujours est il qu'il à trouvé 9 infections dans la base registre et les à effacé sans soucis.
    Après redémarrage, le même type de Pop up persistent, et indiquent maintenant comme Nom : Trojan-Clicker.win32.tiny.h

    Voilà du nouveau dans mon affaire, merci déjà pour ta première réponse, et j'espère que tu sauras me démèler de cette situation. Si tu connais l'emplacement de sauvegarde par défaut du Log de MB, fais moi signe je le trouverai peut être.

    D'avance merci encore !
    Contenus similaires
    Pas de réponse à votre question ? Demandez !
    6 Septembre 2008 22:40:16

    autant pour moi j'ai trouvé comme faire, le nom du trojan change à chaque fois maintenant. Voici le log :


    Malwarebytes' Anti-Malware 1.26
    Version de la base de données: 1120
    Windows 6.0.6000

    06/09/2008 21:52:50
    mbam-log-2008-09-06 (21-52-50).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 134683
    Temps écoulé: 1 hour(s), 19 minute(s), 11 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a b 8 Sécurité
    7 Septembre 2008 16:49:45

    Reposte un rapport Hijackthis.
    7 Septembre 2008 19:44:30

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:43:58, on 07/09/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\DELL\E-Center\EULALauncher.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\jobwnefq.exe
    C:\Users\MaRmArA BiTcH\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\eMule\emule.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\TmNationsForever\TmForever.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\MaRmArA BiTcH\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ProcMsg] C:\Windows\system32\jobwnefq.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\MaRmArA BiTcH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: sysactsrv - {451DEF0E-171A-BE8C-0C4C-0050E5348CC8} - C:\Program Files\kojkhlb\sysactsrv.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6574 bytes


    voila, merci
    8 Septembre 2008 01:38:55

    voila ki est fait

    Avira AntiVir Personal
    Report file date: dimanche 7 septembre 2008 20:56

    Scanning for 1602105 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]
    Boot mode: Normally booted
    Username: MaRmArA BiTcH
    Computer name: PC-DE-MARMARABI

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 18:43:18
    ANTIVIR3.VDF : 7.0.6.125 226816 Bytes 07/09/2008 18:43:19
    Engineversion : 8.1.1.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.70 319866 Bytes 07/09/2008 18:43:28
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.1 397683 Bytes 07/09/2008 18:43:27
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.23 196987 Bytes 07/09/2008 18:43:26
    AEHEUR.DLL : 8.1.0.51 1397111 Bytes 07/09/2008 18:43:24
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 07/09/2008 18:43:22
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 07/09/2008 18:43:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 07/09/2008 18:43:20
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 7 septembre 2008 20:56

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    15 processes with 15 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '36' files ).


    Starting the file scan:

    Begin scan in 'C:\' <OS>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <RECOVERY>


    End of the scan: dimanche 7 septembre 2008 21:36
    Used time: 40:03 Minute(s)

    The scan has been done completely.

    16600 Scanning directories
    345778 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    345776 Files not concerned
    2683 Archives were scanned
    2 Warnings
    0 Notes

    a b 8 Sécurité
    8 Septembre 2008 16:56:15

    Repposte un rapport Hijackthis.
    8 Septembre 2008 21:36:33

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:36:09, on 08/09/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\DELL\E-Center\EULALauncher.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\MaRmArA BiTcH\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\MaRmArA BiTcH\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ProcMsg] C:\Windows\system32\jobwnefq.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\MaRmArA BiTcH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: sysactsrv - {451DEF0E-171A-BE8C-0C4C-0050E5348CC8} - C:\Program Files\kojkhlb\sysactsrv.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6389 bytes


    merci,
    a b 8 Sécurité
    8 Septembre 2008 21:39:51

    Encore des soucis ?
    8 Septembre 2008 22:48:06

    merci beaucoup je pense que c'est terminé ces pop.up si cela réapparait je te demanderai de m'aider. Merci encore !
    a b 8 Sécurité
    9 Septembre 2008 12:54:46

    Bonne continuation ;) 
    9 Septembre 2008 14:20:28

    problème résolu.
    Merci encore !
    a b 8 Sécurité
    9 Septembre 2008 14:24:14

    De rien ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS