Micro infecté par Win 32 : Adware-gen, que faire?
Forum Sécurité - Virus : Micro infecté par Win 32 : Adware-gen, que faire?
bonsoir,
J'ai un logiciel malveillant que avast a détecté mais je n'arrive pas ni à le supprimer ni à le mettre en quarantaine.
Ce virus a infecté mon ordi quand j'ai voulu télécharger win antivirus 2006. J'ai essayé de supprimer le fichier mais il me dit que le disque est protégé en écriture et que je ne peux pas.
que dois-je faire.
merci de votre aide.
Bonjour
1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Ewido
http://www.ewido.net/en/download/
Lance Ewido et clique sur le bouton Update (barre d'outils - au haut).
Sous Manual Update clique Start update. Patiente jusqu'à l'affichage "Update successful".
2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
3 Lance le nettoyage avec CCleaner.
4 Lance Ewido.
Clique sur le bouton Scanner (de la barre d'outils)
Puis sur l'onglets Settings, pour How to Act. Clique sur Recommanded Actions. Sélectionne Quarantine.
Reviens a l'onglet Scan. Clique Complete system Scan
A la fin du scan, choisis l'option " Apply All Actions " en bas.
Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit facile à retrouver.
5 Redémarre normalement et poste le rapport d'Ewido avec un log HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
bonjour,
j'espère que les manips que j'ai effectué seront correctes car je ne suis pas très douée en informatique. Voilà ce que ça donne :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 17:05:06 16/09/2006
+ Scan result:
HKU\S-1-5-21-1785593672-2822468461-590275519-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1785593672-2822468461-590275519-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\Recipes -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\Recipes\RecipesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\Recipes\RecipesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\SearchMatch\searchMatchPages -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\SYLVAIN\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
D:\Documents and Settings\SYLVAIN\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-1785593672-2822468461-590275519-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-1785593672-2822468461-590275519-1006\Software\GlobalCS -> Dialer.Generic : Cleaned with backup (quarantined).
C:\Program Files\Masta\gros-seins.exe -> Dialer.Masta.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dvlmsbft.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\eanrcacy.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\feyuwwan.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fksmxcvl.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fmaorgpa.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fxegkrcy.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gtwyvywa.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hsqnlifl.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iguakuwf.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\innssfwq.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jatbqmmr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jivslwyi.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kvpicwli.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nudvpmdw.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\suiqlqei.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\uokurcto.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wbkthous.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wlwmufvl.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yxlskuuu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@ehg-finaref.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@ehg-franceloisirs.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@ehg-francetelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@ehg-saepio.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@ehg-sonyprosolution.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@ehg-systran.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Cookies\natacha@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
D:\Documents and Settings\NATACHA\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\VundoFix Backups\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 17:11:02, on 16/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\apps\skype\phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\OFFICE One6.5\program\soffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {F516AE5D-38CD-664F-B089-1753E4843895} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00841086-AE86-437E-8D66-F51C6BD36ED4} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe" /silent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "c:\apps\skype\phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE One6.5\program\quickstart.exe
O4 - Global Startup: .protected
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resour [...] ase969.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yaz [...] refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Merci de ce que tu pourra faire pour moi.
Re
Ewido a fait du ménage.
Rien d'infectieux dans HijackThis, mais de l'inutile.
Relance un scan HijackThis et coche les lignes ci-dessous :
R3 - URLSearchHook: (no name) - {F516AE5D-38CD-664F-B089-1753E4843895} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00841086-AE86-437E-8D66-F51C6BD36ED4} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
Avast + AVG + Norton. Tu as trois antivirus, il en faut un seul. Supprime en deux.
* Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.
https://europe.f-secure.com/blacklight/try.shtml
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence; clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
* Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Tu le dézippes sur le Bureau.
Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
bonjour,
J'ai essayé de supprimer AVG et NORTON mais certains fichiers ne peuvent être supprimés (NOROTN était déjà dans mon ordi quand je l'ai acheté).
Voici les 2 rapports :
09/17/06 14:19:09 [Info]: BlackLight Engine 1.0.46 initialized
09/17/06 14:19:09 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/17/06 14:19:09 [Note]: 7019 4
09/17/06 14:19:09 [Note]: 7005 0
09/17/06 14:19:12 [Note]: 7006 0
09/17/06 14:19:12 [Note]: 7011 2096
09/17/06 14:19:13 [Note]: 7026 0
09/17/06 14:19:13 [Note]: 7026 0
09/17/06 14:19:21 [Note]: FSRAW library version 1.7.1019
SmitFraudFix v2.90
Rapport fait à 14:27:48,28, 17/09/2006
Executé à partir de D:\Documents and Settings\SYLVAIN\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» D:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\SYLVAIN\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\SYLVAIN\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Bonjour
Rien avec BlackLight, ni avec Smitfraudfix.
Pour Norton
http://forum.zebulon.fr/index.php? [...] 38&t=57795
Pour AVG, désinstalle le en mode sans échec.
Télécharge Silent Runners
http://www.silentrunners.org/Silent%20Runners.zip
Si tu as une alerte de ton antivirus au cours du téléchargement, ou au cours de son utilisation au sujet de ce script, n'en tiend pas compte.
Une fois téléchargé,tu le dézippes dans un dossier dédié.
Puis tu double cliques sur ce fichier,il va travailler, patiente jusqu'à l'affichage d'un message.
Un rapport est généré dans le meme dossier, colle le ici.
La fin doit ressembler à ceci
| Citation : + This report excludes default entries except where indicated.
|
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
Merci pour NORTON, j'ai réussi à la désactiver. Pour AVG j'avais déjà essayé en mode sans échec. a priori, il n'y est plus mais je n'en suis pas sûre.
Par contre, j'ai relancé un scna avec AVAST et plus de message d'alerte. mais lorsque je quitte la session et que je l'ouvre de nouveaux où que j'en ouvre une atre il m'indique :"AVAST ! message de scan à accès logiciel malveillant C:\Programfiles\CommonFiles\CompanionWizard\WapCHK.all
Voici tout de même mon rapport :
"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"{58AF7485-0BF3-1036-0917-050509290021}" = ""C:\Program Files\Fichiers communs\{58AF7485-0BF3-1036-0917-050509290021}\Update.exe" mc-110-12-0000272" [file not found]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"SmpcSys" = "C:\APPS\SMP\SmpSys.exe" ["Packard Bell BV"]
"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [null data]
"Skype" = ""c:\apps\skype\phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"AzMixerSel" = "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" ["Realtek Semiconductor Corp."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"ATIPTA" = ""C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Ulead AutoDetector v2" = "C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" ["Ulead Systems, Inc."]
"PCMService" = ""c:\Apps\Powercinema\PCMService.exe"" ["CyberLink Corp."]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"" [MS]
"ACTIVBOARD" = "c:\apps\ABoard\ABoard.exe" ["NEC Computers International"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"" ["Patchou"]
"AliceSAV" = "C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" ["TechCity Solutions France"]
"CompanionWizard" = ""C:\Program Files\Common Files\Companion Wizard\compwiz.exe" /silent" ["WinSoftware"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]
"OoPDFSettingsv6.exe" = "C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" ["ISSENDIS"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Apps\RecordNow\shlext.dll" [null data]
"{192A2665-957E-4870-99D1-08F5CD082551}" = "shellpdfmenu"
-> {HKLM...CLSID} = "OFFICE One PDF Manager v6"
\InProcServer32\(Default) = "C:\WINDOWS\system32\OoPdfManagerPopup.dll" [empty string]
"{77E7AAFA-76D1-4798-859D-DB0B9DFFEAA9}" = "OFFICEOneZipv6"
-> {HKLM...CLSID} = "OFFICE One Zip v6"
\InProcServer32\(Default) = "C:\WINDOWS\system32\OoneZipPopup.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Mes photos Logitech"
-> {HKLM...CLSID} = "Mes photos Logitech"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\System\CurrentControlSet\Control\Session Manager\
"BootExecute" = ** WARNING -- empty or invalid data! **
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
shellpdfmenu\(Default) = "{192A2665-957E-4870-99D1-08F5CD082551}"
-> {HKLM...CLSID} = "OFFICE One PDF Manager v6"
\InProcServer32\(Default) = "C:\WINDOWS\system32\OoPdfManagerPopup.dll" [empty string]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Startup items in "SYLVAIN" & "All Users" startup folders:
---------------------------------------------------------
D:\Documents and Settings\SYLVAIN\Menu Démarrer\Programmes\Démarrage
"OFFICE One 6.5" -> shortcut to: "C:\Program Files\OFFICE One6.5\program\quickstart.exe" [null data]
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
INFECTION WARNING! ".protected" [null data]
"OFFICE One Clock v6.5" -> shortcut to: "C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe" ["ISSENDIS"]
"OFFICE One Notes v6.5" -> shortcut to: "C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe" ["ISSENDIS"]
"Picture Package Menu" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe" ["Sony Corporation"]
"Picture Package VCD Maker" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -h" ["Sony Corporation."]
Enabled Scheduled Tasks:
------------------------
"Configurer mon PC" -> launches: "C:\Apps\SMP\PCSETUP.EXE /REM" ["Packard Bell BV"]
"Extension de garantie" -> launches: "C:\APPS\SMP\PBCARNOT.EXE" ["Packard Bell BV"]
"Master CD_DVD Creator" -> launches: "C:\Apps\SMP\MCDCHECK.EXE" ["Packard Bell BV"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll [null data], 01 - 02, 08
%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 09 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings" )
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
CyberLink Background Capture Service (CBCS), CLCapSvc, ""c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"" [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]
CyberLink Task Scheduler (CTS), CLSched, ""c:\APPS\Powercinema\Kernel\TV\CLSched.exe"" [empty string]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
Generic Service for HID Keyboard Input Collections, GenericHidService, "c:\APPS\HIDSERVICE\HIDSERVICE.exe" [null data]
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 28 seconds, including 8 seconds for message boxes)
J'ai supprimé 1 utilisateur et laissé juste l'administrateur pour être moins ennuyée.
J'ai redémarré mon ordi et le message d'alerte ce met tout de même quand je lance un scan avec AVAST.
a t'on avis quel est le meilleur antivirus pour protéger tout l'ordinateur ainqsi qu'internet ?
Re
Supprime ce dossier
C:\Program Files\Common Files\Companion Wizard
Avast est bien, mais il faut aussi un pare feu.
- 1 (et 1 seul) pare-feu bien paramétré, gratuit
par exemple ZoneAlarm
et son tutorial
Pour bien configurer Avast
tutorial
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
Justement je ne peux supprimé ce fichier car il me dit que l'accès est redusé et que le disque est protégé en écriture ou fichier déjà utilisé.
que dois-je faire?
Essaye la suppression en mode sans échec.
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
déjà essayé mais ça ne fonctionne pas non plus
Re
Va sur ce site
http://www.virustotal.com/xhtml/virustotal_en.html
Clique sur Parcourir et cherche ce fichier.
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
Ensuite clique sur Send .
Si tu as le message "STATUS: QUEUED", patiente.
Colle le rapport ici.
Recommence avec
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
Bonsoir,
moi pour ton message "je ne peux supprimé ce fichier car il me dit que l'accès est redusé et que le disque est protégé en écriture ou fichier déjà utilisé.
" j'utilise tout simplement le propriété où je décoche fichier en lecture seule et si il n'en veut pas toujours dans propirété clique sur "sécurité" et met y que toi l'admin puis après ok puis tu décoches lecture seule et tu vérifies en sortant puis à nouveau sur propriété et une fois fait tu pourras simplement le supprimé par fonction DEL
bonjour,
voilà mes 2 rapports :
AntiVir 7.2.0.16 09.19.2006 ADSPY/Companion.A.2
Authentium 4.93.8 09.18.2006 no virus found
Avast 4.7.844.0 09.19.2006 no virus found
AVG 386 09.19.2006 no virus found
BitDefender 7.2 09.19.2006 Adware.Companion.A
CAT-QuickHeal 8.00 09.18.2006 no virus found
ClamAV devel-20060426 09.19.2006 no virus found
eTrust-InoculateIT 23.72.128 09.19.2006 no virus found
eTrust-Vet 30.3.3086 09.19.2006 no virus found
DrWeb 4.33 09.19.2006 no virus found
Ewido 4.0 09.19.2006 no virus found
Fortinet 2.82.0.0 09.19.2006 no virus found
F-Prot 3.16f 09.18.2006 no virus found
F-Prot4 4.2.1.29 09.18.2006 no virus found
Ikarus 0.2.65.0 09.19.2006 no virus found
Kaspersky 4.0.2.24 09.19.2006 no virus found
McAfee 4854 09.18.2006 potentially unwanted program Winfixer
Microsoft 1.1560 09.19.2006 no virus found
NOD32v2 1.1762 09.19.2006 no virus found
Norman 5.80.02 09.19.2006 no virus found
Panda 9.0.0.4 09.18.2006 no virus found
Sophos 4.09.0 09.19.2006 no virus found
Symantec 8.0 09.19.2006 no virus found
TheHacker 6.0.1.072 09.19.2006 no virus found
UNA 1.83 09.18.2006 no virus found
VBA32 3.11.1 09.19.2006 suspected of Embedded.Application.Win32.Adware.WinAntiVirus
VirusBuster 4.3.7:9 09.18.2006 no virus found
Aditional Information
File size: 630784 bytes
MD5: 534af0760b11a1e4f7fc3836fff6cf10
SHA1: e126e9c34566f1836277c436152573b5f27cf541
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and
AntiVir n - no virus found
Authentium n - no virus found
Avast n - no virus found
AVG n - no virus found
BitDefender n - no virus found
CAT-QuickHeal n - no virus found
ClamAV n - no virus found
DrWeb n - no virus found
eTrust-InoculateIT n - no virus found
eTrust-Vet n - no virus found
Ewido n - no virus found
Fortinet n - no virus found
F-Prot n - no virus found
F-Prot4 n - no virus found
Ikarus n - no virus found
Kaspersky n - no virus found
McAfee n - no virus found
Microsoft n - no virus found
NOD32v2 n - no virus found
Norman n - no virus found
Panda n - no virus found
Sophos n - no virus found
Symantec n - no virus found
TheHacker n - no virus found
UNA n - no virus found
VBA32 n - no virus found
VirusBuster n - no virus found
Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability
Bonjour
Télécharge la dernière version de Killbox -> http://www.downloads.subratam.org/KillBox.zip
Place le programme dans le répertoire qui te plaît.
- redémarre l'ordinateur en mode sans échec
- lance Pocket Killbox
--- copie la liste ci-dessous, des fichiers à supprimer (Ctrl-C) et File / Paste from Clipboard
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
* les boutons "Single File" et "All Files" deviennent actifs mais "Single File" est activé par défaut.
Il faut alors impérativement activer (cliquer sur) "All Files", impérativement, sinon seul le premier de la liste sera supprimé.
--- vérifie que tous les fichiers sont enregistrés, par la liste déroulante "Full Path of File to Delete"
--- coche "Unregister .dll Before Deleting".
--- clique sur la croix blanche sur fond rouge (Delete File) :
- "File will be Removed on Reboot, Do you want to reboot now?", réponds OUI si tu es prêt à procéder
Si Pocket KillBox ne fait pas redémarrer le PC, redémarre le toi même.
Ensuite, supprime ces dossiers
C:\Program Files\Common Files\Companion Wizard
C:\!KillBox
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
BONJOUR,
je te remercie beaucoup de ton aide car maintenant tout est ok.
Quand je lance un scan avec avast je n'ai plus aucun virus et j'ai réussi à supprimer les fichiers concernés.
Je recommanderai volontier ce site aux personnes qui ont elles aussi des problèmes.
De rien 
Encore une chose.
Dénonce ton infection pour faire condamner les auteurs.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : http://www.malwarecomplaints.info/viewtopic.php?t=5
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"
Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections conforme au règle du forum (age, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé.
---> http://www.malwarecomplaints.info/viewforum.php?f=10
Plus d'informations ici
Il y a 505 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
