encore infecte par virus adware [RESOLU]
Forum Sécurité - Virus : encore infecte par virus adware [RESOLU]
bonjour
je me retrouve infecte par un virus awdare.rk sur mon PC portable
systeme windows XP
voici le rapport AVG
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:10:01 25/04/2007
+ Résultat de l'analyse:
C:\Documents and Settings\valoche\Local Settings\Temp\SHNT288.exe -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNet -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNet\newdotnet7_48.dll -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNet\uninstall7_48.exe -> Adware.NewDotNet : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP68\A0024335.dll -> Adware.NewDotNet : Ignoré.
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Ignoré.
C:\Documents and Settings\valoche\Local Settings\Temp\~os3.tmp\osmim.dll -> Adware.RK : Ignoré.
C:\Program Files\Alwil Software\Avast4\DATA\moved\rk.bin.2.vir -> Adware.RK : Ignoré.
C:\Program Files\Alwil Software\Avast4\DATA\moved\rk.bin.vir -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP68\A0023784.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP70\A0026266.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP72\A0026650.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP72\A0026679.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP72\A0027751.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP72\A0027776.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP75\A0028123.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP75\A0028146.dll -> Adware.RK : Ignoré.
C:\WINDOWS\system32\rlvknlg.exe -> Adware.RK : Ignoré.
[2964] C:\windows\system32\rlvknlg.exe -> Adware.RK : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@adbrite[2].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@advertising[2].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@adviva[1].txt -> TrackingCookie.Adviva : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@atdmt[1].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@bfast[1].txt -> TrackingCookie.Bfast : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@bluestreak[3].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@search.live[1].txt -> TrackingCookie.Live : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@search.live[2].txt -> TrackingCookie.Live : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@ie.search.msn[1].txt -> TrackingCookie.Msn : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@statcounter[2].txt -> TrackingCookie.Statcounter : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
Fin du rapport
Message édité par le routier35 le 13-05-2007 à 19:23:16
Bonjour,
Pourquoi tu ne supprimes pas les fichiers ?
Répondre à Angeldark
ci dessous le rapport Hisjack
Logfile of HijackThis v1.99.1
Scan saved at 18:37:00, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\TOSTIV~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
PS je fais la manip de suppression et je vois
je refais une analyse AVG pour voir
merci bien
si c'est ok je passe mon sujet en RESOLU
re bonsoir
j'ai eu un loupé
j'ai refait une analyse nickel tout est supprimer
encore desole pour le derangement
bon surf
merci sebastien le routier
Et ?
Répondre à Angeldark
Il y a 2394 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
