Votre question

encore infecte par virus adware [RESOLU]

Tags :
  • Adware
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Mai 2007 18:34:18

bonjour
je me retrouve infecte par un virus awdare.rk sur mon PC portable
systeme windows XP
voici le rapport AVG
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 23:10:01 25/04/2007

+ Résultat de l'analyse:



C:\Documents and Settings\valoche\Local Settings\Temp\SHNT288.exe -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNet -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNet\newdotnet7_48.dll -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Ignoré.
C:\Program Files\NewDotNet\uninstall7_48.exe -> Adware.NewDotNet : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP68\A0024335.dll -> Adware.NewDotNet : Ignoré.
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Ignoré.
HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Ignoré.
C:\Documents and Settings\valoche\Local Settings\Temp\~os3.tmp\osmim.dll -> Adware.RK : Ignoré.
C:\Program Files\Alwil Software\Avast4\DATA\moved\rk.bin.2.vir -> Adware.RK : Ignoré.
C:\Program Files\Alwil Software\Avast4\DATA\moved\rk.bin.vir -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP68\A0023784.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP70\A0026266.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP72\A0026650.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP72\A0026679.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP72\A0027751.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP72\A0027776.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP75\A0028123.dll -> Adware.RK : Ignoré.
C:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP75\A0028146.dll -> Adware.RK : Ignoré.
C:\WINDOWS\system32\rlvknlg.exe -> Adware.RK : Ignoré.
[2964] C:\windows\system32\rlvknlg.exe -> Adware.RK : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@adbrite[2].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@advertising[2].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@adviva[1].txt -> TrackingCookie.Adviva : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@atdmt[1].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@bfast[1].txt -> TrackingCookie.Bfast : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@bluestreak[3].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@search.live[1].txt -> TrackingCookie.Live : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@search.live[2].txt -> TrackingCookie.Live : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@ie.search.msn[1].txt -> TrackingCookie.Msn : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@statcounter[2].txt -> TrackingCookie.Statcounter : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignoré.
C:\Documents and Settings\TOSTIVINT Sophie\Cookies\tostivint sophie@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\valoche\Cookies\valoche@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.


Fin du rapport

Autres pages sur : infecte virus adware resolu

a b 8 Sécurité
13 Mai 2007 18:36:36

Bonjour,

Pourquoi tu ne supprimes pas les fichiers ?
13 Mai 2007 18:38:29

ci dessous le rapport Hisjack
Logfile of HijackThis v1.99.1
Scan saved at 18:37:00, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\TOSTIV~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

PS je fais la manip de suppression et je vois
Contenus similaires
13 Mai 2007 18:40:52

je refais une analyse AVG pour voir
merci bien
si c'est ok je passe mon sujet en RESOLU
13 Mai 2007 19:22:29

j'ai eu un loupé
j'ai refait une analyse nickel tout est supprimer
encore desole pour le derangement
bon surf
merci sebastien le routier

a b 8 Sécurité
13 Mai 2007 19:22:33

Et ?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS