Bonjour,
--------------------------------------------------------------------------------
Fichier analysé - Statut
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0080279.exe
Infecté par: DeepScan:Generic.Sdbot.4C6392E0
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0080279.exe
Echec de la désinfection
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0080279.exe
Supprimé
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084292.exe=>(Instyler o)=>%appfolder%\cumdx.hlp
Infecté par: Backdoor.Ircflood.B
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084292.exe=>(Instyler o)=>%appfolder%\cumdx.hlp
Echec de la désinfection
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084292.exe=>(Instyler o)=>%appfolder%\cumdx.hlp
Supprimé
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084292.exe=>(Instyler o)
Echec de la mise à jour
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084292.exe=>(Instyler o)=>%appfolder%\Pingo.exe
Infecté par: Trojan.Kirsun.A
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084292.exe=>(Instyler o)=>%appfolder%\Pingo.exe
Supprimé
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084292.exe=>(Instyler o)
Echec de la mise à jour
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084292.exe=>(Instyler o)=>%appfolder%\ReFixer.dll
Infecté par: Trojan.Flooder.I
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084292.exe=>(Instyler o)=>%appfolder%\ReFixer.dll
Supprimé
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084292.exe=>(Instyler o)
Echec de la mise à jour
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084293.exe
Infecté par: DeepScan:Generic.Sdbot.4C6392E0
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084293.exe
Echec de la désinfection
C:\System Volume Information\_restore{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP406\A0084293.exe
Supprimé
C:\WINDOWS\cumdx.hlp
Infecté par: Backdoor.Ircflood.B
C:\WINDOWS\cumdx.hlp
Echec de la désinfection
C:\WINDOWS\cumdx.hlp
Supprimé
C:\WINDOWS\system32\WinKey.exe
Infecté par: DeepScan:Generic.Sdbot.4C6392E0
C:\WINDOWS\system32\WinKey.exe
Echec de la désinfection
C:\WINDOWS\system32\WinKey.exe
Supprimé
--------------------------------------------------------------------------------
j'ai refait un scan avec fsecure qui a trouvé encore une trace du virus mais l'a seulement renommé :
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
--------------------------------------------------------------------------------
Result: 2 malware found
Net-Worm.Win32.Kolabc.acx (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{80C8D554-3F88-4ADD-9635-9BD653C6A6EB}\RP407\A0084344.EXE (Renamed & Submitted)
Tracking Cookie (spyware)
System
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 29570
System: 3121
Not scanned: 6
Actions:
Disinfected: 0
Renamed: 1
Deleted: 0
None: 1
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
--------------------------------------------------------------------------------
et voici le dernier rapport Hijackthis :
--------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:13:01, on 09/05/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Fichiers communs\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Program Files\Microsoft Office\Office\1036\msoffice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Fichiers communs\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Microsoft Winedows startup] WinKey.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [Microsoft Winedows startup] WinKey.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Winedows startup] WinKey.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Winedows startup] WinKey.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
https://www.f-secure.com/en/home/support
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Afficher la suite
