no save
Identification
Assistance
Achat
News

Forum | virus/sécurité
probleme avec istbar.fl
antic80, le ven. 21 oct. 2005 à 12:15:11
rapport de bitdefender

BitDefender Online Scanner



Scan report generated at: Fri, Oct 21, 2005 - 11:40:41





Scan path: C:\;C:\Documents and Settings\Admin\Mes documents;







Statistics

Time
00:41:08

Files
125241

Folders
2868

Boot Sectors
7

Archives
968

Packed Files
16561




Results

Identified Viruses
3

Infected Files
4

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
4




Engines Info

Virus Definitions
225139

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot


C:\System Volume Information\_restore{F60412E6-32B4-497C-A82C-F704F921AEFD}\RP69\A0054268.exe
Infected with: Trojan.Dropper.Agent.TV

C:\System Volume Information\_restore{F60412E6-32B4-497C-A82C-F704F921AEFD}\RP69\A0054268.exe
Disinfection failed

C:\System Volume Information\_restore{F60412E6-32B4-497C-A82C-F704F921AEFD}\RP69\A0054268.exe
Deleted

C:\System Volume Information\_restore{F60412E6-32B4-497C-A82C-F704F921AEFD}\RP69\A0054269.exe
Infected with: Trojan.Pakes.DU

C:\System Volume Information\_restore{F60412E6-32B4-497C-A82C-F704F921AEFD}\RP69\A0054269.exe
Disinfection failed

C:\System Volume Information\_restore{F60412E6-32B4-497C-A82C-F704F921AEFD}\RP69\A0054269.exe
Deleted

C:\System Volume Information\_restore{F60412E6-32B4-497C-A82C-F704F921AEFD}\RP69\A0054270.EXE
Infected with: Dropped:Trojan.Qhosts.B

C:\System Volume Information\_restore{F60412E6-32B4-497C-A82C-F704F921AEFD}\RP69\A0054270.EXE
Disinfection failed

C:\System Volume Information\_restore{F60412E6-32B4-497C-A82C-F704F921AEFD}\RP69\A0054270.EXE
Deleted

---------------------------------------------------------
ewido security suite - Rapport de scan
---------------------------------------------------------

+ Créé le: 12:09:43, 21/10/2005
+ Somme de contrôle: ADEAF058

+ Résultats du scan:

C:\WINDOWS\system32\smmss.exe -> Backdoor.Wootbot.z : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@adtech[2].txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@fastclick[2].txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@atdmt[2].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@2o7[2].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@advertising[1].txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@statcounter[1].txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@revenue[1].txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@sel.as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@www.smartadserver[2].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\Admin\Cookies\admin@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder


::Fin du rapport

et enfin hickjack this

Logfile of HijackThis v1.99.1
Scan saved at 12:11:23, on 21/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sports Interactive\Football Manager 2006 Gold Demo\fm.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\Admin\Bureau\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.p2p-load.de/share
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.p2p-load.de/share
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E76E50ED-AF5C-45D9-8E3D-B04AF22396FF}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
PrécédentReal Mona
oct. 05
Real Mona
oct. 05
Suivant
REPONSES
Real Mona
oct. 05
antic80
oct. 05
Real Mona
oct. 05
antic80
oct. 05
Real Mona
oct. 05
antic80
oct. 05
Real Mona
oct. 05
antic80
oct. 05
antic80
oct. 05
Real Mona
oct. 05
Version Web
Mentions légales (c)2009
Réalisé par RedShift
no save