Processus infecté
Résolu
popeye66
Messages postés
36
Statut
Membre
-
popeye66 Messages postés 36 Statut Membre -
popeye66 Messages postés 36 Statut Membre -
Bonjour tout monde,
voila je sufer sur le net et j ai eu un long transfert et ma securité est infecté voila je vais vous laissez un petit rapport
**** Run Keys ****
RUN: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
RUN: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
RUN: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
RUN: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
RUN: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
RUN: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
**** Browser Helper Objects ****
BHO: [Spybot-S&D IE Protection] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [Spybot-S&D IE Protection] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
**** IE Toolbars ****
**** IE Extensions ****
IEExt: []
**** Hosts File Entries ****
**** IE Settings ****
Default Page: https://www.msn.com/fr-fr/?ocid=iehp
Default Search: https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
**** IE Context Menu (Right click) ****
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D8CFA8F-EF0A-4F24-B02F-9D2A16E87F70}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D8CFA8F-EF0A-4F24-B02F-9D2A16E87F70}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D40CCBE6-3FB2-4B3D-814C-084473D94748}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D40CCBE6-3FB2-4B3D-814C-084473D94748}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E6CFDF9-291E-4AFB-A422-53159EB71544}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E6CFDF9-291E-4AFB-A422-53159EB71544}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1E7395C-53FC-4C1F-936C-DD6800707C57}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1E7395C-53FC-4C1F-936C-DD6800707C57}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{14249CB7-078C-454D-A7A3-713D57D56FB1}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{14249CB7-078C-454D-A7A3-713D57D56FB1}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C8A3DD1-76B2-4C3A-8F8C-93CE7FA3DD46}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C8A3DD1-76B2-4C3A-8F8C-93CE7FA3DD46}] DATAGRAM 5
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
**** Windows Services ****
[Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
[Dot3svc] %SystemRoot%\System32\svchost.exe -k dot3svc
[EapHost] %SystemRoot%\System32\svchost.exe -k eapsvcs
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[FTRTSVC] C:\WINDOWS\System32\FTRTSVC.exe
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[hkmsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] %systemroot%\system32\imapi.exe
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
[LIVESRV] "C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\system32\msdtc.exe
[MSIServer] %systemroot%\system32\msiexec.exe /V
[napagent] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
[NMIndexingService]
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\system32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[scan] %SystemRoot%\System32\svchost.exe -kbdx
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{EEFABC3A-7CCC-4AAB-929A-D90CA98337CD}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\system32\wdfmgr.exe
[upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[usnjsvc] "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
[VSS] %SystemRoot%\System32\vssvc.exe
[VSSERV] "C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WLSetupSvc] "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
[WMConnectCDS] C:\Program Files\Windows Media Connect 2\wmccds.exe
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemRoot%\System32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[XCOMM] "C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs
[AVG Anti-Spyware Guard] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
**** Custom IE Search Items ****
SEARCH: [CustomizeSearch] https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [SearchAssistant] https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
**** Complete IE Options ****
IEOPT: [CompatibilityFlags]
IEOPT: [FullScreen] no
IEOPT: [SearchMigrated]
IEOPT: [Window_Placement] ,
IEOPT: [LastCheckedHi]
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] no
IEOPT: [ControlTooltipCount]
IEOPT: [Use FormSuggest] yes
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [RunOnceHasShown]
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [RunOnceComplete]
IEOPT: [UseClearType] yes
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Use Custom Search URL]
IEOPT: [Start Page] https://www.google.fr/?gws_rd=ssl
IEOPT: [SearchMigrated]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [Use Custom Search URL]
IEOPT: [Default_Page_URL] https://www.msn.com/fr-fr/?ocid=iehp
IEOPT: [Default_Search_URL] https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IEOPT: [Search Page] https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
voila je sufer sur le net et j ai eu un long transfert et ma securité est infecté voila je vais vous laissez un petit rapport
**** Run Keys ****
RUN: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
RUN: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
RUN: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
RUN: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
RUN: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
RUN: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
**** Browser Helper Objects ****
BHO: [Spybot-S&D IE Protection] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [Spybot-S&D IE Protection] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
**** IE Toolbars ****
**** IE Extensions ****
IEExt: []
**** Hosts File Entries ****
**** IE Settings ****
Default Page: https://www.msn.com/fr-fr/?ocid=iehp
Default Search: https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
**** IE Context Menu (Right click) ****
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D8CFA8F-EF0A-4F24-B02F-9D2A16E87F70}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D8CFA8F-EF0A-4F24-B02F-9D2A16E87F70}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D40CCBE6-3FB2-4B3D-814C-084473D94748}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D40CCBE6-3FB2-4B3D-814C-084473D94748}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E6CFDF9-291E-4AFB-A422-53159EB71544}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E6CFDF9-291E-4AFB-A422-53159EB71544}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1E7395C-53FC-4C1F-936C-DD6800707C57}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1E7395C-53FC-4C1F-936C-DD6800707C57}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{14249CB7-078C-454D-A7A3-713D57D56FB1}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{14249CB7-078C-454D-A7A3-713D57D56FB1}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C8A3DD1-76B2-4C3A-8F8C-93CE7FA3DD46}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C8A3DD1-76B2-4C3A-8F8C-93CE7FA3DD46}] DATAGRAM 5
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
**** Windows Services ****
[Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
[Dot3svc] %SystemRoot%\System32\svchost.exe -k dot3svc
[EapHost] %SystemRoot%\System32\svchost.exe -k eapsvcs
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[FTRTSVC] C:\WINDOWS\System32\FTRTSVC.exe
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[hkmsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] %systemroot%\system32\imapi.exe
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
[LIVESRV] "C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\system32\msdtc.exe
[MSIServer] %systemroot%\system32\msiexec.exe /V
[napagent] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
[NMIndexingService]
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\system32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[scan] %SystemRoot%\System32\svchost.exe -kbdx
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{EEFABC3A-7CCC-4AAB-929A-D90CA98337CD}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\system32\wdfmgr.exe
[upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[usnjsvc] "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
[VSS] %SystemRoot%\System32\vssvc.exe
[VSSERV] "C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WLSetupSvc] "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
[WMConnectCDS] C:\Program Files\Windows Media Connect 2\wmccds.exe
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemRoot%\System32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[XCOMM] "C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs
[AVG Anti-Spyware Guard] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
**** Custom IE Search Items ****
SEARCH: [CustomizeSearch] https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [SearchAssistant] https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
**** Complete IE Options ****
IEOPT: [CompatibilityFlags]
IEOPT: [FullScreen] no
IEOPT: [SearchMigrated]
IEOPT: [Window_Placement] ,
IEOPT: [LastCheckedHi]
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] no
IEOPT: [ControlTooltipCount]
IEOPT: [Use FormSuggest] yes
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [RunOnceHasShown]
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [RunOnceComplete]
IEOPT: [UseClearType] yes
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Use Custom Search URL]
IEOPT: [Start Page] https://www.google.fr/?gws_rd=ssl
IEOPT: [SearchMigrated]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [Use Custom Search URL]
IEOPT: [Default_Page_URL] https://www.msn.com/fr-fr/?ocid=iehp
IEOPT: [Default_Search_URL] https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IEOPT: [Search Page] https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
A voir également:
- Processus infecté
- Processus hote windows rundll32 c'est quoi - Forum Virus
- Quest ce que Processus hôte windows(Rundll32) ✓ - Forum Logiciels
- Processus inactif du systeme ✓ - Forum Windows
- Echec de l'initialisation du processus de connexion interactive - Forum Windows
- Processus d'execution client serveur - Forum Windows 10
2 réponses
j ai telechargé sur le site de sophos l anti bagle il ma trouvé des choses mais il n arrive pas me supprimé
RESOLVE Version 1.07
Copyright (c) 2004, Sophos Plc, www.sophos.com
The current user does not have Administrator rights
The system may not be completely disinfected
System disinfection for W32/Bagle
Data Version 1.13
System scan started at 17:48 on 14 July 2008
Checking for W32/Bagle in memory
Could not open process. Process ID: 1640
Could not open process. Process ID: 720
Could not open process. Process ID: 772
Could not open process. Process ID: 2556
Checking for files affected by W32/Bagle
Scanning C:
Error opening file C:\Documents and Settings\Benjamin\Application Data\Bitdefender\Desktop\Profiles\asdict.dat
Error opening file C:\Documents and Settings\Benjamin\Cookies\index.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Historique\History.IE5\index.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Historique\History.IE5\MSHist012008071420080715\index.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Error opening file C:\Documents and Settings\Benjamin\NTUSER.DAT
Error opening file C:\Documents and Settings\Benjamin\ntuser.dat.LOG
Error opening file C:\Documents and Settings\LocalService\Cookies\index.dat
Error opening file C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Error opening file C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Error opening file C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat
Error opening file C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Error opening file C:\Documents and Settings\LocalService\NTUSER.DAT
Error opening file C:\Documents and Settings\LocalService\ntuser.dat.LOG
Error opening file C:\Documents and Settings\NetworkService\Cookies\index.dat
Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Error opening file C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat
Error opening file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Error opening file C:\Documents and Settings\NetworkService\NTUSER.DAT
Error opening file C:\Documents and Settings\NetworkService\ntuser.dat.LOG
Error opening file C:\hiberfil.sys
Error opening file C:\pagefile.sys
Error opening file C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_12884\aspdict.dat
Error opening file C:\Program Files\BitDefender\BitDefender 2008\dbokf.db
Error opening file C:\Program Files\BitDefender\BitDefender 2008\dbokf.db-journal
Error opening file C:\resolve.log
Error opening file C:\WINDOWS\Debug\PASSWD.LOG
Error opening file C:\WINDOWS\SchedLgU.Txt
Error opening file C:\WINDOWS\SoftwareDistribution\EventCache\{5B92144F-F242-4471-BDAF-42DE37F09EFE}.bin
Error opening file C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
Error opening file C:\WINDOWS\system32\CatRoot2\edb.log
Error opening file C:\WINDOWS\system32\CatRoot2\tmp.edb
Error opening file C:\WINDOWS\system32\config\AppEvent.Evt
Error opening file C:\WINDOWS\system32\config\default
Error opening file C:\WINDOWS\system32\config\default.LOG
Error opening file C:\WINDOWS\system32\config\Internet.evt
Error opening file C:\WINDOWS\system32\config\SAM
Error opening file C:\WINDOWS\system32\config\SAM.LOG
Error opening file C:\WINDOWS\system32\config\SecEvent.Evt
Error opening file C:\WINDOWS\system32\config\SECURITY
Error opening file C:\WINDOWS\system32\config\SECURITY.LOG
Error opening file C:\WINDOWS\system32\config\software
Error opening file C:\WINDOWS\system32\config\software.LOG
Error opening file C:\WINDOWS\system32\config\SysEvent.Evt
Error opening file C:\WINDOWS\system32\config\system
Error opening file C:\WINDOWS\system32\config\system.LOG
Error opening file C:\WINDOWS\system32\h323log.txt
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
Error opening file C:\WINDOWS\Temp\tmp00003e0b\tmp00000000
Error opening file C:\WINDOWS\WindowsUpdate.log
RESOLVE Version 1.07
Copyright (c) 2004, Sophos Plc, www.sophos.com
The current user does not have Administrator rights
The system may not be completely disinfected
System disinfection for W32/Bagle
Data Version 1.13
System scan started at 17:48 on 14 July 2008
Checking for W32/Bagle in memory
Could not open process. Process ID: 1640
Could not open process. Process ID: 720
Could not open process. Process ID: 772
Could not open process. Process ID: 2556
Checking for files affected by W32/Bagle
Scanning C:
Error opening file C:\Documents and Settings\Benjamin\Application Data\Bitdefender\Desktop\Profiles\asdict.dat
Error opening file C:\Documents and Settings\Benjamin\Cookies\index.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Historique\History.IE5\index.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Historique\History.IE5\MSHist012008071420080715\index.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
Error opening file C:\Documents and Settings\Benjamin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Error opening file C:\Documents and Settings\Benjamin\NTUSER.DAT
Error opening file C:\Documents and Settings\Benjamin\ntuser.dat.LOG
Error opening file C:\Documents and Settings\LocalService\Cookies\index.dat
Error opening file C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Error opening file C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Error opening file C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat
Error opening file C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Error opening file C:\Documents and Settings\LocalService\NTUSER.DAT
Error opening file C:\Documents and Settings\LocalService\ntuser.dat.LOG
Error opening file C:\Documents and Settings\NetworkService\Cookies\index.dat
Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Error opening file C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat
Error opening file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Error opening file C:\Documents and Settings\NetworkService\NTUSER.DAT
Error opening file C:\Documents and Settings\NetworkService\ntuser.dat.LOG
Error opening file C:\hiberfil.sys
Error opening file C:\pagefile.sys
Error opening file C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_12884\aspdict.dat
Error opening file C:\Program Files\BitDefender\BitDefender 2008\dbokf.db
Error opening file C:\Program Files\BitDefender\BitDefender 2008\dbokf.db-journal
Error opening file C:\resolve.log
Error opening file C:\WINDOWS\Debug\PASSWD.LOG
Error opening file C:\WINDOWS\SchedLgU.Txt
Error opening file C:\WINDOWS\SoftwareDistribution\EventCache\{5B92144F-F242-4471-BDAF-42DE37F09EFE}.bin
Error opening file C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
Error opening file C:\WINDOWS\system32\CatRoot2\edb.log
Error opening file C:\WINDOWS\system32\CatRoot2\tmp.edb
Error opening file C:\WINDOWS\system32\config\AppEvent.Evt
Error opening file C:\WINDOWS\system32\config\default
Error opening file C:\WINDOWS\system32\config\default.LOG
Error opening file C:\WINDOWS\system32\config\Internet.evt
Error opening file C:\WINDOWS\system32\config\SAM
Error opening file C:\WINDOWS\system32\config\SAM.LOG
Error opening file C:\WINDOWS\system32\config\SecEvent.Evt
Error opening file C:\WINDOWS\system32\config\SECURITY
Error opening file C:\WINDOWS\system32\config\SECURITY.LOG
Error opening file C:\WINDOWS\system32\config\software
Error opening file C:\WINDOWS\system32\config\software.LOG
Error opening file C:\WINDOWS\system32\config\SysEvent.Evt
Error opening file C:\WINDOWS\system32\config\system
Error opening file C:\WINDOWS\system32\config\system.LOG
Error opening file C:\WINDOWS\system32\h323log.txt
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
Error opening file C:\WINDOWS\Temp\tmp00003e0b\tmp00000000
Error opening file C:\WINDOWS\WindowsUpdate.log
