Processus étrange exécuté dans la sandbox
Résolu
besoindaide1
Messages postés
544
Date d'inscription
Statut
Membre
Dernière intervention
-
besoindaide1 Messages postés 544 Date d'inscription Statut Membre Dernière intervention -
besoindaide1 Messages postés 544 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
J'ai mis Internet Explorer dans la SandBox de Comodo et j'ai ramarqué que chaque fois que je lance IE, un processus sans nom se lance aussi (dans la Sandbox). Je viens de désinfecter ma clé hier (il y avait 3 virus) avec Usbfix et Antivir et j'ai fait un scan avec RSIT.
Voici les rapports :
Rapport log :
Logfile of random's system information tool 1.08 (written by random/random)
Run by Mip at 2010-10-06 08:02:59
Microsoft Windows 7 Édition Familiale Premium
System drive C: has 431 GB (92%) free of 469 GB
Total RAM: 4095 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:03:12, on 06/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Mip\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Mip.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B205648-FA32-479F-9F4F-2053B6C5B394}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B205648-FA32-479F-9F4F-2053B6C5B394}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{3B205648-FA32-479F-9F4F-2053B6C5B394}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
J'ai mis Internet Explorer dans la SandBox de Comodo et j'ai ramarqué que chaque fois que je lance IE, un processus sans nom se lance aussi (dans la Sandbox). Je viens de désinfecter ma clé hier (il y avait 3 virus) avec Usbfix et Antivir et j'ai fait un scan avec RSIT.
Voici les rapports :
Rapport log :
Logfile of random's system information tool 1.08 (written by random/random)
Run by Mip at 2010-10-06 08:02:59
Microsoft Windows 7 Édition Familiale Premium
System drive C: has 431 GB (92%) free of 469 GB
Total RAM: 4095 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:03:12, on 06/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Mip\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Mip.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B205648-FA32-479F-9F4F-2053B6C5B394}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B205648-FA32-479F-9F4F-2053B6C5B394}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{3B205648-FA32-479F-9F4F-2053B6C5B394}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
A voir également:
- Processus étrange exécuté dans la sandbox
- Windows sandbox - Guide
- Processus d'execution client serveur - Forum Windows 10
- Processus hote windows rundll32 - Forum Virus
- Quest ce que Processus hôte windows(Rundll32) ✓ - Forum Logiciels
- Processus inactif du systeme ✓ - Forum Windows
10 réponses
l'infection usb existe toujours, il me semble
C:\Windows\SysWOW64\explorer.exe
tu a desinfecté tout ton pc avec usbfix ?
C:\Windows\SysWOW64\explorer.exe
tu a desinfecté tout ton pc avec usbfix ?
J'ai réussi à supprimer autorun.inf avec Usbfix, mais je n'ai pas pu enlever les 2 autres virus, donc je les ai mis en quarantaine avec Antivir puis supprimé.
Que dois-je donc faire à présent ?
Merci pour ton aide.
Que dois-je donc faire à présent ?
Merci pour ton aide.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Oui je l'ai démarré en tant qu'admin sur Windows 7.
Voici le rapport avant la mise en quarantaine :
############################## | UsbFix 7.027 | [Suppression]
Utilisateur: Mip (Administrateur) # MIP-PC [Packard Bell imedia S3720]
Mis à jour le 28/09/10 par El Desaparecido / C_XX
Lancé à 19:42:16 | 05/10/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Activé
RAM -> 4095 Mo
A:\ -> Disque amovible # 1 Mo (1 Mo libre(s) - 59%) [] # FAT
C:\ (%systemdrive%) -> Disque fixe # 458 Go (421 Go libre(s) - 92%) [Packard Bell] # NTFS
D:\ -> Disque fixe # 458 Go (341 Go libre(s) - 74%) [DATA] # NTFS
E:\ -> CD-ROM
J:\ -> Disque amovible # 982 Mo (768 Mo libre(s) - 78%) [MEMUP] # FAT
K:\ -> Disque amovible # 4 Go (2 Go libre(s) - 43%) [UDISK 2.0] # FAT32
################## | Éléments infectieux |
Non supprimé ! A:\MS32DLL.dll.vbs
Non supprimé ! A:\Recycled\ctfmon.exe
################## | Registre |
################## | Mountpoints2 |
################## | Listing |
[02/06/2009 - 10:05:30 | AH | 4096] A:\._.Trashes
[02/06/2009 - 10:05:30 | HD ] A:\.Trashes
[09/05/2007 - 19:20:26 | A | 208896] A:\UDPv271.exe
[30/05/2005 - 18:26:08 | A | 358889] A:\USB Disk Pro v2.55.pdf
[14/03/2008 - 09:27:44 | RSHD ] A:\Recycled
[05/10/2010 - 19:28:32 | N | 3754] A:\MS32DLL.dll.vbs
[05/10/2010 - 19:33:44 | D ] A:\Autorun.inf
[03/10/2010 - 10:35:46 | SHD ] C:\$Recycle.Bin
[05/10/2010 - 19:41:55 | D ] C:\Autorun.inf
[15/08/2009 - 03:00:45 | RASH | 8192] C:\BOOTSECT.BAK
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1028.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1031.txt
[07/11/2007 - 08:00:40 | A | 10134] C:\eula.1033.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1036.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1040.txt
[07/11/2007 - 08:00:40 | A | 118] C:\eula.1041.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1042.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.2052.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.3082.txt
[07/11/2007 - 08:00:40 | A | 1110] C:\globdata.ini
[05/10/2010 - 19:37:18 | ASH | 3220623360] C:\hiberfil.sys
[07/11/2007 - 08:44:20 | A | 855040] C:\install.exe
[07/11/2007 - 08:00:40 | A | 843] C:\install.ini
[07/11/2007 - 08:44:20 | A | 75280] C:\install.res.1028.dll
[07/11/2007 - 08:44:20 | A | 95248] C:\install.res.1031.dll
[07/11/2007 - 08:44:20 | A | 90128] C:\install.res.1033.dll
[07/11/2007 - 08:44:20 | A | 96272] C:\install.res.1036.dll
[07/11/2007 - 08:44:20 | A | 94224] C:\install.res.1040.dll
[07/11/2007 - 08:44:20 | A | 80400] C:\install.res.1041.dll
[07/11/2007 - 08:44:20 | A | 78864] C:\install.res.1042.dll
[07/11/2007 - 08:44:20 | A | 74768] C:\install.res.2052.dll
[07/11/2007 - 08:44:20 | A | 95248] C:\install.res.3082.dll
[15/08/2009 - 02:32:44 | RHD ] C:\MSOCache
[02/10/2010 - 16:25:51 | HD ] C:\OEM
[05/10/2010 - 19:37:21 | ASH | 4294168576] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[02/10/2010 - 17:16:03 | RD ] C:\Program Files
[03/10/2010 - 09:13:03 | RD ] C:\Program Files (x86)
[02/10/2010 - 21:37:46 | HD ] C:\ProgramData
[02/10/2010 - 15:54:24 | SHD ] C:\Recovery
[02/10/2010 - 15:39:49 | A | 1515] C:\RHDSetup.log
[02/10/2010 - 18:00:52 | D ] C:\Shockwave 11
[03/10/2010 - 14:04:44 | SHD ] C:\System Volume Information
[05/10/2010 - 19:43:03 | D ] C:\UsbFix
[05/10/2010 - 19:42:20 | A | 3594] C:\UsbFix.txt
[05/10/2010 - 19:33:59 | A | 2792] C:\UsbFix_Upload_Me_MIP-PC.zip
[02/10/2010 - 15:54:37 | RD ] C:\Users
[07/11/2007 - 08:00:40 | A | 5686] C:\vcredist.bmp
[07/11/2007 - 08:50:40 | A | 1927956] C:\VC_RED.cab
[07/11/2007 - 08:53:12 | A | 242176] C:\VC_RED.MSI
[05/10/2010 - 07:00:40 | HD ] C:\VritualRoot
[05/10/2010 - 05:23:38 | D ] C:\Windows
[02/10/2010 - 15:57:15 | SHD ] D:\$RECYCLE.BIN
[05/10/2010 - 19:33:44 | D ] D:\autorun.inf
[21/08/2010 - 17:28:39 | RD ] D:\ISABELLE-PC
[14/11/2009 - 17:10:16 | RA | 528] D:\MediaID.bin
[18/08/2010 - 15:58:59 | RD ] D:\MIP-PC
[18/09/2010 - 15:04:37 | HD ] D:\msdownld.tmp
[03/10/2010 - 10:57:55 | SHD ] D:\System Volume Information
[21/08/2010 - 17:29:54 | D ] D:\WindowsImageBackup
[16/03/2010 - 16:07:30 | D ] J:\autorun.inf
[29/09/2010 - 13:53:28 | D ] J:\Sémiologie radiologique 29 septembre
[29/09/2010 - 13:52:52 | D ] J:\Physique olivier 29 Septembre
[29/09/2010 - 13:54:06 | D ] J:\Infectiologie 29 septembre
[29/09/2010 - 13:54:24 | D ] J:\Bactériologie 29 septembre
[14/03/2008 - 09:27:18 | RSHD ] J:\Recycled
[27/05/2009 - 10:19:04 | RSHD ] J:\RECYCLER
[22/09/2010 - 20:08:36 | D ] K:\Cours hygiène hospitalière
[01/10/2010 - 08:10:34 | D ] K:\stage d'hygiène
[01/10/2010 - 19:36:08 | A | 257613700] K:\20100930_1112_M2CHE_ADA.m4v
[01/10/2010 - 19:37:18 | A | 346643836] K:\20101001_0910_M1B_NAMB.m4v
[01/10/2010 - 12:19:26 | D ] K:\usb
[28/09/2010 - 14:47:54 | A | 47243928] K:\WS550578.WMA
[28/09/2010 - 15:48:34 | A | 45063418] K:\WS550579.WMA
[05/10/2010 - 19:15:52 | A | 2545346] K:\Calc.bmp
[05/10/2010 - 19:33:46 | D ] K:\Autorun.inf
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | Upload |
Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_MIP-PC.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.
################## | E.O.F |
Et voici le rapport après la mise en quarantaine et la suppression :
############################## | UsbFix 7.027 | [Suppression]
Utilisateur: Mip (Administrateur) # MIP-PC [Packard Bell imedia S3720]
Mis à jour le 28/09/10 par El Desaparecido / C_XX
Lancé à 21:44:13 | 05/10/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Activé
RAM -> 4095 Mo
A:\ -> Disque amovible # 1 Mo (1 Mo libre(s) - 61%) [] # FAT
C:\ (%systemdrive%) -> Disque fixe # 458 Go (421 Go libre(s) - 92%) [Packard Bell] # NTFS
D:\ -> Disque fixe # 458 Go (341 Go libre(s) - 74%) [DATA] # NTFS
E:\ -> CD-ROM
J:\ -> Disque amovible # 982 Mo (768 Mo libre(s) - 78%) [MEMUP] # FAT
################## | Éléments infectieux |
################## | Registre |
################## | Mountpoints2 |
################## | Listing |
[02/06/2009 - 10:05:30 | AH | 4096] A:\._.Trashes
[02/06/2009 - 10:05:30 | HD ] A:\.Trashes
[09/05/2007 - 19:20:26 | A | 208896] A:\UDPv271.exe
[30/05/2005 - 18:26:08 | A | 358889] A:\USB Disk Pro v2.55.pdf
[14/03/2008 - 09:27:44 | RSHD ] A:\Recycled
[05/10/2010 - 19:33:44 | D ] A:\Autorun.inf
[03/10/2010 - 10:35:46 | SHD ] C:\$Recycle.Bin
[05/10/2010 - 19:41:55 | D ] C:\Autorun.inf
[15/08/2009 - 03:00:45 | RASH | 8192] C:\BOOTSECT.BAK
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1028.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1031.txt
[07/11/2007 - 08:00:40 | A | 10134] C:\eula.1033.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1036.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1040.txt
[07/11/2007 - 08:00:40 | A | 118] C:\eula.1041.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1042.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.2052.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.3082.txt
[07/11/2007 - 08:00:40 | A | 1110] C:\globdata.ini
[05/10/2010 - 19:45:04 | ASH | 3220623360] C:\hiberfil.sys
[07/11/2007 - 08:44:20 | A | 855040] C:\install.exe
[07/11/2007 - 08:00:40 | A | 843] C:\install.ini
[07/11/2007 - 08:44:20 | A | 75280] C:\install.res.1028.dll
[07/11/2007 - 08:44:20 | A | 95248] C:\install.res.1031.dll
[07/11/2007 - 08:44:20 | A | 90128] C:\install.res.1033.dll
[07/11/2007 - 08:44:20 | A | 96272] C:\install.res.1036.dll
[07/11/2007 - 08:44:20 | A | 94224] C:\install.res.1040.dll
[07/11/2007 - 08:44:20 | A | 80400] C:\install.res.1041.dll
[07/11/2007 - 08:44:20 | A | 78864] C:\install.res.1042.dll
[07/11/2007 - 08:44:20 | A | 74768] C:\install.res.2052.dll
[07/11/2007 - 08:44:20 | A | 95248] C:\install.res.3082.dll
[15/08/2009 - 02:32:44 | RHD ] C:\MSOCache
[02/10/2010 - 16:25:51 | HD ] C:\OEM
[05/10/2010 - 19:45:06 | ASH | 4294168576] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[02/10/2010 - 17:16:03 | RD ] C:\Program Files
[03/10/2010 - 09:13:03 | RD ] C:\Program Files (x86)
[02/10/2010 - 21:37:46 | HD ] C:\ProgramData
[02/10/2010 - 15:54:24 | SHD ] C:\Recovery
[02/10/2010 - 15:39:49 | A | 1515] C:\RHDSetup.log
[02/10/2010 - 18:00:52 | D ] C:\Shockwave 11
[03/10/2010 - 14:04:44 | SHD ] C:\System Volume Information
[05/10/2010 - 21:45:27 | D ] C:\UsbFix
[05/10/2010 - 21:44:18 | A | 3391] C:\UsbFix.txt
[05/10/2010 - 19:43:14 | A | 2808] C:\UsbFix_Upload_Me_MIP-PC.zip
[02/10/2010 - 15:54:37 | RD ] C:\Users
[07/11/2007 - 08:00:40 | A | 5686] C:\vcredist.bmp
[07/11/2007 - 08:50:40 | A | 1927956] C:\VC_RED.cab
[07/11/2007 - 08:53:12 | A | 242176] C:\VC_RED.MSI
[05/10/2010 - 07:00:40 | HD ] C:\VritualRoot
[05/10/2010 - 05:23:38 | D ] C:\Windows
[02/10/2010 - 15:57:15 | SHD ] D:\$RECYCLE.BIN
[05/10/2010 - 19:33:44 | D ] D:\autorun.inf
[21/08/2010 - 17:28:39 | RD ] D:\ISABELLE-PC
[14/11/2009 - 17:10:16 | RA | 528] D:\MediaID.bin
[18/08/2010 - 15:58:59 | RD ] D:\MIP-PC
[18/09/2010 - 15:04:37 | HD ] D:\msdownld.tmp
[03/10/2010 - 10:57:55 | SHD ] D:\System Volume Information
[21/08/2010 - 17:29:54 | D ] D:\WindowsImageBackup
[16/03/2010 - 16:07:30 | D ] J:\autorun.inf
[29/09/2010 - 13:53:28 | D ] J:\Sémiologie radiologique 29 septembre
[29/09/2010 - 13:52:52 | D ] J:\Physique olivier 29 Septembre
[29/09/2010 - 13:54:06 | D ] J:\Infectiologie 29 septembre
[29/09/2010 - 13:54:24 | D ] J:\Bactériologie 29 septembre
[14/03/2008 - 09:27:18 | RSHD ] J:\Recycled
[27/05/2009 - 10:19:04 | RSHD ] J:\RECYCLER
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | Upload |
Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_MIP-PC.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.
################## | E.O.F |
Voici le rapport avant la mise en quarantaine :
############################## | UsbFix 7.027 | [Suppression]
Utilisateur: Mip (Administrateur) # MIP-PC [Packard Bell imedia S3720]
Mis à jour le 28/09/10 par El Desaparecido / C_XX
Lancé à 19:42:16 | 05/10/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Activé
RAM -> 4095 Mo
A:\ -> Disque amovible # 1 Mo (1 Mo libre(s) - 59%) [] # FAT
C:\ (%systemdrive%) -> Disque fixe # 458 Go (421 Go libre(s) - 92%) [Packard Bell] # NTFS
D:\ -> Disque fixe # 458 Go (341 Go libre(s) - 74%) [DATA] # NTFS
E:\ -> CD-ROM
J:\ -> Disque amovible # 982 Mo (768 Mo libre(s) - 78%) [MEMUP] # FAT
K:\ -> Disque amovible # 4 Go (2 Go libre(s) - 43%) [UDISK 2.0] # FAT32
################## | Éléments infectieux |
Non supprimé ! A:\MS32DLL.dll.vbs
Non supprimé ! A:\Recycled\ctfmon.exe
################## | Registre |
################## | Mountpoints2 |
################## | Listing |
[02/06/2009 - 10:05:30 | AH | 4096] A:\._.Trashes
[02/06/2009 - 10:05:30 | HD ] A:\.Trashes
[09/05/2007 - 19:20:26 | A | 208896] A:\UDPv271.exe
[30/05/2005 - 18:26:08 | A | 358889] A:\USB Disk Pro v2.55.pdf
[14/03/2008 - 09:27:44 | RSHD ] A:\Recycled
[05/10/2010 - 19:28:32 | N | 3754] A:\MS32DLL.dll.vbs
[05/10/2010 - 19:33:44 | D ] A:\Autorun.inf
[03/10/2010 - 10:35:46 | SHD ] C:\$Recycle.Bin
[05/10/2010 - 19:41:55 | D ] C:\Autorun.inf
[15/08/2009 - 03:00:45 | RASH | 8192] C:\BOOTSECT.BAK
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1028.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1031.txt
[07/11/2007 - 08:00:40 | A | 10134] C:\eula.1033.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1036.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1040.txt
[07/11/2007 - 08:00:40 | A | 118] C:\eula.1041.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1042.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.2052.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.3082.txt
[07/11/2007 - 08:00:40 | A | 1110] C:\globdata.ini
[05/10/2010 - 19:37:18 | ASH | 3220623360] C:\hiberfil.sys
[07/11/2007 - 08:44:20 | A | 855040] C:\install.exe
[07/11/2007 - 08:00:40 | A | 843] C:\install.ini
[07/11/2007 - 08:44:20 | A | 75280] C:\install.res.1028.dll
[07/11/2007 - 08:44:20 | A | 95248] C:\install.res.1031.dll
[07/11/2007 - 08:44:20 | A | 90128] C:\install.res.1033.dll
[07/11/2007 - 08:44:20 | A | 96272] C:\install.res.1036.dll
[07/11/2007 - 08:44:20 | A | 94224] C:\install.res.1040.dll
[07/11/2007 - 08:44:20 | A | 80400] C:\install.res.1041.dll
[07/11/2007 - 08:44:20 | A | 78864] C:\install.res.1042.dll
[07/11/2007 - 08:44:20 | A | 74768] C:\install.res.2052.dll
[07/11/2007 - 08:44:20 | A | 95248] C:\install.res.3082.dll
[15/08/2009 - 02:32:44 | RHD ] C:\MSOCache
[02/10/2010 - 16:25:51 | HD ] C:\OEM
[05/10/2010 - 19:37:21 | ASH | 4294168576] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[02/10/2010 - 17:16:03 | RD ] C:\Program Files
[03/10/2010 - 09:13:03 | RD ] C:\Program Files (x86)
[02/10/2010 - 21:37:46 | HD ] C:\ProgramData
[02/10/2010 - 15:54:24 | SHD ] C:\Recovery
[02/10/2010 - 15:39:49 | A | 1515] C:\RHDSetup.log
[02/10/2010 - 18:00:52 | D ] C:\Shockwave 11
[03/10/2010 - 14:04:44 | SHD ] C:\System Volume Information
[05/10/2010 - 19:43:03 | D ] C:\UsbFix
[05/10/2010 - 19:42:20 | A | 3594] C:\UsbFix.txt
[05/10/2010 - 19:33:59 | A | 2792] C:\UsbFix_Upload_Me_MIP-PC.zip
[02/10/2010 - 15:54:37 | RD ] C:\Users
[07/11/2007 - 08:00:40 | A | 5686] C:\vcredist.bmp
[07/11/2007 - 08:50:40 | A | 1927956] C:\VC_RED.cab
[07/11/2007 - 08:53:12 | A | 242176] C:\VC_RED.MSI
[05/10/2010 - 07:00:40 | HD ] C:\VritualRoot
[05/10/2010 - 05:23:38 | D ] C:\Windows
[02/10/2010 - 15:57:15 | SHD ] D:\$RECYCLE.BIN
[05/10/2010 - 19:33:44 | D ] D:\autorun.inf
[21/08/2010 - 17:28:39 | RD ] D:\ISABELLE-PC
[14/11/2009 - 17:10:16 | RA | 528] D:\MediaID.bin
[18/08/2010 - 15:58:59 | RD ] D:\MIP-PC
[18/09/2010 - 15:04:37 | HD ] D:\msdownld.tmp
[03/10/2010 - 10:57:55 | SHD ] D:\System Volume Information
[21/08/2010 - 17:29:54 | D ] D:\WindowsImageBackup
[16/03/2010 - 16:07:30 | D ] J:\autorun.inf
[29/09/2010 - 13:53:28 | D ] J:\Sémiologie radiologique 29 septembre
[29/09/2010 - 13:52:52 | D ] J:\Physique olivier 29 Septembre
[29/09/2010 - 13:54:06 | D ] J:\Infectiologie 29 septembre
[29/09/2010 - 13:54:24 | D ] J:\Bactériologie 29 septembre
[14/03/2008 - 09:27:18 | RSHD ] J:\Recycled
[27/05/2009 - 10:19:04 | RSHD ] J:\RECYCLER
[22/09/2010 - 20:08:36 | D ] K:\Cours hygiène hospitalière
[01/10/2010 - 08:10:34 | D ] K:\stage d'hygiène
[01/10/2010 - 19:36:08 | A | 257613700] K:\20100930_1112_M2CHE_ADA.m4v
[01/10/2010 - 19:37:18 | A | 346643836] K:\20101001_0910_M1B_NAMB.m4v
[01/10/2010 - 12:19:26 | D ] K:\usb
[28/09/2010 - 14:47:54 | A | 47243928] K:\WS550578.WMA
[28/09/2010 - 15:48:34 | A | 45063418] K:\WS550579.WMA
[05/10/2010 - 19:15:52 | A | 2545346] K:\Calc.bmp
[05/10/2010 - 19:33:46 | D ] K:\Autorun.inf
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | Upload |
Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_MIP-PC.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.
################## | E.O.F |
Et voici le rapport après la mise en quarantaine et la suppression :
############################## | UsbFix 7.027 | [Suppression]
Utilisateur: Mip (Administrateur) # MIP-PC [Packard Bell imedia S3720]
Mis à jour le 28/09/10 par El Desaparecido / C_XX
Lancé à 21:44:13 | 05/10/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Activé
RAM -> 4095 Mo
A:\ -> Disque amovible # 1 Mo (1 Mo libre(s) - 61%) [] # FAT
C:\ (%systemdrive%) -> Disque fixe # 458 Go (421 Go libre(s) - 92%) [Packard Bell] # NTFS
D:\ -> Disque fixe # 458 Go (341 Go libre(s) - 74%) [DATA] # NTFS
E:\ -> CD-ROM
J:\ -> Disque amovible # 982 Mo (768 Mo libre(s) - 78%) [MEMUP] # FAT
################## | Éléments infectieux |
################## | Registre |
################## | Mountpoints2 |
################## | Listing |
[02/06/2009 - 10:05:30 | AH | 4096] A:\._.Trashes
[02/06/2009 - 10:05:30 | HD ] A:\.Trashes
[09/05/2007 - 19:20:26 | A | 208896] A:\UDPv271.exe
[30/05/2005 - 18:26:08 | A | 358889] A:\USB Disk Pro v2.55.pdf
[14/03/2008 - 09:27:44 | RSHD ] A:\Recycled
[05/10/2010 - 19:33:44 | D ] A:\Autorun.inf
[03/10/2010 - 10:35:46 | SHD ] C:\$Recycle.Bin
[05/10/2010 - 19:41:55 | D ] C:\Autorun.inf
[15/08/2009 - 03:00:45 | RASH | 8192] C:\BOOTSECT.BAK
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1028.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1031.txt
[07/11/2007 - 08:00:40 | A | 10134] C:\eula.1033.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1036.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1040.txt
[07/11/2007 - 08:00:40 | A | 118] C:\eula.1041.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1042.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.2052.txt
[07/11/2007 - 08:00:40 | A | 17734] C:\eula.3082.txt
[07/11/2007 - 08:00:40 | A | 1110] C:\globdata.ini
[05/10/2010 - 19:45:04 | ASH | 3220623360] C:\hiberfil.sys
[07/11/2007 - 08:44:20 | A | 855040] C:\install.exe
[07/11/2007 - 08:00:40 | A | 843] C:\install.ini
[07/11/2007 - 08:44:20 | A | 75280] C:\install.res.1028.dll
[07/11/2007 - 08:44:20 | A | 95248] C:\install.res.1031.dll
[07/11/2007 - 08:44:20 | A | 90128] C:\install.res.1033.dll
[07/11/2007 - 08:44:20 | A | 96272] C:\install.res.1036.dll
[07/11/2007 - 08:44:20 | A | 94224] C:\install.res.1040.dll
[07/11/2007 - 08:44:20 | A | 80400] C:\install.res.1041.dll
[07/11/2007 - 08:44:20 | A | 78864] C:\install.res.1042.dll
[07/11/2007 - 08:44:20 | A | 74768] C:\install.res.2052.dll
[07/11/2007 - 08:44:20 | A | 95248] C:\install.res.3082.dll
[15/08/2009 - 02:32:44 | RHD ] C:\MSOCache
[02/10/2010 - 16:25:51 | HD ] C:\OEM
[05/10/2010 - 19:45:06 | ASH | 4294168576] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[02/10/2010 - 17:16:03 | RD ] C:\Program Files
[03/10/2010 - 09:13:03 | RD ] C:\Program Files (x86)
[02/10/2010 - 21:37:46 | HD ] C:\ProgramData
[02/10/2010 - 15:54:24 | SHD ] C:\Recovery
[02/10/2010 - 15:39:49 | A | 1515] C:\RHDSetup.log
[02/10/2010 - 18:00:52 | D ] C:\Shockwave 11
[03/10/2010 - 14:04:44 | SHD ] C:\System Volume Information
[05/10/2010 - 21:45:27 | D ] C:\UsbFix
[05/10/2010 - 21:44:18 | A | 3391] C:\UsbFix.txt
[05/10/2010 - 19:43:14 | A | 2808] C:\UsbFix_Upload_Me_MIP-PC.zip
[02/10/2010 - 15:54:37 | RD ] C:\Users
[07/11/2007 - 08:00:40 | A | 5686] C:\vcredist.bmp
[07/11/2007 - 08:50:40 | A | 1927956] C:\VC_RED.cab
[07/11/2007 - 08:53:12 | A | 242176] C:\VC_RED.MSI
[05/10/2010 - 07:00:40 | HD ] C:\VritualRoot
[05/10/2010 - 05:23:38 | D ] C:\Windows
[02/10/2010 - 15:57:15 | SHD ] D:\$RECYCLE.BIN
[05/10/2010 - 19:33:44 | D ] D:\autorun.inf
[21/08/2010 - 17:28:39 | RD ] D:\ISABELLE-PC
[14/11/2009 - 17:10:16 | RA | 528] D:\MediaID.bin
[18/08/2010 - 15:58:59 | RD ] D:\MIP-PC
[18/09/2010 - 15:04:37 | HD ] D:\msdownld.tmp
[03/10/2010 - 10:57:55 | SHD ] D:\System Volume Information
[21/08/2010 - 17:29:54 | D ] D:\WindowsImageBackup
[16/03/2010 - 16:07:30 | D ] J:\autorun.inf
[29/09/2010 - 13:53:28 | D ] J:\Sémiologie radiologique 29 septembre
[29/09/2010 - 13:52:52 | D ] J:\Physique olivier 29 Septembre
[29/09/2010 - 13:54:06 | D ] J:\Infectiologie 29 septembre
[29/09/2010 - 13:54:24 | D ] J:\Bactériologie 29 septembre
[14/03/2008 - 09:27:18 | RSHD ] J:\Recycled
[27/05/2009 - 10:19:04 | RSHD ] J:\RECYCLER
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | Upload |
Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_MIP-PC.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.
################## | E.O.F |
ok
* Télécharge ZHPDiag (de Nicolas Coolman). https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
Rend toi sur Cijoint http://www.cijoint.fr/
et indique l'emplacement du rapport à l'aide du bouton "Parcourir..." Ensuite Clique sur "Cliquez ici pour déposer le fichier"
Un lien sera généré, copie et colle-le dans ta prochaine réponse.
* Télécharge ZHPDiag (de Nicolas Coolman). https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
Rend toi sur Cijoint http://www.cijoint.fr/
et indique l'emplacement du rapport à l'aide du bouton "Parcourir..." Ensuite Clique sur "Cliquez ici pour déposer le fichier"
Un lien sera généré, copie et colle-le dans ta prochaine réponse.
Voici le lien :
http://www.cijoint.fr/cjlink.php?file=cj201010/cij9tMpBRB.txt
Vu que je dois partir maintenant, peut-on remettre ça à demain (vers 16-17H) ?
http://www.cijoint.fr/cjlink.php?file=cj201010/cij9tMpBRB.txt
Vu que je dois partir maintenant, peut-on remettre ça à demain (vers 16-17H) ?
Voici le rapport de MBAM :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4770
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
07/10/2010 16:47:08
mbam-log-2010-10-07 (16-47-08).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 235029
Temps écoulé: 30 minute(s), 5 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Visiblement, je crois qu'il n'y a rien, par contre est-ce que cette ligne est normale :
C:\Windows\SysWOW64\explorer.exe
?
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4770
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
07/10/2010 16:47:08
mbam-log-2010-10-07 (16-47-08).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 235029
Temps écoulé: 30 minute(s), 5 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Visiblement, je crois qu'il n'y a rien, par contre est-ce que cette ligne est normale :
C:\Windows\SysWOW64\explorer.exe
?
