Infection clé usb - Rapport UsbFix

hugher65 Messages postés 9 Statut Membre -  
Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,

J'ai un problème avec ma clé USB : les dossiers et fichiers disparaissent et des fichiers exe apparaissent. Pouvez-vous m'aider à la désinfecter?
J'ai essayer de formater mais les virus/trojans reviennent.
Merci de votre aide.

Voici le rapport USBfix

############################## | UsbFix V 7.087 | [Recherche]

Utilisateur: POSTE6 (Administrateur) # POSTE6-PC
Mis à jour le 05/04/2012 par El Desaparecido
Lancé à 18:00:01 | 23/04/2012

Site Web: https://www.sosvirus.net/
Fichier suspect ? : http://eldesaparecido.com/upload.html
Contact: contact@eldesaparecido.com

PC: Gigabyte Technology Co., Ltd. (EP31-DS3L) (x64-based PC) # Desktop Computer
CPU: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz (2333)
RAM -> [ Total : 4094 | Free : 2286 ]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 8.0.7601.17514

SC: Security Center Service [ (!) Disabled ]
WU: Windows Update Service [ Enabled ]
AV: avast! antivirus [ Enabled | (!) Outdated ]
FW: Windows FireWall Service [ (!) Disabled ]

C:\ (%systemdrive%) -> Disque fixe # 49 Go (9 Go libre(s) - 19%) [Win7SP1] # NTFS
D:\ -> Disque fixe # 319 Go (106 Go libre(s) - 33%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Disque fixe # 98 Go (60 Go libre(s) - 61%) [DOCUMENTS] # NTFS
G:\ -> Disque amovible # 7 Go (7 Go libre(s) - 100%) [TRANSCEND] # FAT32
K:\ -> CD-ROM

################## | Processus Actif |

C:\Windows\system32\csrss.exe (388)
C:\Windows\system32\wininit.exe (436)
C:\Windows\system32\csrss.exe (460)
C:\Windows\system32\services.exe (496)
C:\Windows\system32\lsass.exe (516)
C:\Windows\system32\lsm.exe (528)
C:\Windows\system32\winlogon.exe (592)
C:\Windows\system32\svchost.exe (688)
C:\Windows\system32\svchost.exe (792)
C:\Windows\System32\svchost.exe (880)
C:\Windows\System32\svchost.exe (928)
C:\Windows\system32\svchost.exe (956)
C:\Windows\system32\svchost.exe (464)
C:\Windows\system32\svchost.exe (1036)
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1112)
C:\Program Files\Alwil Software\Avast4\ashServ.exe (1152)
C:\Windows\system32\Dwm.exe (1344)
C:\Windows\Explorer.EXE (1368)
C:\Windows\System32\spoolsv.exe (1592)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1620)
C:\Windows\system32\svchost.exe (1648)
C:\Windows\system32\taskhost.exe (1748)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1908)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1948)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (1976)
C:\Windows\system32\conhost.exe (1984)
C:\Program Files (x86)\ATnotes\ATnotes.exe (1176)
C:\Program Files\Windows Sidebar\sidebar.exe (1240)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe (1792)
C:\Windows\system32\svchost.exe (1856)
C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe (2044)
C:\Program Files (x86)\Graitec\License Server\Bin\lmgrd.exe (1896)
C:\Windows\system32\conhost.exe (2092)
C:\Windows\SysWOW64\srvany.exe (2108)
C:\Program Files (x86)\Graitec\License Server\Bin\lmgrd.exe (2116)
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (2140)
C:\Windows\KMService.exe (2172)
C:\Windows\system32\conhost.exe (2180)
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2216)
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (2284)
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (2360)
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (2472)
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (2512)
C:\Windows\system32\svchost.exe (2540)
C:\Users\POSTE6\temp\TeamViewer\Version6\TeamViewer_Service.exe (2584)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2648)
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe (2864)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2908)
C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe (2332)
C:\Users\POSTE6\temp\TeamViewer\Version6\TeamViewer.exe (3312)
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (3436)
C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe (3460)
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (3508)
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe (3688)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (3784)
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (3892)
C:\Windows\system32\SearchIndexer.exe (4068)
C:\Windows\system32\svchost.exe (3948)
C:\Windows\system32\WUDFHost.exe (4200)
C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe (4560)
C:\Windows\system32\SearchProtocolHost.exe (4820)
C:\Program Files\Windows Media Player\wmpnetwk.exe (5112)
C:\Program Files (x86)\Everything\Everything.exe (5456)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (5480)
C:\Program Files\Alwil Software\Avast4\ashDisp.exe (5496)
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (5564)
C:\Program Files\iPod\bin\iPodService.exe (6004)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4844)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4924)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3864)
C:\Windows\system32\wuauclt.exe (5452)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (5860)
C:\Program Files (x86)\Graitec\License Server\Bin\GRAITEC.exe (2752)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (2796)
C:\Windows\splwow64.exe (1716)
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (5888)
C:\Users\POSTE6\3rua.exe (5992)
C:\Windows\SysWOW64\svchost.exe (3980)
C:\Users\POSTE6\weotak.exe (712)
C:\Windows\SysWOW64\cmd.exe (5712)
C:\Windows\system32\conhost.exe (3604)
C:\Windows\SysWOW64\cmd.exe (1516)
C:\Windows\system32\conhost.exe (5372)
C:\Windows\system32\vssvc.exe (2020)
C:\Windows\System32\svchost.exe (5244)
C:\Windows\system32\SearchFilterHost.exe (1876)
C:\UsbFix\Go.exe (3600)
C:\Windows\system32\wbem\wmiprvse.exe (2596)

################## | Éléments infectieux |

Présent! C:\Users\POSTE6\AppData\Local\Temp\ose00000.exe
Présent! C:\Users\POSTE6\AppData\Local\Temp\outlook_2007.exe
Présent! G:\weotak.exe
Présent! C:\Users\POSTE6\start1.exe
Présent! G:\autorun.inf

################## | Registre |

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{943f2fcb-7646-11e0-af39-00241d73bf32}
Shell\AutoRun\Command = K:\SETUP.EXE
Shell\configure\Command = K:\SETUP.EXE
Shell\install\Command = K:\SETUP.EXE

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |

11 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Salut,

    C'est une poubelle ton PC.

    Relance USBFix en Suppression et poste le rapport ici.

    Relance HijackThis (si tu es sur Vista/Seven - faire un clic droit et executer en tant qu'administrateur) et coche ces lignes :

    O4 - HKCU\..\Run: [weotak] C:\Users\POSTE6\weotak.exe /y

    ==> clic sur fix checked

    Redémarre l'ordinateur

    Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
    !!! Malwarebyte doit être à jour avant de faire le scan !!!
    Supprime bien ce qui est détecté : bouton supprimer sélection.

    Reposte un rapport HijackThis.

    1
  2. hugher65 Messages postés 9 Statut Membre
     
    Rapport Hijack this :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:15:43, on 23/04/2012
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\ATnotes\ATnotes.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
    C:\Users\POSTE6\temp\TeamViewer\Version6\TeamViewer.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
    C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Everything\Everything.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Users\POSTE6\3rua.exe
    C:\Windows\SysWOW64\svchost.exe
    C:\Users\POSTE6\weotak.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Users\POSTE6\Desktop\hijackthis_telechargement_01net.exe
    C:\Users\POSTE6\AppData\Local\Temp\01net\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files (x86)\ATnotes\ATnotes.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\POSTE6\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [pfju] rundll32.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [weotak] C:\Users\POSTE6\weotak.exe /y
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
    O4 - Startup: 45D97407-E768-AB72-91D9-5E5BCEB11ADD.lnk = C:\Windows\System32\rundll32.exe
    O4 - Global Startup: Serveur réseau.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O13 - Gopher Prefix:
    O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FileOpenManagerSvc - FileOpen Systems Inc. - C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe
    O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Graitec License Server - Flexera Software, Inc. - C:\Program Files (x86)\Graitec\License Server\Bin\lmgrd.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
    O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Users\POSTE6\temp\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    0
  3. hugher65 Messages postés 9 Statut Membre
     
    Merci de ton aide!

    Voici le nouveau rapport USBfix :

    ############################## | UsbFix V 7.087 | [Suppression]

    Utilisateur: POSTE6 (Administrateur) # POSTE6-PC
    Mis à jour le 05/04/2012 par El Desaparecido
    Lancé à 08:46:27 | 24/04/2012

    Site Web: https://www.sosvirus.net/
    Fichier suspect ? : http://eldesaparecido.com/upload.html
    Contact: contact@eldesaparecido.com

    PC: Gigabyte Technology Co., Ltd. (EP31-DS3L) (x64-based PC) # Desktop Computer
    CPU: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz (2333)
    RAM -> [ Total : 4094 | Free : 2394 ]
    BIOS: Award Modular BIOS v6.00PG
    BOOT: Normal boot

    OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 64-Bit) # Service Pack 1
    WB: Windows Internet Explorer 8.0.7601.17514

    SC: Security Center Service [ (!) Disabled ]
    WU: Windows Update Service [ Enabled ]
    AV: avast! antivirus [ Enabled | (!) Outdated ]
    FW: Windows FireWall Service [ (!) Disabled ]

    C:\ (%systemdrive%) -> Disque fixe # 49 Go (9 Go libre(s) - 19%) [Win7SP1] # NTFS
    D:\ -> Disque fixe # 319 Go (106 Go libre(s) - 33%) [] # NTFS
    E:\ -> CD-ROM
    F:\ -> Disque fixe # 98 Go (60 Go libre(s) - 61%) [DOCUMENTS] # NTFS
    K:\ -> CD-ROM
    L:\ -> Disque amovible # 2 Go (1 Go libre(s) - 73%) [] # FAT

    ################## | Processus Actif |

    C:\Windows\system32\csrss.exe (388)
    C:\Windows\system32\wininit.exe (436)
    C:\Windows\system32\csrss.exe (460)
    C:\Windows\system32\services.exe (496)
    C:\Windows\system32\lsass.exe (516)
    C:\Windows\system32\lsm.exe (528)
    C:\Windows\system32\winlogon.exe (596)
    C:\Windows\system32\svchost.exe (684)
    C:\Windows\system32\svchost.exe (784)
    C:\Windows\System32\svchost.exe (848)
    C:\Windows\System32\svchost.exe (888)
    C:\Windows\system32\svchost.exe (924)
    C:\Windows\system32\svchost.exe (384)
    C:\Windows\system32\svchost.exe (1020)
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1088)
    C:\Program Files\Alwil Software\Avast4\ashServ.exe (1136)
    C:\Windows\system32\Dwm.exe (1316)
    C:\Windows\Explorer.EXE (1360)
    C:\Windows\System32\spoolsv.exe (1544)
    C:\Windows\system32\taskhost.exe (1576)
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1592)
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1960)
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2004)
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (2020)
    C:\Windows\system32\conhost.exe (2028)
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe (1296)
    C:\Windows\System32\svchost.exe (1712)
    C:\Windows\system32\svchost.exe (1256)
    C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe (1908)
    C:\Program Files (x86)\Graitec\License Server\Bin\lmgrd.exe (1948)
    C:\Windows\system32\conhost.exe (2080)
    C:\Windows\SysWOW64\srvany.exe (2088)
    C:\Program Files (x86)\Graitec\License Server\Bin\lmgrd.exe (2116)
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2124)
    C:\Windows\KMService.exe (2136)
    C:\Windows\system32\conhost.exe (2144)
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (2260)
    C:\Program Files (x86)\Graitec\License Server\Bin\GRAITEC.exe (2268)
    C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (2352)
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe (2396)
    C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (2504)
    C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (2540)
    C:\Windows\system32\svchost.exe (2564)
    C:\Users\POSTE6\temp\TeamViewer\Version6\TeamViewer_Service.exe (2672)
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2784)
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (3044)
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3328)
    C:\Windows\system32\WUDFHost.exe (3416)
    C:\Program Files (x86)\ATnotes\ATnotes.exe (3596)
    C:\Program Files\Windows Sidebar\sidebar.exe (3620)
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (3652)
    C:\Users\POSTE6\temp\TeamViewer\Version6\TeamViewer.exe (3672)
    C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe (3840)
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (3952)
    C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe (3976)
    C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe (4008)
    C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (4068)
    C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe (3584)
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (1116)
    C:\Windows\system32\SearchIndexer.exe (1224)
    C:\Program Files\Windows Media Player\wmpnetwk.exe (4376)
    C:\Windows\system32\SearchProtocolHost.exe (4592)
    C:\Windows\system32\sppsvc.exe (2912)
    C:\Users\POSTE6\3msn.exe (5036)
    C:\Users\POSTE6\vzher.exe (3460)
    C:\Windows\servicing\TrustedInstaller.exe (4284)
    C:\Windows\system32\wuauclt.exe (3604)
    C:\Windows\SysWOW64\svchost.exe (4808)
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe (220)
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4636)
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3012)
    C:\Windows\system32\SearchFilterHost.exe (1164)
    C:\Program Files (x86)\Everything\Everything.exe (1716)
    C:\Program Files (x86)\iTunes\iTunesHelper.exe (4948)
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe (5072)
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (1168)
    C:\Program Files\iPod\bin\iPodService.exe (4860)
    C:\Windows\system32\msfeedssync.exe (4232)
    C:\Windows\system32\taskhost.exe (2168)
    C:\UsbFix\Go.exe (3240)
    C:\Windows\system32\wbem\wmiprvse.exe (4792)

    ################## | Processus Stoppés |

    Stoppé! C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1088)
    Stoppé! C:\Program Files\Alwil Software\Avast4\ashServ.exe (1136)
    Stoppé! C:\Windows\System32\spoolsv.exe (1544)
    Stoppé! C:\Windows\system32\taskhost.exe (1576)
    Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1592)
    Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1960)
    Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2004)
    Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (2020)
    Stoppé! C:\Windows\system32\conhost.exe (2028)
    Stoppé! C:\Program Files (x86)\Bonjour\mDNSResponder.exe (1296)
    Stoppé! C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe (1908)
    Stoppé! C:\Program Files (x86)\Graitec\License Server\Bin\lmgrd.exe (1948)
    Stoppé! C:\Windows\system32\conhost.exe (2080)
    Stoppé! C:\Windows\SysWOW64\srvany.exe (2088)
    Stoppé! C:\Program Files (x86)\Graitec\License Server\Bin\lmgrd.exe (2116)
    Stoppé! C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2124)
    Stoppé! C:\Windows\KMService.exe (2136)
    Stoppé! C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (2260)
    Stoppé! C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (2352)
    Stoppé! C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (2504)
    Stoppé! C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (2540)
    Stoppé! C:\Users\POSTE6\temp\TeamViewer\Version6\TeamViewer_Service.exe (2672)
    Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2784)
    Stoppé! C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (3044)
    Stoppé! C:\Windows\system32\WUDFHost.exe (3416)
    Stoppé! C:\Program Files (x86)\ATnotes\ATnotes.exe (3596)
    Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (3620)
    Stoppé! C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (3652)
    Stoppé! C:\Users\POSTE6\temp\TeamViewer\Version6\TeamViewer.exe (3672)
    Stoppé! C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe (3840)
    Stoppé! C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (3952)
    Stoppé! C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe (3976)
    Stoppé! C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe (4008)
    Stoppé! C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (4068)
    Stoppé! C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe (3584)
    Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (1116)
    Stoppé! C:\Windows\system32\SearchIndexer.exe (1224)
    Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (4376)
    Stoppé! C:\Windows\system32\SearchProtocolHost.exe (4592)
    Stoppé! C:\Windows\system32\sppsvc.exe (2912)
    Stoppé! C:\Users\POSTE6\3msn.exe (5036)
    Stoppé! C:\Users\POSTE6\vzher.exe (3460)
    Stoppé! C:\Windows\servicing\TrustedInstaller.exe (4284)
    Stoppé! C:\Windows\system32\wuauclt.exe (3604)
    Stoppé! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (220)
    Stoppé! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4636)
    Stoppé! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3012)
    Stoppé! C:\Program Files (x86)\Everything\Everything.exe (1716)
    Stoppé! C:\Program Files (x86)\iTunes\iTunesHelper.exe (4948)
    Stoppé! C:\Program Files\Alwil Software\Avast4\ashDisp.exe (5072)
    Stoppé! C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (1168)
    Stoppé! C:\Program Files\iPod\bin\iPodService.exe (4860)
    Stoppé! C:\Windows\system32\taskhost.exe (2168)
    Stoppé! C:\Program Files (x86)\Internet Explorer\IELowutil.exe (5044)

    ################## | Éléments infectieux |

    Supprimé! C:\Users\POSTE6\AppData\Local\Temp\ose00000.exe
    Supprimé! C:\Users\POSTE6\AppData\Local\Temp\outlook_2007.exe
    Supprimé! L:\vzher.exe
    Supprimé! L:\LOST.DIR.exe
    Supprimé! L:\.android_secure.exe
    Supprimé! L:\Android.exe
    Supprimé! L:\DCIM.exe
    Supprimé! L:\ASI.exe
    Supprimé! L:\bluetooth.exe
    Supprimé! L:\videos.exe
    Supprimé! L:\.dataviz.exe
    Supprimé! L:\.beintoo.exe
    Supprimé! L:\documents.exe
    Supprimé! L:\ringtones.exe
    Supprimé! L:\download.exe
    Supprimé! L:\media.exe
    Supprimé! L:\AcerSync.exe
    Supprimé! L:\tmp.exe
    Supprimé! L:\prixing.exe
    Supprimé! L:\Andoku.exe
    Supprimé! L:\openfeint.exe
    Supprimé! L:\withbible_v1_6_0.exe
    Supprimé! L:\.youversion.exe
    Supprimé! L:\WaluuImagesCache.exe
    Supprimé! L:\svox.exe
    Supprimé! L:\.games.angryfrogs.exe
    Supprimé! L:\klog.exe
    Supprimé! L:\data.exe
    Supprimé! L:\Maison rue MENTEL 1.exe
    Supprimé! L:\Maison rue MENTEL 2.exe
    Supprimé! L:\Maison rue MENTEL.exe
    Supprimé! L:\Secret.exe
    Supprimé! L:\Sexy.exe
    Supprimé! L:\Porn.exe
    Supprimé! L:\Passwords.exe
    Supprimé! C:\Users\POSTE6\start1.exe
    Supprimé! C:\$RECYCLE.BIN\S-1-5-21-441551175-950043846-1304421940-1000
    Supprimé! C:\$RECYCLE.BIN\S-1-5-21-867306538-1125650364-3474091329-1000
    Supprimé! D:\$RECYCLE.BIN\S-1-5-21-441551175-950043846-1304421940-1000
    Supprimé! D:\$RECYCLE.BIN\S-1-5-21-867306538-1125650364-3474091329-1000
    Supprimé! F:\$RECYCLE.BIN\S-1-5-21-441551175-950043846-1304421940-1000
    Supprimé! F:\$RECYCLE.BIN\S-1-5-21-867306538-1125650364-3474091329-1000
    Supprimé! L:\autorun.inf
    Supprimé! L:\x.mpeg

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Mountpoints2 |

    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{943f2fcb-7646-11e0-af39-00241d73bf32}

    ################## | Listing |

    [24/04/2012 - 08:51:54 | SHD ] C:\$Recycle.Bin
    [20/04/2012 - 08:31:00 | D ] C:\Config.Msi
    [14/07/2009 - 02:08:56 | SHD ] C:\Documents and Settings
    [24/04/2012 - 08:39:02 | ASH | 3220037632] C:\hiberfil.sys
    [04/05/2011 - 09:16:20 | RHD ] C:\MSOCache
    [24/04/2012 - 08:39:05 | ASH | 4293386240] C:\pagefile.sys
    [14/07/2009 - 00:20:08 | D ] C:\PerfLogs
    [14/02/2012 - 11:32:43 | D ] C:\Program Files
    [26/03/2012 - 14:33:33 | D ] C:\Program Files (x86)
    [23/04/2012 - 17:18:55 | HD ] C:\ProgramData
    [29/04/2011 - 17:10:50 | SHD ] C:\Recovery
    [29/06/2011 - 11:40:19 | D ] C:\scancopieur
    [12/03/2012 - 08:53:38 | D ] C:\sense jordany
    [23/04/2012 - 17:59:24 | SHD ] C:\System Volume Information
    [29/06/2011 - 10:05:43 | D ] C:\temp
    [24/04/2012 - 08:51:54 | D ] C:\UsbFix
    [24/04/2012 - 08:46:43 | A | 12138] C:\UsbFix.txt
    [18/08/2011 - 12:12:53 | D ] C:\Users
    [12/07/2011 - 09:15:07 | D ] C:\verditech
    [14/03/2012 - 17:22:34 | D ] C:\Windows
    [24/04/2012 - 08:51:54 | SHD ] D:\$Recycle.Bin
    [28/04/2011 - 10:50:25 | D ] D:\$WINDOWS.~BT
    [20/12/2010 - 21:40:41 | D ] D:\2b4a167b6ba810828861f328
    [20/03/2012 - 11:38:10 | D ] D:\A copier
    [03/05/2011 - 10:13:10 | D ] D:\Adobe CS3
    [27/04/2010 - 09:02:13 | D ] D:\Adobe Illustrator 10
    [29/04/2011 - 17:49:23 | D ] D:\Archicad 12
    [17/09/2010 - 10:34:26 | N | 725633] D:\atnsetup.exe
    [26/01/2011 - 10:00:18 | D ] D:\Autodesk
    [14/07/2009 - 02:08:56 | SHD ] D:\Documents and Settings
    [11/01/2012 - 18:14:55 | ASH | 3220037632] D:\hiberfil.sys
    [04/05/2011 - 09:17:02 | D ] D:\IDE
    [01/12/2006 - 23:37:14 | N | 904704] D:\msdia80.dll
    [20/04/2010 - 20:13:13 | RHD ] D:\MSOCache
    [11/01/2012 - 18:14:58 | N | 4293386240] D:\pagefile.sys
    [14/07/2009 - 00:20:08 | D ] D:\PerfLogs
    [14/01/2011 - 11:05:39 | D ] D:\Program Files
    [15/06/2011 - 16:20:48 | D ] D:\Program Files (x86)
    [23/02/2011 - 12:46:51 | HD ] D:\ProgramData
    [20/04/2010 - 20:07:41 | SHD ] D:\Recovery
    [05/12/2011 - 08:41:31 | D ] D:\SAVE POUR FORMATAGE BRUNO
    [27/06/2011 - 15:43:45 | D ] D:\scancopieur
    [15/06/2011 - 18:03:17 | SHD ] D:\System Volume Information
    [20/04/2010 - 20:07:47 | D ] D:\Users
    [07/01/2011 - 17:02:29 | D ] D:\verditech
    [27/06/2011 - 08:34:12 | D ] D:\Windows
    [02/04/2012 - 15:23:33 | D ] D:\Windows 7 SP1 French AiO X86 X64
    [21/04/2010 - 13:12:16 | D ] D:\_rpcs
    [24/04/2012 - 08:51:54 | SHD ] F:\$RECYCLE.BIN
    [09/05/2011 - 16:27:12 | D ] F:\BUREAU
    [18/04/2012 - 16:26:04 | D ] F:\Documents
    [20/05/2011 - 08:18:44 | D ] F:\Documents Partagés
    [17/04/2012 - 07:46:44 | N | 1063949] F:\DSC_0010.JPG
    [17/04/2012 - 07:47:06 | N | 1050503] F:\DSC_0011.JPG
    [17/04/2012 - 07:47:56 | N | 520660] F:\DSC_0012.JPG
    [17/04/2012 - 07:48:48 | N | 1190873] F:\DSC_0013.JPG
    [17/04/2012 - 07:50:20 | N | 970349] F:\DSC_0014.JPG
    [17/04/2012 - 07:50:44 | N | 1319579] F:\DSC_0015.JPG
    [17/04/2012 - 07:51:14 | N | 1125116] F:\DSC_0016.JPG
    [17/04/2012 - 07:51:26 | N | 1091286] F:\DSC_0017.JPG
    [11/04/2012 - 10:40:37 | D ] F:\LOGS
    [05/05/2011 - 17:12:56 | D ] F:\Music
    [02/04/2012 - 15:25:23 | D ] F:\Myller
    [05/05/2011 - 17:12:54 | D ] F:\Pictures
    [02/05/2011 - 20:06:57 | SHD ] F:\System Volume Information
    [05/05/2011 - 17:12:59 | D ] F:\Videos
    [15/03/2011 - 18:26:48 | D ] L:\LOST.DIR
    [15/02/2012 - 13:46:06 | D ] L:\.android_secure
    [15/03/2011 - 18:26:50 | D ] L:\Android
    [15/03/2011 - 18:29:28 | D ] L:\DCIM
    [08/11/2011 - 14:23:22 | N | 36] L:\.sync.id
    [30/09/2011 - 12:56:44 | D ] L:\ASI
    [26/03/2011 - 13:20:26 | D ] L:\bluetooth
    [15/03/2011 - 19:34:40 | D ] L:\videos
    [29/03/2011 - 14:24:46 | D ] L:\.dataviz
    [04/10/2011 - 12:36:52 | D ] L:\.beintoo
    [01/05/2011 - 22:42:54 | D ] L:\documents
    [15/03/2011 - 20:09:28 | D ] L:\ringtones
    [07/07/2011 - 18:40:58 | D ] L:\download
    [24/03/2011 - 00:31:10 | D ] L:\media
    [26/03/2011 - 13:26:58 | D ] L:\AcerSync
    [29/03/2011 - 15:55:18 | D ] L:\tmp
    [02/04/2011 - 16:35:06 | D ] L:\prixing
    [02/04/2011 - 18:19:12 | D ] L:\Andoku
    [06/02/2012 - 08:46:36 | D ] L:\klog
    [11/04/2011 - 22:19:06 | D ] L:\openfeint
    [16/04/2011 - 18:50:56 | D ] L:\withbible_v1_6_0
    [15/02/2012 - 12:28:14 | D ] L:\.youversion
    [30/05/2011 - 15:35:16 | D ] L:\WaluuImagesCache
    [08/08/2011 - 19:46:58 | D ] L:\svox
    [30/03/2012 - 15:51:58 | D ] L:\.games.angryfrogs
    [09/03/2012 - 02:33:16 | N | 1450632] L:\klog.txt
    [25/02/2012 - 05:57:14 | D ] L:\data
    [10/08/2000 - 09:54:46 | N | 92857] L:\Maison rue MENTEL 1.jpg
    [10/08/2000 - 09:57:56 | N | 107140] L:\Maison rue MENTEL 2.jpg
    [10/08/2000 - 09:51:30 | N | 93805] L:\Maison rue MENTEL.jpg

    ################## | Vaccin |

    C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    L:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | Upload |

    Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_POSTE6-PC.zip
    http://eldesaparecido.com/upload.php
    Merci de votre contribution.

    ################## | E.O.F |
    0
  4. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Bonjour

    Pourquoi Antivir + Avast ?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. hugher65 Messages postés 9 Statut Membre
     
    je viens de repasser Hijack This, il n' y a pas de ligne :
    O4 - HKCU\..\Run: [weotak] C:\Users\POSTE6\weotak.exe /y

    Je lance malwarebytes maintenant
    0
  7. hugher65 Messages postés 9 Statut Membre
     
    J'ai cette ligne par contre :
    O4 - HKCU\..\Run: [vzher] C:\Users\POSTE6\vzher.exe /a

    dois-je la supprimer?
    0
  8. hugher65 Messages postés 9 Statut Membre
     
    Voici le rapport hijack this :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:30:48, on 24/04/2012
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Users\POSTE6\temp\TeamViewer\Version6\TeamViewer.exe
    C:\Program Files (x86)\ATnotes\ATnotes.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe
    C:\Users\POSTE6\vzher.exe
    C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
    C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Everything\Everything.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\POSTE6\Desktop\HiJackThis.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files (x86)\ATnotes\ATnotes.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\POSTE6\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [pfju] rundll32.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\POSTE6\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [vzher] C:\Users\POSTE6\vzher.exe /a
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
    O4 - Startup: 45D97407-E768-AB72-91D9-5E5BCEB11ADD.lnk = C:\Windows\System32\rundll32.exe
    O4 - Global Startup: Serveur réseau.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O13 - Gopher Prefix:
    O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FileOpenManagerSvc - FileOpen Systems Inc. - C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe
    O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Graitec License Server - Flexera Software, Inc. - C:\Program Files (x86)\Graitec\License Server\Bin\lmgrd.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
    O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Users\POSTE6\temp\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    0
  9. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Tu as fait Malwarebyte?
    0
  10. hugher65 Messages postés 9 Statut Membre
     
    oui

    mais j'avais oublié de mettre une autre clé USB pour désinfecter aussi
    et c'est reparti...
    Et USBfix plante maintenant.
    0
  11. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Pourquoi 2 AV ????

    0
    1. hugher65 Messages postés 9 Statut Membre
       
      C'est l'ordi du boulot, Avast est périmé donc j'ai mis antivir
      0
    2. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
       
      Il faudra en désinstaller un,
      Si tu veux désinstaller Avast et que ça marche pas => https://www.avast.com/fr-fr/uninstall-utility

      Pour info ... Les antivirus gratuits ne sont pas gratuis pour les entreprises.

      Fais Combofix.
      0
  12. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Sauvegarde tes documents importants.
    A lire en entier.

    Désactive les logiciels de protection (Antivirus, Antispywares)
    En Général, cela se fait par un clic droit sur l'icône de ton antivirus en bas à droite et désactiver protection/agent ou autres.

    ensuite :

    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.

    Eventuellement, installe la console de récupération comme cela est conseillé

    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    Si le rapport ne passe pas, envoie le sur ce site : http://pjjoint.malekal.com/
    et donne le lien ici :)

    Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

    Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

    Si Combofix émet toujours une alerte sur l'antivirus : Si tu es en mode sans échec continue, si tu es en mode normal et que l'antivirus est bien désactivé. Continue.
    Hébergement du rapport : Utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport, donne le lien pjjoint qui pointent vers ce rapport dans un nouveau message.

    -1