Tous les exe. transformés en lnk. WINDOWS 7

JM -  
Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,
Impossible sous WINDOWS 7 d'accéder à un fichier quelconque les exe. sont transformés en lnk.Quelqu'un peut-il m'aider? MERCI.......JM

3 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Salut,

    Worms.Vobfus : https://www.malekal.com/worm-vobfus-mes-dossiers-sont-devenus-des-raccourcis/

    Sauvegarde tes documents importants.

    Désactive les logiciels de protection (Antivirus, Antispywares) puis :

    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.

    Eventuellement, installe la console de récupération comme cela est conseillé

    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    Si le rapport ne passe pas, envoie le sur ce site : http://www.cijoint.fr/
    et donne le lien ici :)

    Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

    Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

    0
  2. irjema
     
    Voici le rapport :

    ComboFix 11-01-31.02 - PLUMECOCQ JM 02/02/2011 15:30:04.1.2 - x86
    Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3037.2086 [GMT 1:00]
    Lancé depuis: c:\users\PLUMECOCQ JM\Desktop\ComboFix.exe
    AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
    FW: BitDefender Pare-feu *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
    SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\InstallPedia
    c:\program files\InstallPedia\Ionic.Zip.Reduced.dll
    c:\program files\InstallPedia\lnetworker.exe
    c:\program files\InstallPedia\networker.exe
    c:\program files\InstallPedia\pref_updater.exe
    c:\program files\InstallPedia\service.exe
    c:\program files\InstallPedia\Utils.dll
    c:\programdata\FullRemove.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_I.P services
    -------\Service_I.P services

    ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-02 au 2011-02-02 ))))))))))))))))))))))))))))))))))))
    .

    2011-02-02 14:35 . 2011-02-02 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-26 11:06 . 2011-01-26 11:06 -------- d-----w- c:\program files\Common Files\Java
    2011-01-25 20:06 . 2010-11-12 17:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-25 20:06 . 2010-11-12 17:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-01-25 18:41 . 2011-01-26 08:54 -------- d-----w- c:\users\PLUMECOCQ JM
    2011-01-24 09:40 . 2011-01-25 12:03 -------- d-----w- C:\Sauvegarde Picasa
    2011-01-12 10:13 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 10:13 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-12 10:13 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-12 10:13 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-12 10:13 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-09 07:26 . 2011-01-09 07:26 -------- d-----w- c:\program files\Ditto

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-10 17:29 . 2010-12-10 17:29 64864 ----a-w- c:\windows\system32\sqlctr90.dll
    2010-12-10 17:29 . 2010-12-10 17:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
    2010-11-10 01:54 . 2010-11-10 01:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-11-10 01:28 . 2010-11-10 01:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-02 1123360]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "cspep.exe"="c:\program files\cspep\cspep.exe" [2010-12-09 684032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^e-Carte Bleue La Banque Postale.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\e-Carte Bleue La Banque Postale.lnk
    backup=c:\windows\pss\e-Carte Bleue La Banque Postale.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-05-06 72784]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-05-06 79952]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-02 172032]
    S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-05-06 85128]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
    S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
    S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
    S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-10 153448]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    yksvcs REG_MULTI_SZ yksvc
    .
    Contenu du dossier 'Tâches planifiées'

    2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 09:35]

    2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 09:35]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    mStart Page = about:blank
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    FF - ProfilePath - c:\users\PLUMEC~2\AppData\Roaming\Mozilla\Firefox\Profiles\y3y2n3xv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
    FF - prefs.js: keyword.URL - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Toolbar-Locked - (no file)
    HKLM-Run-eorezo - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-IP Network - c:\program files\InstallPedia\lnetworker.exe
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    c:\program files\BitDefender\BitDefender 2010\vsserv.exe
    c:\windows\system32\atieclxx.exe
    c:\windows\system32\taskhost.exe
    c:\program files\LSI SoftModem\agrsmsvc.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
    c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
    c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\BitDefender\BitDefender 2010\seccenter.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\conhost.exe
    c:\program files\Synaptics\SynTP\SynTPEnh.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-02-02 15:41:45 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-02-02 14:41

    Avant-CF: 206 823 739 392 octets libres
    Après-CF: 206 802 866 176 octets libres

    - - End Of File - - CE28AAAF4756E4E601E6C72466509128
    0