pc infectéRésolu/Fermé

Question

Bonjour, 

Comment supprimer autorun.inf de mon pc lenovo T410 et merci

Smart91 · Answer

Bonjour,

Pour quelle raison veux-tu le supprimer ?
 
Smart

srahali · Answer

Bonjour

 mon PC devient lent en exploitation à cause de d'autorun.inf

Cdlt

Smart91 · Answer

Qu'est-ce qui te fait dire cela ?

Je voudrais que tu fasses ceci:

- Télécharge UsbFix (créé par El Desaparecido & C_XX) sur ton Bureau. Si ton antivirus affiche une alerte, ignore la et désactive l'antivirus temporairement.
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
-  Double clique sur le raccourci UsbFix sur ton Bureau, l'installation se fera automatiquement
-Clique sur "Recherche"
- Laisse travailler l'outil
- A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur) 
 
Smart

srahali · Answer

############################## | UsbFix V 7.097 | [Research]

User: RAHHALI (Administrator) # MASAL1196
Updated 02/09/2012 by El Desaparecido
Started at 12:25:04 | 22/10/2012

Website: https://www.sosvirus.net/
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: LENOVO (25374Q4) (X86-based PC
CPU: Intel(R) Core(TM) i5 CPU       M 520  @ 2.40GHz (2393)
RAM -> [Total : 2932 | Free : 2051]
BIOS: Ver 1.00PARTTBLx
BOOT: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 6.0.2900.5512

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [(!) Disabled]
FW: Windows FireWall Service [Enabled]

C:\ -> Fixed drive # 40 Gb (25 Mb free - 62%) [System] # NTFS
D:\ (%systemdrive%) -> Fixed drive # 258 Gb (235 Mb free - 91%) [Data] # NTFS
E:\ -> Removable drive # 960 Mb (930 Mb free - 97%) [RAHHALI] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM

################## | Active Processes |

C:\WINNT\System32\smss.exe (1412)
C:\WINNT\system32\winlogon.exe (1556)
C:\WINNT\system32\services.exe (1600)
C:\WINNT\system32\lsass.exe (1612)
C:\WINNT\system32\ibmpmsvc.exe (1808)
C:\WINNT\system32\svchost.exe (1840)
C:\WINNT\System32\svchost.exe (1992)
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (376)
C:\WINNT\system32\spoolsv.exe (840)
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (928)
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (940)
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (988)
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (1016)
C:\WINNT\system32\CCM\CcmExec.exe (1056)
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (1092)
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (1380)
C:\WINNT\system32\ROMServ.exe (1392)
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe (1420)
C:\PROGRA~1\Lenovo\HOTKEY	pnumlk.exe (1464)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (1728)
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe (372)
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (436)
C:\Program Files\Java\jre6\bin\jqs.exe (632)
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (760)
C:\Program Files\IPSec Client\LucentIKESvc.exe (904)
C:\Program Files\IPSec Client\LucentIKE.exe (1076)
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (1100)
C:\Program Files\McAfee\Common Framework\FrameworkService.exe (1148)
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (2164)
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2324)
C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe (2408)
C:\WINNT\system32\mfevtps.exe (2516)
C:\WINNT\System32\svchost.exe (2576)
C:\Program Files\CDBurnerXP\NMSAccessU.exe (2620)
C:\Program Files\OPNET\AppCapture3.8\op_capture_server.exe (2680)
C:\WINNT\System32\svchost.exe (2776)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (2792)
C:\WINNT\system32\svchost.exe (2840)
C:\WINNT\system32\TpKmpSVC.exe (2888)
C:\Program Files\UPHClean\uphclean.exe (2920)
C:\WINNT\system32\SearchIndexer.exe (2956)
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (3036)
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (3072)
C:\Program Files\LENOVO\HOTKEY	posdsvc.exe (3284)
C:\PROGRA~1\Lenovo\HOTKEY	pnumlkd.exe (3380)
C:\WINNT\Explorer.EXE (3488)
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (3616)
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (3636)
C:\Program Files\Lenovo\Zoom\TpScrex.exe (3680)
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (4036)
C:\WINNT\system32\hkcmd.exe (3356)
C:\WINNT\system32\igfxpers.exe (3236)
C:\WINNT\system32\igfxsrvc.exe (3480)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3556)
C:\WINNT\system32\TpShocks.exe (3568)
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (3796)
C:\WINNT\system32undll32.exe (3864)
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (2628)
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (3884)
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe (2132)
C:\WINNT\system32\igfxext.exe (320)
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe (692)
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (1512)
C:\Program Files\McAfee\Common Framework\udaterui.exe (1052)
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (2600)
C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE (2676)
C:\WINNT\system32\msiexec.exe (4252)
C:\Program Files\McAfee\Common Framework\McTray.exe (4404)
D:\Documents and Settingsahhali\My Documents\My Pictures\Picture\Athan\Athan.exe (4456)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (4504)
C:\Program Files\PowerISO\PWRISOVM.EXE (4520)
C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe (4568)
C:\WINNT\system32\ctfmon.exe (4740)
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (4808)
C:\Program Files\IPSec Client	rayicon.exe (4980)
C:\Program Files\HSPA USB MODEM\ModemApplication.exe (5008)
C:\Program Files\Windows Desktop Search\WindowsSearch.exe (5088)
C:\Program Files\Mozilla Firefox\firefox.exe (5956)
C:\Program Files\Mozilla Firefox\plugin-container.exe (2248)
C:\Program Files\Mozilla Firefox\plugin-container.exe (4124)
C:\Program Files\Mozilla Firefox\plugin-container.exe (4148)
D:\Documents and Settingsahhali\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe (1496)
C:\WINNT\system32\CCM\SMSCliUI.exe (5516)
C:\UsbFix\Go.exe (5948)

################## | Files # Infected Folders |

Found ! D:\Athan.lnk
Found ! D:\Autodesk Design Review.lnk
Found ! D:\Raccourci vers WinHex.lnk
Found ! C:\
Found ! C:\autorun.inf
Found ! D:\autorun.inf
Found ! E:\autorun.inf

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{07d6d323-b98b-11e1-8a48-58946b847c20}
Shell\AutoRun\Command = E:\

HKCU\.\.\.\.\Explorer\MountPoints2\{0967a070-cc0f-11e1-8a9c-58946b847c20}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{28333df2-cc12-11e1-8a9d-58946b847c20}
Shell\AutoRun\Command = I:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{51d2644c-ccf3-11e1-8aa3-58946b847c20}
Shell\AutoRun\Command = E:\

HKCU\.\.\.\.\Explorer\MountPoints2\{51d2644d-ccf3-11e1-8aa3-58946b847c20}
Shell\AutoRun\Command = G:\wubi.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{51d2644e-ccf3-11e1-8aa3-58946b847c20}
Shell\AutoRun\Command = H:\

HKCU\.\.\.\.\Explorer\MountPoints2\{5e17608c-0bc2-11e2-8b74-58946b847c20}
Shell\AutoRun\Command = G:\

HKCU\.\.\.\.\Explorer\MountPoints2\{65528f99-f114-11e1-8b0d-58946b847c20}
Shell\AutoRun\Command = G:\WinampSettings\\\playlist	racklist.bat
Shell\explore\Command = G:\WinampSettings\\playlist	racklist.bat
Shell\open\Command = G:\WinampSettings/\playlist	racklist.bat

HKCU\.\.\.\.\Explorer\MountPoints2\{7c3f752c-7513-11e1-896f-58946b847c20}
Shell\AutoRun\Command = F:\autorun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{7e04a653-4cba-11e1-8916-58946b847c20}
Shell\AutoRun\Command = G:\

HKCU\.\.\.\.\Explorer\MountPoints2\{ad7f88ac-766c-11e1-8974-58946b847c20}
Shell\AutoRun\Command = E:\WinampSettings\\\playlist	racklist.bat
Shell\explore\Command = E:\WinampSettings\\playlist	racklist.bat
Shell\open\Command = E:\WinampSettings/\playlist	racklist.bat

HKCU\.\.\.\.\Explorer\MountPoints2\{bfc45333-b639-11e1-8a3a-58946b847c20}
Shell\AutoRun\Command = E:\

HKCU\.\.\.\.\Explorer\MountPoints2\{c5fa07e2-82ea-11e1-8992-58946b847c20}
Shell\AutoRun\Command = F:\

HKCU\.\.\.\.\Explorer\MountPoints2\{c6c176ab-6389-11e1-8943-58946b847c20}
Shell\AutoRun\Command = G:\



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

Smart91 · Answer

On va faire le nettoyage et la vaccination:
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
-  Double clique sur le raccourci UsbFix sur ton Bureau
- Clique sur "Suppression"
- Laisse travailler l'outil
- Ton Bureau va disparaitre puis l'ordinateur va redémarrer : c'est normal
- A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)
 
Smart

Pc infecté

5 réponses

Newsletters