Sujet Précédent Sujet Suivant

Mes dossiers sont remplacés par des raccourcis ".exe"

Fermé
Molo5 Messages postés 5 Date d'inscription lundi 8 avril 2013 Statut Membre Dernière intervention 8 avril 2013 - 8 avril 2013 à 09:57
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 8 avril 2013 à 22:30
Bonjour,

mon disque dur externe est infécté et depuis mes dossiers ont été remplacés par des raccourcis ".exe".
j'ai utilisé UsbFix et voila ce que donne le rapport de la recherche :

############################## | UsbFix V 7.120 | [Research]

User: Malek (Administrator) # MALEK-PC
Updated 30/03/2013 by El Desaparecido
Started at 08:33:00 | 08/04/2013

Website: https://www.sosvirus.net/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: TOSHIBA (SATELLITE L755) (x64-based PC)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz (2201)
RAM -> [Total : 8174 | Free : 5347]
BIOS: InsydeH2O Version 03.60.453.60
BOOT: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16521

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 298 Gb (116 Mb free - 39%) [Win7] # NTFS
D:\ -> Fixed drive # 243 Gb (24 Mb free - 10%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Fixed drive # 55 Gb (8 Mb free - 15%) [Win8] # NTFS
I:\ -> Fixed drive # 596 Gb (191 Mb free - 32%) [Transcend] # NTFS

################## | Active Processes |

C:\Windows\system32\csrss.exe (580)
C:\Windows\system32\wininit.exe (656)
C:\Windows\system32\services.exe (720)
C:\Windows\system32\lsass.exe (736)
C:\Windows\system32\lsm.exe (744)
C:\Windows\system32\svchost.exe (848)
C:\Windows\system32\nvvsvc.exe (932)
C:\Windows\system32\svchost.exe (972)
C:\Windows\System32\svchost.exe (160)
C:\Windows\System32\svchost.exe (796)
C:\Windows\system32\svchost.exe (684)
C:\Windows\system32\svchost.exe (1052)
C:\Windows\system32\svchost.exe (1188)
C:\Windows\system32\svchost.exe (1340)
C:\Windows\system32\WLANExt.exe (1568)
C:\Windows\system32\conhost.exe (1576)
C:\Windows\system32\svchost.exe (1796)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1824)
C:\Windows\System32\spoolsv.exe (2004)
C:\Windows\system32\svchost.exe (1384)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1652)
C:\Program Files\Bonjour\mDNSResponder.exe (1424)
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (1780)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (1872)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (1148)
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (2460)
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (2544)
C:\Windows\SysWOW64\PnkBstrA.exe (2608)
C:\Windows\SysWOW64\PnkBstrB.exe (2648)
C:\Program Files\KMSpico\Service_KMS.exe (2724)
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2768)
C:\Windows\system32\svchost.exe (2792)
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (2924)
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (3048)
C:\Windows\SysWOW64\vmnat.exe (2540)
C:\Windows\system32\svchost.exe (2716)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2900)
C:\Program Files\TOSHIBA\TECO\TecoService.exe (3292)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3348)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (3416)
C:\Windows\SysWOW64\vmnetdhcp.exe (3516)
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (3556)
C:\Windows\system32\wbem\wmiprvse.exe (3840)
C:\Windows\system32\wbem\wmiprvse.exe (3852)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (4008)
C:\Windows\System32\alg.exe (4040)
C:\Windows\system32\svchost.exe (4416)
C:\Windows\system32\svchost.exe (4564)
C:\Windows\System32\WUDFHost.exe (4756)
C:\Windows\system32\SearchIndexer.exe (1436)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4832)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (1372)
c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (4256)
C:\Windows\System32\svchost.exe (5228)
C:\Windows\system32\DllHost.exe (6076)
c:\Program Files (x86)\Nero\Update\NASvc.exe (6296)
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (6364)
C:\Windows\System32\svchost.exe (6412)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (6540)
C:\Windows\system32\csrss.exe (5208)
C:\Windows\system32\winlogon.exe (2592)
C:\Windows\system32\nvvsvc.exe (1320)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (5888)
C:\Windows\system32\taskhost.exe (6608)
C:\Windows\system32\taskeng.exe (5916)
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (7036)
C:\Windows\system32\Dwm.exe (1288)
C:\Windows\Explorer.EXE (4292)
C:\Users\Malek\Downloads\Compressed\PCMeter\PCMeterV0.3.exe (5224)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (900)
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (3960)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (5544)
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (6860)
C:\Program Files\TOSHIBA\TECO\Teco.exe (3284)
C:\Program Files (x86)\uTorrent\uTorrent.exe (3372)
C:\Program Files\Windows Sidebar\sidebar.exe (6616)
C:\Program Files (x86)\Internet Download Manager\IDMan.exe (308)
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (5616)
C:\Program Files\Alwil Software\Avast5\AvastUI.exe (3624)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (6716)
C:\Windows\system32\DllHost.exe (5820)
C:\Windows\system32\AUDIODG.EXE (6160)
C:\UsbFix\Go.exe (4908)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4856)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (5748)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (6116)
C:\Windows\system32\SearchProtocolHost.exe (4280)
C:\Windows\system32\SearchFilterHost.exe (5160)

################## | El Desaparecido Section |

HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
HKU\S-1-5-18\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Files # Infected Folders |

Found ! C:\Users\Malek\AppData\Local\PUTTY.RND
Found ! C:\Users\Malek\AppData\Roaming\Temp

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bip_camera1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\btassist1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfaddgadgets.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfmain.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfprofile.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eccenter1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere_launcher.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kies.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndstray.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\openmuihelp.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tempro.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtmng.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtproc1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\toshibaservicestation.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosssdalert.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstaller.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usrguide.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wirelessftp1.exe

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{0459694e-d730-11e1-be82-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1

HKCU\.\.\.\.\Explorer\MountPoints2\{081131ec-c940-11e1-9d5c-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1

HKCU\.\.\.\.\Explorer\MountPoints2\{110dbe9a-8a00-11e1-9a3e-047d7b2fc9ad}
Shell\AutoRun\Command = G:\LaunchU3.exe -a

HKCU\.\.\.\.\Explorer\MountPoints2\{32d4783d-df01-11e1-a7b5-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1

HKCU\.\.\.\.\Explorer\MountPoints2\{401d9830-c2af-11e1-9755-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1

HKCU\.\.\.\.\Explorer\MountPoints2\{66886f2a-f1b7-11e1-ae9f-047d7b2fc9ad}
Shell\AutoRun\Command = G:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{7a412f63-a4e4-11e1-aea5-ad2bd2c0ed10}
Shell\AutoRun\Command = G:\LaunchU3.exe -a

HKCU\.\.\.\.\Explorer\MountPoints2\{c43b31b3-d72c-11e1-b412-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1

HKCU\.\.\.\.\Explorer\MountPoints2\{d8d62bd4-d572-11e1-af58-047d7b2fc9ad}
Shell\AutoRun\Command = G:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d8d62be1-d572-11e1-af58-047d7b2fc9ad}
Shell\AutoRun\Command = G:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{fb16e458-8994-11e1-9d20-047d7b2fc9ad}
Shell\AutoRun\Command = F:\Autorun.exe



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | https://www.sosvirus.net/ |


Merci d'avance pour votre aide.

A voir également:

6 réponses

Réponse 1 / 6
Molo5 Messages postés 5 Date d'inscription lundi 8 avril 2013 Statut Membre Dernière intervention 8 avril 2013
8 avril 2013 à 10:36
le probléme c'est que j'ai trouvé baeucoup de fichiers du disque "C" et je sais si je dois les supprimer.
Merci
0
Réponse 2 / 6
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
8 avril 2013 à 11:19
Bonjour,
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

* Double clique sur le raccourci UsbFix sur ton Bureau (clique droit avec la souris

:exécuter en tant qu'administrateur pour vista/seven), l'installation se fera

automatiquement

* Clique sur "Suppression"
* Laisse travailler l'outil

* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur : C:\UsbFix.txt )

0
Réponse 3 / 6
Molo5 Messages postés 5 Date d'inscription lundi 8 avril 2013 Statut Membre Dernière intervention 8 avril 2013
8 avril 2013 à 12:07
Merci pour ton aide

Voila le rapport :

############################## | UsbFix V 7.120 | [Deletion]

User: Malek (Administrator) # MALEK-PC
Updated 30/03/2013 by El Desaparecido
Started at 10:14:27 | 08/04/2013

Website: https://www.sosvirus.net/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: TOSHIBA (SATELLITE L755) (x64-based PC)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz (2201)
RAM -> [Total : 8174 | Free : 5107]
BIOS: InsydeH2O Version 03.60.453.60
BOOT: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16521

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 298 Gb (114 Mb free - 38%) [Win7] # NTFS
D:\ -> Fixed drive # 243 Gb (24 Mb free - 10%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Fixed drive # 55 Gb (8 Mb free - 15%) [Win8] # NTFS
I:\ -> Fixed drive # 596 Gb (191 Mb free - 32%) [Transcend] # NTFS

################## | El Desaparecido Section |

HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
HKU\S-1-5-18\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Stopped processes |

Stopped! C:\Windows\system32\nvvsvc.exe (904)
Stopped! C:\Windows\system32\WLANExt.exe (1452)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1560)
Stopped! C:\Windows\system32\nvvsvc.exe (1568)
Stopped! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1656)
Stopped! C:\Windows\System32\spoolsv.exe (1860)
Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2060)
Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (2132)
Stopped! C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (2180)
Stopped! C:\Program Files\Intel\iCLS Client\HeciServer.exe (2428)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (2452)
Stopped! C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (2528)
Stopped! C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (2604)
Stopped! C:\Windows\SysWOW64\PnkBstrA.exe (2672)
Stopped! C:\Windows\SysWOW64\PnkBstrB.exe (2752)
Stopped! C:\Program Files\KMSpico\Service_KMS.exe (2780)
Stopped! c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2824)
Stopped! C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (2960)
Stopped! C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (1932)
Stopped! C:\Windows\SysWOW64\vmnat.exe (2600)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3108)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3168)
Stopped! C:\Program Files\TOSHIBA\TECO\TecoService.exe (3216)
Stopped! C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (3452)
Stopped! C:\Windows\SysWOW64\vmnetdhcp.exe (3660)
Stopped! C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (3684)
Stopped! C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (3908)
Stopped! C:\Windows\System32\alg.exe (4108)
Stopped! C:\Windows\System32\WUDFHost.exe (4708)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (4388)
Stopped! c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (1132)
Stopped! c:\Program Files (x86)\Nero\Update\NASvc.exe (4440)
Stopped! c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (4936)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (1836)
Stopped! C:\Windows\system32\SearchIndexer.exe (4220)
Stopped! C:\Windows\system32\taskhost.exe (1172)
Stopped! C:\Windows\system32\taskeng.exe (5048)
Stopped! C:\Users\Malek\Downloads\Compressed\PCMeter\PCMeterV0.3.exe (1712)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (5284)
Stopped! C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (5396)
Stopped! C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (5488)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (5544)
Stopped! C:\Program Files\TOSHIBA\TECO\Teco.exe (5572)
Stopped! C:\Program Files (x86)\uTorrent\uTorrent.exe (5580)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (5588)
Stopped! C:\Program Files (x86)\Internet Download Manager\IDMan.exe (5812)
Stopped! C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (5088)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (5512)
Stopped! C:\Windows\system32\DllHost.exe (3440)
Stopped! C:\Program Files\Alwil Software\Avast5\AvastUI.exe (6940)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (4908)
Stopped! C:\Windows\system32\SearchFilterHost.exe (5924)

################## | Files # Infected Folders |

Deleted ! C:\Users\Malek\AppData\Local\PUTTY.RND
Deleted ! C:\Users\Malek\AppData\Roaming\Temp

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bip_camera1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\btassist1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfaddgadgets.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfmain.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfprofile.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eccenter1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere_launcher.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kies.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndstray.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\openmuihelp.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tempro.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtmng.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtproc1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\toshibaservicestation.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosssdalert.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstaller.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usrguide.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wirelessftp1.exe

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0459694e-d730-11e1-be82-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{110dbe9a-8a00-11e1-9a3e-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{32d4783d-df01-11e1-a7b5-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{401d9830-c2af-11e1-9755-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{66886f2a-f1b7-11e1-ae9f-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{7a412f63-a4e4-11e1-aea5-ad2bd2c0ed10}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c43b31b3-d72c-11e1-b412-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d8d62bd4-d572-11e1-af58-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{fb16e458-8994-11e1-9d20-047d7b2fc9ad}

################## | Listing |

[01/03/2013 - 15:12:48 | SHD ] C:\$RECYCLE.BIN
[19/04/2012 - 20:06:12 | N | 1024] C:\.rnd
[08/05/2012 - 15:56:04 | D ] C:\30f3dd701ab6737f8f
[10/03/2013 - 15:08:47 | N | 290] C:\aswBoot.log
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[14/05/2012 - 17:08:51 | D ] C:\Firestarter
[04/11/2009 - 16:29:09 | N | 203464] C:\grldr
[08/04/2013 - 09:23:08 | ASH | 6428184576] C:\hiberfil.sys
[17/04/2012 - 21:47:45 | D ] C:\inetpub
[05/02/2013 - 11:46:35 | RHD ] C:\MSOCache
[08/04/2013 - 09:23:09 | ASH | 8570912768] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[28/03/2013 - 17:24:12 | D ] C:\Program Files
[03/04/2013 - 23:11:28 | D ] C:\Program Files (x86)
[04/03/2013 - 13:05:47 | HD ] C:\ProgramData
[11/05/2012 - 17:27:36 | N | 3103232] C:\RESA.bak
[07/04/2013 - 23:52:16 | D ] C:\Saved Files
[21/07/2012 - 11:53:58 | D ] C:\SG Interactive
[22/04/2012 - 17:08:18 | D ] C:\swsetup
[03/08/2011 - 12:11:46 | N | 70] C:\SWSTAMP.TXT
[08/04/2013 - 04:07:06 | SHD ] C:\System Volume Information
[20/09/2012 - 13:02:13 | D ] C:\Temp
[17/04/2012 - 00:35:00 | D ] C:\Toshiba
[08/04/2013 - 10:15:39 | D ] C:\UsbFix
[08/04/2013 - 10:15:46 | A | 11973] C:\UsbFix [Clean 1] MALEK-PC.txt
[08/04/2013 - 09:47:54 | N | 3909] C:\UsbFix [Listing 1 ] MALEK-PC.txt
[08/04/2013 - 08:41:55 | N | 12566] C:\UsbFix [Scan 1] MALEK-PC.txt
[08/04/2013 - 10:02:06 | N | 12223] C:\UsbFix [Scan 2] MALEK-PC.txt
[01/03/2013 - 15:12:39 | D ] C:\Users
[04/11/2009 - 16:29:10 | N | 15] C:\win7.ld
[05/04/2013 - 15:03:47 | D ] C:\Windows
[29/03/2013 - 22:27:11 | SHD ] D:\$RECYCLE.BIN
[17/04/2012 - 14:38:43 | D ] D:\18660bdd6729fd1d29
[12/01/2013 - 01:07:39 | D ] D:\Config.Msi
[30/03/2013 - 01:58:40 | D ] D:\Documents_Perso
[30/03/2013 - 02:45:21 | D ] D:\Etudes
[30/03/2013 - 03:17:46 | D ] D:\Films
[17/04/2012 - 06:16:16 | D ] D:\HDDRecovery
[30/03/2013 - 00:06:40 | D ] D:\Local Disk I_330201306
[30/03/2013 - 00:57:54 | D ] D:\MP3
[30/03/2013 - 03:20:46 | D ] D:\Revolt
[16/04/2012 - 21:31:13 | SHD ] D:\System Volume Information
[03/04/2013 - 11:52:26 | D ] D:\Utilitaires
[30/03/2013 - 03:20:00 | D ] D:\VOISIN D'ENFER
[02/04/2013 - 14:15:45 | SHD ] G:\$Recycle.Bin
[26/07/2012 - 04:44:30 | RASH | 398156] G:\bootmgr
[02/06/2012 - 15:30:55 | N | 1] G:\BOOTNXT
[26/07/2012 - 08:22:08 | SHD ] G:\Documents and Settings
[04/04/2013 - 18:32:22 | ASH | 6856724480] G:\hiberfil.sys
[04/04/2013 - 18:32:29 | N | 4831838208] G:\pagefile.sys
[26/07/2012 - 08:33:46 | D ] G:\PerfLogs
[03/04/2013 - 14:41:17 | D ] G:\Program Files
[03/04/2013 - 14:42:40 | D ] G:\Program Files (x86)
[31/03/2013 - 14:51:51 | HD ] G:\ProgramData
[28/03/2013 - 22:21:50 | SHD ] G:\Recovery
[04/04/2013 - 18:32:30 | N | 268435456] G:\swapfile.sys
[02/04/2013 - 18:39:29 | SHD ] G:\System Volume Information
[03/04/2013 - 14:43:30 | D ] G:\Users
[03/04/2013 - 14:37:42 | D ] G:\Windows
[08/04/2013 - 08:15:14 | SHD ] I:\$RECYCLE.BIN
[15/12/2011 - 12:22:37 | N | 12292] I:\.DS_Store
[15/12/2011 - 12:26:00 | D ] I:\.fseventsd
[15/12/2011 - 12:26:00 | SHD ] I:\.Trashes
[17/02/2011 - 18:06:26 | N | 5324800] I:\ActivateWarranty(SJ).exe
[08/04/2013 - 08:15:14 | SHD ] I:\config
[07/04/2011 - 15:24:02 | N | 4173] I:\FreeSoftware(SJ).htm
[08/04/2013 - 08:15:14 | D ] I:\Games
[26/09/2011 - 12:07:26 | D ] I:\images
[07/04/2013 - 23:14:06 | D ] I:\Malek
[05/03/2013 - 20:39:41 | D ] I:\MyFavorite
[03/04/2013 - 03:12:02 | D ] I:\Omar
[03/02/2013 - 00:53:59 | N | 96543027] I:\Pack Fichiers Glitch -MS-GAMES 40549361.zip
[19/09/2011 - 20:39:40 | D ] I:\Sauvegarde
[04/12/2011 - 01:29:31 | SHD ] I:\System Volume Information
[12/12/2011 - 17:47:40 | N | 6755604] I:\TranscendElite.exe
[13/04/2012 - 17:27:17 | N | 2606] I:\TuneupRecoveryKeys.pfx
[26/09/2011 - 13:22:24 | D ] I:\Utility
[13/01/2012 - 13:56:35 | N | 162] I:\~$??? ???? ???????.docx

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ |
0
Molo5 Messages postés 5 Date d'inscription lundi 8 avril 2013 Statut Membre Dernière intervention 8 avril 2013
8 avril 2013 à 12:09
le problème c'est qu'il ne detecte rien de suspect sur "I:" (le disque contenant virus au départ)
0
Réponse 4 / 6
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
Modifié par Fish66 le 8/04/2013 à 12:20
D'accord!
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
Le disque I est propre des infections de disques amovibles et il est vacciné ! :-)
--------------------
Pour faire un diagnostique de ton PC :
* Télécharge puis enregistre sur le bureau de ton PC ZHPDiag
(de Nicolas Coolman) à partir : ce lien
* Lance-le, (Clic droit "exécuter en tant qu'administrateur" si tu es sous Vista/7)
* Clique sur l'icône en forme de loupe pour lancer le diagnostique
* Héberge le rapport ZHPDiag.txt de ton bureau sur : malekal.com ou cjoint.com
* Fais copier/coller le lien fourni dans ta prochaine réponse
* Aide ZHPDiag : <<< ICI >>>


¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Molo5 Messages postés 5 Date d'inscription lundi 8 avril 2013 Statut Membre Dernière intervention 8 avril 2013
8 avril 2013 à 12:16
et le lien du rapport ZHPDiag:
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130408_q10n10q13p14o12
0
Réponse 6 / 6
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
8 avril 2013 à 22:30
Bonsoir,
Ta version de windows n'est pas officielle!
Tu peux lire : Version piratée de windows
-----------------
Télécharge AdwCleaner (merci à Xplode)

Lance AdwCleaner

Clique sur le bouton [ Suppression ]

Patiente...

Poste le rapport qui apparait en fin de recherche.

(Le rapport est sauvegardé aussi sous C:\ AdwCleaner[SX].Txt)
0