Mes dossiers sont remplacés par des raccourcis ".exe"
Molo5
Messages postés
5
Statut
Membre
-
Fish66 Messages postés 18337 Statut Contributeur sécurité -
Fish66 Messages postés 18337 Statut Contributeur sécurité -
Bonjour,
mon disque dur externe est infécté et depuis mes dossiers ont été remplacés par des raccourcis ".exe".
j'ai utilisé UsbFix et voila ce que donne le rapport de la recherche :
############################## | UsbFix V 7.120 | [Research]
User: Malek (Administrator) # MALEK-PC
Updated 30/03/2013 by El Desaparecido
Started at 08:33:00 | 08/04/2013
Website: https://www.sosvirus.net/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: TOSHIBA (SATELLITE L755) (x64-based PC)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz (2201)
RAM -> [Total : 8174 | Free : 5347]
BIOS: InsydeH2O Version 03.60.453.60
BOOT: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16521
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 298 Gb (116 Mb free - 39%) [Win7] # NTFS
D:\ -> Fixed drive # 243 Gb (24 Mb free - 10%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Fixed drive # 55 Gb (8 Mb free - 15%) [Win8] # NTFS
I:\ -> Fixed drive # 596 Gb (191 Mb free - 32%) [Transcend] # NTFS
################## | Active Processes |
C:\Windows\system32\csrss.exe (580)
C:\Windows\system32\wininit.exe (656)
C:\Windows\system32\services.exe (720)
C:\Windows\system32\lsass.exe (736)
C:\Windows\system32\lsm.exe (744)
C:\Windows\system32\svchost.exe (848)
C:\Windows\system32\nvvsvc.exe (932)
C:\Windows\system32\svchost.exe (972)
C:\Windows\System32\svchost.exe (160)
C:\Windows\System32\svchost.exe (796)
C:\Windows\system32\svchost.exe (684)
C:\Windows\system32\svchost.exe (1052)
C:\Windows\system32\svchost.exe (1188)
C:\Windows\system32\svchost.exe (1340)
C:\Windows\system32\WLANExt.exe (1568)
C:\Windows\system32\conhost.exe (1576)
C:\Windows\system32\svchost.exe (1796)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1824)
C:\Windows\System32\spoolsv.exe (2004)
C:\Windows\system32\svchost.exe (1384)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1652)
C:\Program Files\Bonjour\mDNSResponder.exe (1424)
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (1780)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (1872)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (1148)
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (2460)
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (2544)
C:\Windows\SysWOW64\PnkBstrA.exe (2608)
C:\Windows\SysWOW64\PnkBstrB.exe (2648)
C:\Program Files\KMSpico\Service_KMS.exe (2724)
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2768)
C:\Windows\system32\svchost.exe (2792)
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (2924)
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (3048)
C:\Windows\SysWOW64\vmnat.exe (2540)
C:\Windows\system32\svchost.exe (2716)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2900)
C:\Program Files\TOSHIBA\TECO\TecoService.exe (3292)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3348)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (3416)
C:\Windows\SysWOW64\vmnetdhcp.exe (3516)
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (3556)
C:\Windows\system32\wbem\wmiprvse.exe (3840)
C:\Windows\system32\wbem\wmiprvse.exe (3852)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (4008)
C:\Windows\System32\alg.exe (4040)
C:\Windows\system32\svchost.exe (4416)
C:\Windows\system32\svchost.exe (4564)
C:\Windows\System32\WUDFHost.exe (4756)
C:\Windows\system32\SearchIndexer.exe (1436)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4832)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (1372)
c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (4256)
C:\Windows\System32\svchost.exe (5228)
C:\Windows\system32\DllHost.exe (6076)
c:\Program Files (x86)\Nero\Update\NASvc.exe (6296)
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (6364)
C:\Windows\System32\svchost.exe (6412)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (6540)
C:\Windows\system32\csrss.exe (5208)
C:\Windows\system32\winlogon.exe (2592)
C:\Windows\system32\nvvsvc.exe (1320)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (5888)
C:\Windows\system32\taskhost.exe (6608)
C:\Windows\system32\taskeng.exe (5916)
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (7036)
C:\Windows\system32\Dwm.exe (1288)
C:\Windows\Explorer.EXE (4292)
C:\Users\Malek\Downloads\Compressed\PCMeter\PCMeterV0.3.exe (5224)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (900)
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (3960)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (5544)
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (6860)
C:\Program Files\TOSHIBA\TECO\Teco.exe (3284)
C:\Program Files (x86)\uTorrent\uTorrent.exe (3372)
C:\Program Files\Windows Sidebar\sidebar.exe (6616)
C:\Program Files (x86)\Internet Download Manager\IDMan.exe (308)
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (5616)
C:\Program Files\Alwil Software\Avast5\AvastUI.exe (3624)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (6716)
C:\Windows\system32\DllHost.exe (5820)
C:\Windows\system32\AUDIODG.EXE (6160)
C:\UsbFix\Go.exe (4908)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4856)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (5748)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (6116)
C:\Windows\system32\SearchProtocolHost.exe (4280)
C:\Windows\system32\SearchFilterHost.exe (5160)
################## | El Desaparecido Section |
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
HKU\S-1-5-18\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Files # Infected Folders |
Found ! C:\Users\Malek\AppData\Local\PUTTY.RND
Found ! C:\Users\Malek\AppData\Roaming\Temp
################## | Registry |
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bip_camera1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\btassist1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfaddgadgets.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfmain.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfprofile.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eccenter1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere_launcher.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kies.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndstray.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\openmuihelp.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tempro.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtmng.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtproc1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\toshibaservicestation.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosssdalert.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstaller.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usrguide.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wirelessftp1.exe
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{0459694e-d730-11e1-be82-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1
HKCU\.\.\.\.\Explorer\MountPoints2\{081131ec-c940-11e1-9d5c-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1
HKCU\.\.\.\.\Explorer\MountPoints2\{110dbe9a-8a00-11e1-9a3e-047d7b2fc9ad}
Shell\AutoRun\Command = G:\LaunchU3.exe -a
HKCU\.\.\.\.\Explorer\MountPoints2\{32d4783d-df01-11e1-a7b5-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1
HKCU\.\.\.\.\Explorer\MountPoints2\{401d9830-c2af-11e1-9755-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1
HKCU\.\.\.\.\Explorer\MountPoints2\{66886f2a-f1b7-11e1-ae9f-047d7b2fc9ad}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{7a412f63-a4e4-11e1-aea5-ad2bd2c0ed10}
Shell\AutoRun\Command = G:\LaunchU3.exe -a
HKCU\.\.\.\.\Explorer\MountPoints2\{c43b31b3-d72c-11e1-b412-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1
HKCU\.\.\.\.\Explorer\MountPoints2\{d8d62bd4-d572-11e1-af58-047d7b2fc9ad}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{d8d62be1-d572-11e1-af58-047d7b2fc9ad}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{fb16e458-8994-11e1-9d20-047d7b2fc9ad}
Shell\AutoRun\Command = F:\Autorun.exe
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F | https://www.sosvirus.net/ |
Merci d'avance pour votre aide.
mon disque dur externe est infécté et depuis mes dossiers ont été remplacés par des raccourcis ".exe".
j'ai utilisé UsbFix et voila ce que donne le rapport de la recherche :
############################## | UsbFix V 7.120 | [Research]
User: Malek (Administrator) # MALEK-PC
Updated 30/03/2013 by El Desaparecido
Started at 08:33:00 | 08/04/2013
Website: https://www.sosvirus.net/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: TOSHIBA (SATELLITE L755) (x64-based PC)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz (2201)
RAM -> [Total : 8174 | Free : 5347]
BIOS: InsydeH2O Version 03.60.453.60
BOOT: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16521
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 298 Gb (116 Mb free - 39%) [Win7] # NTFS
D:\ -> Fixed drive # 243 Gb (24 Mb free - 10%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Fixed drive # 55 Gb (8 Mb free - 15%) [Win8] # NTFS
I:\ -> Fixed drive # 596 Gb (191 Mb free - 32%) [Transcend] # NTFS
################## | Active Processes |
C:\Windows\system32\csrss.exe (580)
C:\Windows\system32\wininit.exe (656)
C:\Windows\system32\services.exe (720)
C:\Windows\system32\lsass.exe (736)
C:\Windows\system32\lsm.exe (744)
C:\Windows\system32\svchost.exe (848)
C:\Windows\system32\nvvsvc.exe (932)
C:\Windows\system32\svchost.exe (972)
C:\Windows\System32\svchost.exe (160)
C:\Windows\System32\svchost.exe (796)
C:\Windows\system32\svchost.exe (684)
C:\Windows\system32\svchost.exe (1052)
C:\Windows\system32\svchost.exe (1188)
C:\Windows\system32\svchost.exe (1340)
C:\Windows\system32\WLANExt.exe (1568)
C:\Windows\system32\conhost.exe (1576)
C:\Windows\system32\svchost.exe (1796)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1824)
C:\Windows\System32\spoolsv.exe (2004)
C:\Windows\system32\svchost.exe (1384)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1652)
C:\Program Files\Bonjour\mDNSResponder.exe (1424)
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (1780)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (1872)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (1148)
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (2460)
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (2544)
C:\Windows\SysWOW64\PnkBstrA.exe (2608)
C:\Windows\SysWOW64\PnkBstrB.exe (2648)
C:\Program Files\KMSpico\Service_KMS.exe (2724)
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2768)
C:\Windows\system32\svchost.exe (2792)
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (2924)
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (3048)
C:\Windows\SysWOW64\vmnat.exe (2540)
C:\Windows\system32\svchost.exe (2716)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2900)
C:\Program Files\TOSHIBA\TECO\TecoService.exe (3292)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3348)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (3416)
C:\Windows\SysWOW64\vmnetdhcp.exe (3516)
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (3556)
C:\Windows\system32\wbem\wmiprvse.exe (3840)
C:\Windows\system32\wbem\wmiprvse.exe (3852)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (4008)
C:\Windows\System32\alg.exe (4040)
C:\Windows\system32\svchost.exe (4416)
C:\Windows\system32\svchost.exe (4564)
C:\Windows\System32\WUDFHost.exe (4756)
C:\Windows\system32\SearchIndexer.exe (1436)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4832)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (1372)
c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (4256)
C:\Windows\System32\svchost.exe (5228)
C:\Windows\system32\DllHost.exe (6076)
c:\Program Files (x86)\Nero\Update\NASvc.exe (6296)
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (6364)
C:\Windows\System32\svchost.exe (6412)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (6540)
C:\Windows\system32\csrss.exe (5208)
C:\Windows\system32\winlogon.exe (2592)
C:\Windows\system32\nvvsvc.exe (1320)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (5888)
C:\Windows\system32\taskhost.exe (6608)
C:\Windows\system32\taskeng.exe (5916)
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (7036)
C:\Windows\system32\Dwm.exe (1288)
C:\Windows\Explorer.EXE (4292)
C:\Users\Malek\Downloads\Compressed\PCMeter\PCMeterV0.3.exe (5224)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (900)
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (3960)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (5544)
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (6860)
C:\Program Files\TOSHIBA\TECO\Teco.exe (3284)
C:\Program Files (x86)\uTorrent\uTorrent.exe (3372)
C:\Program Files\Windows Sidebar\sidebar.exe (6616)
C:\Program Files (x86)\Internet Download Manager\IDMan.exe (308)
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (5616)
C:\Program Files\Alwil Software\Avast5\AvastUI.exe (3624)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (6716)
C:\Windows\system32\DllHost.exe (5820)
C:\Windows\system32\AUDIODG.EXE (6160)
C:\UsbFix\Go.exe (4908)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4856)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (5748)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (6116)
C:\Windows\system32\SearchProtocolHost.exe (4280)
C:\Windows\system32\SearchFilterHost.exe (5160)
################## | El Desaparecido Section |
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
HKU\S-1-5-18\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Files # Infected Folders |
Found ! C:\Users\Malek\AppData\Local\PUTTY.RND
Found ! C:\Users\Malek\AppData\Roaming\Temp
################## | Registry |
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bip_camera1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\btassist1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfaddgadgets.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfmain.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfprofile.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eccenter1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere_launcher.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kies.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndstray.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\openmuihelp.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tempro.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtmng.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtproc1.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\toshibaservicestation.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosssdalert.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstaller.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usrguide.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wirelessftp1.exe
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{0459694e-d730-11e1-be82-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1
HKCU\.\.\.\.\Explorer\MountPoints2\{081131ec-c940-11e1-9d5c-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1
HKCU\.\.\.\.\Explorer\MountPoints2\{110dbe9a-8a00-11e1-9a3e-047d7b2fc9ad}
Shell\AutoRun\Command = G:\LaunchU3.exe -a
HKCU\.\.\.\.\Explorer\MountPoints2\{32d4783d-df01-11e1-a7b5-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1
HKCU\.\.\.\.\Explorer\MountPoints2\{401d9830-c2af-11e1-9755-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1
HKCU\.\.\.\.\Explorer\MountPoints2\{66886f2a-f1b7-11e1-ae9f-047d7b2fc9ad}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{7a412f63-a4e4-11e1-aea5-ad2bd2c0ed10}
Shell\AutoRun\Command = G:\LaunchU3.exe -a
HKCU\.\.\.\.\Explorer\MountPoints2\{c43b31b3-d72c-11e1-b412-047d7b2fc9ad}
Shell\AutoRun\Command = G:\.\Setup.exe AUTORUN=1
HKCU\.\.\.\.\Explorer\MountPoints2\{d8d62bd4-d572-11e1-af58-047d7b2fc9ad}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{d8d62be1-d572-11e1-af58-047d7b2fc9ad}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{fb16e458-8994-11e1-9d20-047d7b2fc9ad}
Shell\AutoRun\Command = F:\Autorun.exe
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F | https://www.sosvirus.net/ |
Merci d'avance pour votre aide.
A voir également:
- Mes dossiers sont remplacés par des raccourcis ".exe"
- .Exe - Télécharger - Divers Utilitaires
- Remplacer disque dur par ssd - Guide
- Winrar exe - Télécharger - Compression & Décompression
- Bat to exe - Télécharger - Édition & Programmation
- Raccourcis word - Guide
6 réponses
le probléme c'est que j'ai trouvé baeucoup de fichiers du disque "C" et je sais si je dois les supprimer.
Merci
Merci
Bonjour,
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
* Double clique sur le raccourci UsbFix sur ton Bureau (clique droit avec la souris
:exécuter en tant qu'administrateur pour vista/seven), l'installation se fera
automatiquement
* Clique sur "Suppression"
* Laisse travailler l'outil
* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur : C:\UsbFix.txt )
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
* Double clique sur le raccourci UsbFix sur ton Bureau (clique droit avec la souris
:exécuter en tant qu'administrateur pour vista/seven), l'installation se fera
automatiquement
* Clique sur "Suppression"
* Laisse travailler l'outil
* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur : C:\UsbFix.txt )
Merci pour ton aide
Voila le rapport :
############################## | UsbFix V 7.120 | [Deletion]
User: Malek (Administrator) # MALEK-PC
Updated 30/03/2013 by El Desaparecido
Started at 10:14:27 | 08/04/2013
Website: https://www.sosvirus.net/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: TOSHIBA (SATELLITE L755) (x64-based PC)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz (2201)
RAM -> [Total : 8174 | Free : 5107]
BIOS: InsydeH2O Version 03.60.453.60
BOOT: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16521
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 298 Gb (114 Mb free - 38%) [Win7] # NTFS
D:\ -> Fixed drive # 243 Gb (24 Mb free - 10%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Fixed drive # 55 Gb (8 Mb free - 15%) [Win8] # NTFS
I:\ -> Fixed drive # 596 Gb (191 Mb free - 32%) [Transcend] # NTFS
################## | El Desaparecido Section |
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
HKU\S-1-5-18\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Stopped processes |
Stopped! C:\Windows\system32\nvvsvc.exe (904)
Stopped! C:\Windows\system32\WLANExt.exe (1452)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1560)
Stopped! C:\Windows\system32\nvvsvc.exe (1568)
Stopped! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1656)
Stopped! C:\Windows\System32\spoolsv.exe (1860)
Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2060)
Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (2132)
Stopped! C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (2180)
Stopped! C:\Program Files\Intel\iCLS Client\HeciServer.exe (2428)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (2452)
Stopped! C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (2528)
Stopped! C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (2604)
Stopped! C:\Windows\SysWOW64\PnkBstrA.exe (2672)
Stopped! C:\Windows\SysWOW64\PnkBstrB.exe (2752)
Stopped! C:\Program Files\KMSpico\Service_KMS.exe (2780)
Stopped! c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2824)
Stopped! C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (2960)
Stopped! C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (1932)
Stopped! C:\Windows\SysWOW64\vmnat.exe (2600)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3108)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3168)
Stopped! C:\Program Files\TOSHIBA\TECO\TecoService.exe (3216)
Stopped! C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (3452)
Stopped! C:\Windows\SysWOW64\vmnetdhcp.exe (3660)
Stopped! C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (3684)
Stopped! C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (3908)
Stopped! C:\Windows\System32\alg.exe (4108)
Stopped! C:\Windows\System32\WUDFHost.exe (4708)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (4388)
Stopped! c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (1132)
Stopped! c:\Program Files (x86)\Nero\Update\NASvc.exe (4440)
Stopped! c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (4936)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (1836)
Stopped! C:\Windows\system32\SearchIndexer.exe (4220)
Stopped! C:\Windows\system32\taskhost.exe (1172)
Stopped! C:\Windows\system32\taskeng.exe (5048)
Stopped! C:\Users\Malek\Downloads\Compressed\PCMeter\PCMeterV0.3.exe (1712)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (5284)
Stopped! C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (5396)
Stopped! C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (5488)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (5544)
Stopped! C:\Program Files\TOSHIBA\TECO\Teco.exe (5572)
Stopped! C:\Program Files (x86)\uTorrent\uTorrent.exe (5580)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (5588)
Stopped! C:\Program Files (x86)\Internet Download Manager\IDMan.exe (5812)
Stopped! C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (5088)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (5512)
Stopped! C:\Windows\system32\DllHost.exe (3440)
Stopped! C:\Program Files\Alwil Software\Avast5\AvastUI.exe (6940)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (4908)
Stopped! C:\Windows\system32\SearchFilterHost.exe (5924)
################## | Files # Infected Folders |
Deleted ! C:\Users\Malek\AppData\Local\PUTTY.RND
Deleted ! C:\Users\Malek\AppData\Roaming\Temp
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bip_camera1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\btassist1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfaddgadgets.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfmain.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfprofile.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eccenter1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere_launcher.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kies.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndstray.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\openmuihelp.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tempro.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtmng.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtproc1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\toshibaservicestation.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosssdalert.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstaller.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usrguide.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wirelessftp1.exe
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0459694e-d730-11e1-be82-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{110dbe9a-8a00-11e1-9a3e-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{32d4783d-df01-11e1-a7b5-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{401d9830-c2af-11e1-9755-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{66886f2a-f1b7-11e1-ae9f-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{7a412f63-a4e4-11e1-aea5-ad2bd2c0ed10}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c43b31b3-d72c-11e1-b412-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d8d62bd4-d572-11e1-af58-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{fb16e458-8994-11e1-9d20-047d7b2fc9ad}
################## | Listing |
[01/03/2013 - 15:12:48 | SHD ] C:\$RECYCLE.BIN
[19/04/2012 - 20:06:12 | N | 1024] C:\.rnd
[08/05/2012 - 15:56:04 | D ] C:\30f3dd701ab6737f8f
[10/03/2013 - 15:08:47 | N | 290] C:\aswBoot.log
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[14/05/2012 - 17:08:51 | D ] C:\Firestarter
[04/11/2009 - 16:29:09 | N | 203464] C:\grldr
[08/04/2013 - 09:23:08 | ASH | 6428184576] C:\hiberfil.sys
[17/04/2012 - 21:47:45 | D ] C:\inetpub
[05/02/2013 - 11:46:35 | RHD ] C:\MSOCache
[08/04/2013 - 09:23:09 | ASH | 8570912768] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[28/03/2013 - 17:24:12 | D ] C:\Program Files
[03/04/2013 - 23:11:28 | D ] C:\Program Files (x86)
[04/03/2013 - 13:05:47 | HD ] C:\ProgramData
[11/05/2012 - 17:27:36 | N | 3103232] C:\RESA.bak
[07/04/2013 - 23:52:16 | D ] C:\Saved Files
[21/07/2012 - 11:53:58 | D ] C:\SG Interactive
[22/04/2012 - 17:08:18 | D ] C:\swsetup
[03/08/2011 - 12:11:46 | N | 70] C:\SWSTAMP.TXT
[08/04/2013 - 04:07:06 | SHD ] C:\System Volume Information
[20/09/2012 - 13:02:13 | D ] C:\Temp
[17/04/2012 - 00:35:00 | D ] C:\Toshiba
[08/04/2013 - 10:15:39 | D ] C:\UsbFix
[08/04/2013 - 10:15:46 | A | 11973] C:\UsbFix [Clean 1] MALEK-PC.txt
[08/04/2013 - 09:47:54 | N | 3909] C:\UsbFix [Listing 1 ] MALEK-PC.txt
[08/04/2013 - 08:41:55 | N | 12566] C:\UsbFix [Scan 1] MALEK-PC.txt
[08/04/2013 - 10:02:06 | N | 12223] C:\UsbFix [Scan 2] MALEK-PC.txt
[01/03/2013 - 15:12:39 | D ] C:\Users
[04/11/2009 - 16:29:10 | N | 15] C:\win7.ld
[05/04/2013 - 15:03:47 | D ] C:\Windows
[29/03/2013 - 22:27:11 | SHD ] D:\$RECYCLE.BIN
[17/04/2012 - 14:38:43 | D ] D:\18660bdd6729fd1d29
[12/01/2013 - 01:07:39 | D ] D:\Config.Msi
[30/03/2013 - 01:58:40 | D ] D:\Documents_Perso
[30/03/2013 - 02:45:21 | D ] D:\Etudes
[30/03/2013 - 03:17:46 | D ] D:\Films
[17/04/2012 - 06:16:16 | D ] D:\HDDRecovery
[30/03/2013 - 00:06:40 | D ] D:\Local Disk I_330201306
[30/03/2013 - 00:57:54 | D ] D:\MP3
[30/03/2013 - 03:20:46 | D ] D:\Revolt
[16/04/2012 - 21:31:13 | SHD ] D:\System Volume Information
[03/04/2013 - 11:52:26 | D ] D:\Utilitaires
[30/03/2013 - 03:20:00 | D ] D:\VOISIN D'ENFER
[02/04/2013 - 14:15:45 | SHD ] G:\$Recycle.Bin
[26/07/2012 - 04:44:30 | RASH | 398156] G:\bootmgr
[02/06/2012 - 15:30:55 | N | 1] G:\BOOTNXT
[26/07/2012 - 08:22:08 | SHD ] G:\Documents and Settings
[04/04/2013 - 18:32:22 | ASH | 6856724480] G:\hiberfil.sys
[04/04/2013 - 18:32:29 | N | 4831838208] G:\pagefile.sys
[26/07/2012 - 08:33:46 | D ] G:\PerfLogs
[03/04/2013 - 14:41:17 | D ] G:\Program Files
[03/04/2013 - 14:42:40 | D ] G:\Program Files (x86)
[31/03/2013 - 14:51:51 | HD ] G:\ProgramData
[28/03/2013 - 22:21:50 | SHD ] G:\Recovery
[04/04/2013 - 18:32:30 | N | 268435456] G:\swapfile.sys
[02/04/2013 - 18:39:29 | SHD ] G:\System Volume Information
[03/04/2013 - 14:43:30 | D ] G:\Users
[03/04/2013 - 14:37:42 | D ] G:\Windows
[08/04/2013 - 08:15:14 | SHD ] I:\$RECYCLE.BIN
[15/12/2011 - 12:22:37 | N | 12292] I:\.DS_Store
[15/12/2011 - 12:26:00 | D ] I:\.fseventsd
[15/12/2011 - 12:26:00 | SHD ] I:\.Trashes
[17/02/2011 - 18:06:26 | N | 5324800] I:\ActivateWarranty(SJ).exe
[08/04/2013 - 08:15:14 | SHD ] I:\config
[07/04/2011 - 15:24:02 | N | 4173] I:\FreeSoftware(SJ).htm
[08/04/2013 - 08:15:14 | D ] I:\Games
[26/09/2011 - 12:07:26 | D ] I:\images
[07/04/2013 - 23:14:06 | D ] I:\Malek
[05/03/2013 - 20:39:41 | D ] I:\MyFavorite
[03/04/2013 - 03:12:02 | D ] I:\Omar
[03/02/2013 - 00:53:59 | N | 96543027] I:\Pack Fichiers Glitch -MS-GAMES 40549361.zip
[19/09/2011 - 20:39:40 | D ] I:\Sauvegarde
[04/12/2011 - 01:29:31 | SHD ] I:\System Volume Information
[12/12/2011 - 17:47:40 | N | 6755604] I:\TranscendElite.exe
[13/04/2012 - 17:27:17 | N | 2606] I:\TuneupRecoveryKeys.pfx
[26/09/2011 - 13:22:24 | D ] I:\Utility
[13/01/2012 - 13:56:35 | N | 162] I:\~$??? ???? ???????.docx
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.sosvirus.net/ |
Voila le rapport :
############################## | UsbFix V 7.120 | [Deletion]
User: Malek (Administrator) # MALEK-PC
Updated 30/03/2013 by El Desaparecido
Started at 10:14:27 | 08/04/2013
Website: https://www.sosvirus.net/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: TOSHIBA (SATELLITE L755) (x64-based PC)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz (2201)
RAM -> [Total : 8174 | Free : 5107]
BIOS: InsydeH2O Version 03.60.453.60
BOOT: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16521
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 298 Gb (114 Mb free - 38%) [Win7] # NTFS
D:\ -> Fixed drive # 243 Gb (24 Mb free - 10%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Fixed drive # 55 Gb (8 Mb free - 15%) [Win8] # NTFS
I:\ -> Fixed drive # 596 Gb (191 Mb free - 32%) [Transcend] # NTFS
################## | El Desaparecido Section |
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3858368416-1549612065-3573411475-1000\SOFTWARE | Run : [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
HKU\S-1-5-18\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Stopped processes |
Stopped! C:\Windows\system32\nvvsvc.exe (904)
Stopped! C:\Windows\system32\WLANExt.exe (1452)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1560)
Stopped! C:\Windows\system32\nvvsvc.exe (1568)
Stopped! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1656)
Stopped! C:\Windows\System32\spoolsv.exe (1860)
Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2060)
Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (2132)
Stopped! C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (2180)
Stopped! C:\Program Files\Intel\iCLS Client\HeciServer.exe (2428)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (2452)
Stopped! C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (2528)
Stopped! C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (2604)
Stopped! C:\Windows\SysWOW64\PnkBstrA.exe (2672)
Stopped! C:\Windows\SysWOW64\PnkBstrB.exe (2752)
Stopped! C:\Program Files\KMSpico\Service_KMS.exe (2780)
Stopped! c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2824)
Stopped! C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (2960)
Stopped! C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (1932)
Stopped! C:\Windows\SysWOW64\vmnat.exe (2600)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3108)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3168)
Stopped! C:\Program Files\TOSHIBA\TECO\TecoService.exe (3216)
Stopped! C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (3452)
Stopped! C:\Windows\SysWOW64\vmnetdhcp.exe (3660)
Stopped! C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (3684)
Stopped! C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (3908)
Stopped! C:\Windows\System32\alg.exe (4108)
Stopped! C:\Windows\System32\WUDFHost.exe (4708)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (4388)
Stopped! c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (1132)
Stopped! c:\Program Files (x86)\Nero\Update\NASvc.exe (4440)
Stopped! c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (4936)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (1836)
Stopped! C:\Windows\system32\SearchIndexer.exe (4220)
Stopped! C:\Windows\system32\taskhost.exe (1172)
Stopped! C:\Windows\system32\taskeng.exe (5048)
Stopped! C:\Users\Malek\Downloads\Compressed\PCMeter\PCMeterV0.3.exe (1712)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (5284)
Stopped! C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (5396)
Stopped! C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (5488)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (5544)
Stopped! C:\Program Files\TOSHIBA\TECO\Teco.exe (5572)
Stopped! C:\Program Files (x86)\uTorrent\uTorrent.exe (5580)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (5588)
Stopped! C:\Program Files (x86)\Internet Download Manager\IDMan.exe (5812)
Stopped! C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (5088)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (5512)
Stopped! C:\Windows\system32\DllHost.exe (3440)
Stopped! C:\Program Files\Alwil Software\Avast5\AvastUI.exe (6940)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (4908)
Stopped! C:\Windows\system32\SearchFilterHost.exe (5924)
################## | Files # Infected Folders |
Deleted ! C:\Users\Malek\AppData\Local\PUTTY.RND
Deleted ! C:\Users\Malek\AppData\Roaming\Temp
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bip_camera1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\btassist1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfaddgadgets.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfmain.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfprofile.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eccenter1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\interneteverywhere_launcher.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kies.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndstray.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\openmuihelp.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tempro.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtmng.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosbtproc1.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\toshibaservicestation.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tosssdalert.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstaller.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usrguide.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wirelessftp1.exe
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0459694e-d730-11e1-be82-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{110dbe9a-8a00-11e1-9a3e-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{32d4783d-df01-11e1-a7b5-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{401d9830-c2af-11e1-9755-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{66886f2a-f1b7-11e1-ae9f-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{7a412f63-a4e4-11e1-aea5-ad2bd2c0ed10}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c43b31b3-d72c-11e1-b412-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d8d62bd4-d572-11e1-af58-047d7b2fc9ad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{fb16e458-8994-11e1-9d20-047d7b2fc9ad}
################## | Listing |
[01/03/2013 - 15:12:48 | SHD ] C:\$RECYCLE.BIN
[19/04/2012 - 20:06:12 | N | 1024] C:\.rnd
[08/05/2012 - 15:56:04 | D ] C:\30f3dd701ab6737f8f
[10/03/2013 - 15:08:47 | N | 290] C:\aswBoot.log
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[14/05/2012 - 17:08:51 | D ] C:\Firestarter
[04/11/2009 - 16:29:09 | N | 203464] C:\grldr
[08/04/2013 - 09:23:08 | ASH | 6428184576] C:\hiberfil.sys
[17/04/2012 - 21:47:45 | D ] C:\inetpub
[05/02/2013 - 11:46:35 | RHD ] C:\MSOCache
[08/04/2013 - 09:23:09 | ASH | 8570912768] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[28/03/2013 - 17:24:12 | D ] C:\Program Files
[03/04/2013 - 23:11:28 | D ] C:\Program Files (x86)
[04/03/2013 - 13:05:47 | HD ] C:\ProgramData
[11/05/2012 - 17:27:36 | N | 3103232] C:\RESA.bak
[07/04/2013 - 23:52:16 | D ] C:\Saved Files
[21/07/2012 - 11:53:58 | D ] C:\SG Interactive
[22/04/2012 - 17:08:18 | D ] C:\swsetup
[03/08/2011 - 12:11:46 | N | 70] C:\SWSTAMP.TXT
[08/04/2013 - 04:07:06 | SHD ] C:\System Volume Information
[20/09/2012 - 13:02:13 | D ] C:\Temp
[17/04/2012 - 00:35:00 | D ] C:\Toshiba
[08/04/2013 - 10:15:39 | D ] C:\UsbFix
[08/04/2013 - 10:15:46 | A | 11973] C:\UsbFix [Clean 1] MALEK-PC.txt
[08/04/2013 - 09:47:54 | N | 3909] C:\UsbFix [Listing 1 ] MALEK-PC.txt
[08/04/2013 - 08:41:55 | N | 12566] C:\UsbFix [Scan 1] MALEK-PC.txt
[08/04/2013 - 10:02:06 | N | 12223] C:\UsbFix [Scan 2] MALEK-PC.txt
[01/03/2013 - 15:12:39 | D ] C:\Users
[04/11/2009 - 16:29:10 | N | 15] C:\win7.ld
[05/04/2013 - 15:03:47 | D ] C:\Windows
[29/03/2013 - 22:27:11 | SHD ] D:\$RECYCLE.BIN
[17/04/2012 - 14:38:43 | D ] D:\18660bdd6729fd1d29
[12/01/2013 - 01:07:39 | D ] D:\Config.Msi
[30/03/2013 - 01:58:40 | D ] D:\Documents_Perso
[30/03/2013 - 02:45:21 | D ] D:\Etudes
[30/03/2013 - 03:17:46 | D ] D:\Films
[17/04/2012 - 06:16:16 | D ] D:\HDDRecovery
[30/03/2013 - 00:06:40 | D ] D:\Local Disk I_330201306
[30/03/2013 - 00:57:54 | D ] D:\MP3
[30/03/2013 - 03:20:46 | D ] D:\Revolt
[16/04/2012 - 21:31:13 | SHD ] D:\System Volume Information
[03/04/2013 - 11:52:26 | D ] D:\Utilitaires
[30/03/2013 - 03:20:00 | D ] D:\VOISIN D'ENFER
[02/04/2013 - 14:15:45 | SHD ] G:\$Recycle.Bin
[26/07/2012 - 04:44:30 | RASH | 398156] G:\bootmgr
[02/06/2012 - 15:30:55 | N | 1] G:\BOOTNXT
[26/07/2012 - 08:22:08 | SHD ] G:\Documents and Settings
[04/04/2013 - 18:32:22 | ASH | 6856724480] G:\hiberfil.sys
[04/04/2013 - 18:32:29 | N | 4831838208] G:\pagefile.sys
[26/07/2012 - 08:33:46 | D ] G:\PerfLogs
[03/04/2013 - 14:41:17 | D ] G:\Program Files
[03/04/2013 - 14:42:40 | D ] G:\Program Files (x86)
[31/03/2013 - 14:51:51 | HD ] G:\ProgramData
[28/03/2013 - 22:21:50 | SHD ] G:\Recovery
[04/04/2013 - 18:32:30 | N | 268435456] G:\swapfile.sys
[02/04/2013 - 18:39:29 | SHD ] G:\System Volume Information
[03/04/2013 - 14:43:30 | D ] G:\Users
[03/04/2013 - 14:37:42 | D ] G:\Windows
[08/04/2013 - 08:15:14 | SHD ] I:\$RECYCLE.BIN
[15/12/2011 - 12:22:37 | N | 12292] I:\.DS_Store
[15/12/2011 - 12:26:00 | D ] I:\.fseventsd
[15/12/2011 - 12:26:00 | SHD ] I:\.Trashes
[17/02/2011 - 18:06:26 | N | 5324800] I:\ActivateWarranty(SJ).exe
[08/04/2013 - 08:15:14 | SHD ] I:\config
[07/04/2011 - 15:24:02 | N | 4173] I:\FreeSoftware(SJ).htm
[08/04/2013 - 08:15:14 | D ] I:\Games
[26/09/2011 - 12:07:26 | D ] I:\images
[07/04/2013 - 23:14:06 | D ] I:\Malek
[05/03/2013 - 20:39:41 | D ] I:\MyFavorite
[03/04/2013 - 03:12:02 | D ] I:\Omar
[03/02/2013 - 00:53:59 | N | 96543027] I:\Pack Fichiers Glitch -MS-GAMES 40549361.zip
[19/09/2011 - 20:39:40 | D ] I:\Sauvegarde
[04/12/2011 - 01:29:31 | SHD ] I:\System Volume Information
[12/12/2011 - 17:47:40 | N | 6755604] I:\TranscendElite.exe
[13/04/2012 - 17:27:17 | N | 2606] I:\TuneupRecoveryKeys.pfx
[26/09/2011 - 13:22:24 | D ] I:\Utility
[13/01/2012 - 13:56:35 | N | 162] I:\~$??? ???? ???????.docx
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.sosvirus.net/ |
D'accord!
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
Le disque I est propre des infections de disques amovibles et il est vacciné ! :-)
--------------------
Pour faire un diagnostique de ton PC :
* Télécharge puis enregistre sur le bureau de ton PC ZHPDiag
(de Nicolas Coolman) à partir : ce lien
* Lance-le, (Clic droit "exécuter en tant qu'administrateur" si tu es sous Vista/7)
* Clique sur l'icône en forme de loupe pour lancer le diagnostique
* Héberge le rapport ZHPDiag.txt de ton bureau sur : malekal.com ou cjoint.com
* Fais copier/coller le lien fourni dans ta prochaine réponse
* Aide ZHPDiag : <<< ICI >>>
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
Le disque I est propre des infections de disques amovibles et il est vacciné ! :-)
--------------------
Pour faire un diagnostique de ton PC :
* Télécharge puis enregistre sur le bureau de ton PC ZHPDiag
(de Nicolas Coolman) à partir : ce lien
* Lance-le, (Clic droit "exécuter en tant qu'administrateur" si tu es sous Vista/7)
* Clique sur l'icône en forme de loupe pour lancer le diagnostique
* Héberge le rapport ZHPDiag.txt de ton bureau sur : malekal.com ou cjoint.com
* Fais copier/coller le lien fourni dans ta prochaine réponse
* Aide ZHPDiag : <<< ICI >>>
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
et le lien du rapport ZHPDiag:
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130408_q10n10q13p14o12
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130408_q10n10q13p14o12
Bonsoir,
Ta version de windows n'est pas officielle!
Tu peux lire : Version piratée de windows
-----------------
Télécharge AdwCleaner (merci à Xplode)
Lance AdwCleaner
Clique sur le bouton [ Suppression ]
Patiente...
Poste le rapport qui apparait en fin de recherche.
(Le rapport est sauvegardé aussi sous C:\ AdwCleaner[SX].Txt)
Ta version de windows n'est pas officielle!
Tu peux lire : Version piratée de windows
-----------------
Télécharge AdwCleaner (merci à Xplode)
Lance AdwCleaner
Clique sur le bouton [ Suppression ]
Patiente...
Poste le rapport qui apparait en fin de recherche.
(Le rapport est sauvegardé aussi sous C:\ AdwCleaner[SX].Txt)
