Re,
Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir ??? Pas compris. J'ai lancé sur recherche sans rien faire. Voila le rapport:
############################## | UsbFix V 7.129 | [Recherche]
Utilisateur: Desbos (Administrateur) # DESBOS-PC
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 15:35:59 | 26/06/2013
Site Web:
http://sosvirus.net/
Upload Malware:
http://www.sosvirus.net/upload-malware- ... -t489.html
Contact:
contact@sosvirus.net
PC: Gigabyte Technology Co., Ltd. (To be filled by O.E.M.) (x64-based PC)
CPU: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz (3901)
RAM - [Total : 4058 | Free : 1152]
BIOS: BIOS Date: 05/11/12 16:27:40 Ver: 04.06.05
BOOT: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Anti-Virus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) - Disque fixe # 119 Go (27 Go libre(s) - 23%) [] # NTFS
D:\ - CD-ROM
E:\ - CD-ROM
J:\ - Disque fixe # 931 Go (415 Go libre(s) - 45%) [Nouveau nom] # NTFS
################## | Processus Actif |
C:\Windows\system32\csrss.exe (600)
C:\Windows\system32\wininit.exe (680)
C:\Windows\system32\csrss.exe (688)
C:\Windows\system32\services.exe (736)
C:\Windows\system32\lsass.exe (756)
C:\Windows\system32\lsm.exe (764)
C:\Windows\system32\winlogon.exe (868)
C:\Windows\system32\svchost.exe (880)
C:\Windows\system32\svchost.exe (976)
C:\Windows\system32\atiesrxx.exe (176)
C:\Windows\System32\svchost.exe (500)
C:\Windows\System32\svchost.exe (904)
C:\Windows\system32\svchost.exe (1040)
C:\Windows\system32\svchost.exe (1068)
C:\Windows\system32\svchost.exe (1220)
C:\Windows\system32\svchost.exe (1308)
C:\Windows\system32\atieclxx.exe (1380)
C:\Windows\system32\taskeng.exe (1480)
C:\Windows\System32\spoolsv.exe (1488)
C:\Windows\system32\svchost.exe (1544)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (1668)
C:\Windows\system32\taskhost.exe (1732)
C:\Windows\system32\Dwm.exe (1840)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (1864)
C:\Windows\Explorer.EXE (1956)
C:\Program Files\EslWire\service\WireHelperSvc.exe (1188)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (1332)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (2100)
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (2128)
C:\Windows\SysWOW64\PnkBstrA.exe (2192)
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (2260)
C:\Windows\system32\svchost.exe (2332)
C:\Windows\system32\viakaraokesrv.exe (2356)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2400)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2568)
C:\Program Files\Windows Sidebar\sidebar.exe (2620)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (2808)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (2840)
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (2896)
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (2928)
C:\Program Files (x86)\CyberLink\Shared files\brs.exe (2940)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3000)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2696)
C:\Windows\system32\svchost.exe (3444)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (3648)
C:\Windows\system32\SearchIndexer.exe (4148)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4264)
C:\Windows\system32\svchost.exe (4432)
C:\Windows\System32\svchost.exe (4552)
C:\Windows\SysWOW64\schtasks.exe (4068)
C:\Windows\system32\DllHost.exe (5024)
C:\Windows\system32\conhost.exe (3200)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (4728)
C:\Windows\System32\svchost.exe (1572)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (3860)
C:\Windows\explorer.exe (3668)
C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (5796)
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (3920)
C:\Program Files (x86)\Origin\Origin.exe (5660)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (1144)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (3844)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (3364)
C:\Program Files (x86)\Windows Media Player\wmplayer.exe (4964)
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (6192)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (2084)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (1916)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (3572)
C:\UsbFix\Go.exe (7852)
C:\Windows\system32\wbem\wmiprvse.exe (5520)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
HKLM\SOFTWARE | Run : [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
HKLM\SOFTWARE | Run : [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
HKLM\SOFTWARE\wow6432Node | Run : [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2520269267-1782965443-2374617311-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-2520269267-1782965443-2374617311-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-2520269267-1782965443-2374617311-1000\SOFTWARE | Run : [ESL Wire] - "C:\Program Files\EslWire\wire.exe" --tray
HKU\S-1-5-18\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Éléments infectieux |
Présent! E:\autorun.exe
Présent! E:\00001.tmp
Présent! E:\00002.tmp
Présent! E:\0x040c.ini
Présent! E:\Autorun.inf
################## | Registre |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{a675b8d9-75be-11e2-bdf8-902b343a8030}
Shell\AutoRun\Command = E:\autorun.exe
Shell\directx\Command = E:\DirectX9\dxsetup.exe
Shell\setup\Command = E:\install.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F |
http://sosvirus.net |
Merci.