Répondre à : PC infecté après Virus Facebook 2016-09-08T13:05:11+00:00
samolo005
Participant
Nombre d'articles : 5

Merci pour ta réponse H.A.W.X
voila le rapport

Spoiler for 2kq9c8tt

############################## | UsbFix V 7.133 | [Recherche]

Utilisateur: Samia (Administrateur) # SAMIA-PC
Mis à jour le 27/08/2013 par El Desaparecido
Lancé à 20:45:59 | 28/08/2013

Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: https://www.sosvirus.net/viewtopic.php?f=6&t=489” onclick=”window.open(this.href);return false;
Contact: eldesaparecido@sosvirus.net

PC: Hewlett-Packard (nc6xxxs) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz (1801)
RAM -> [Total : 1015 | Free : 211]
BIOS: KBC Version 12.00
BOOT: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 39 Go (5 Go libre(s) – 14%)

[] # NTFS
D: -> Disque fixe # 59 Go (11 Go libre(s) – 18%) [] # FAT32
E: -> CD-ROM

################## | Processus Actif |

C:Windowssystem32csrss.exe (320)
C:Windowssystem32csrss.exe (364)
C:Windowssystem32wininit.exe (372)
C:Windowssystem32services.exe (424)
C:Windowssystem32lsass.exe (440)
C:Windowssystem32lsm.exe (448)
C:Windowssystem32winlogon.exe (572)
C:Windowssystem32svchost.exe (592)
C:Windowssystem32svchost.exe (692)
C:WindowsSystem32svchost.exe (776)
C:WindowsSystem32svchost.exe (820)
C:Windowssystem32svchost.exe (868)
C:Windowssystem32svchost.exe (1012)
C:Windowssystem32svchost.exe (1208)
C:WindowsSystem32spoolsv.exe (1320)
C:Program FilesAviraAntiVir Desktopsched.exe (1356)
C:Windowssystem32svchost.exe (1376)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (1468)
C:Program FilesAviraAntiVir Desktopavguard.exe (1512)
C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe

(1552)
C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

(1592)
C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe

(1640)
C:Windowssystem32sppsvc.exe (1716)
C:Windowssystem32svchost.exe (1748)
C:Windowssystem32taskhost.exe (500)
C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe (892)
C:Windowssystem32Dwm.exe (392)
C:WindowsExplorer.EXE (1444)
C:WindowsSystem32igfxtray.exe (1976)
C:WindowsSystem32hkcmd.exe (2056)
C:WindowsSystem32igfxpers.exe (2072)
C:Windowssystem32igfxsrvc.exe (2152)
C:WindowsPixArtPac207Monitor.exe (2204)
C:Program FilesHewlett-PackardHP Quick Launch Buttons

QLBCtrl.exe (2232)
C:Program FilesAviraAntiVir Desktopavgnt.exe (2244)
C:Program FilesCommon FilesJavaJava Updatejusched.exe

(2252)
C:Program FilesWindows Sidebarsidebar.exe (2272)
C:Program FilesSkypePhoneSkype.exe (2316)
C:Program FilesMcAfee Security Scan3.0.318SSScheduler.exe

(2452)
C:Program FilesHewlett-PackardHP Quick Launch Buttons

VolCtrl.exe (2480)
C:UsersSamiaAppDataLocalFacebookMessenger

2.1.4814.0FacebookMessenger.exe (2492)
C:Program FilesAviraAntiVir Desktopavshadow.exe (2820)
C:Windowssystem32conhost.exe (2828)
C:Program FilesHewlett-PackardSharedhpqwmiex.exe (2876)
C:Windowssystem32SearchIndexer.exe (2952)
C:Windowssystem32wbemwmiprvse.exe (2964)
C:Windowssystem32svchost.exe (3056)
C:Windowssystem32svchost.exe (3224)
C:Program FilesHewlett-PackardHP Quick Launch Buttons

Com4QLBEx.exe (3620)
C:WindowsSystem32svchost.exe (2180)
C:Program FilesMozilla Firefoxfirefox.exe (1076)
C:Program FilesWindows Media Playerwmpnetwk.exe (1936)
C:Program FilesMozilla Firefoxplugin-container.exe (1788)
C:Windowssystem32MacromedFlash

FlashPlayerPlugin_11_8_800_94.exe (3072)
C:Windowssystem32MacromedFlash

FlashPlayerPlugin_11_8_800_94.exe (2564)
C:Windowssystem32wuauclt.exe (3028)
C:Program FilesCommon FilesJavaJava Updatejucheck.exe

(1524)
C:Windowssystem32wbemwmiprvse.exe (1796)
C:UsbFixGo.exe (3088)

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [IgfxTray] – C:Windows

system32igfxtray.exe
HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windows

system32hkcmd.exe
HKLMSOFTWARE | Run : [Persistence] – C:Windows

system32igfxpers.exe
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon

FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [Monitor] – C:WindowsPixArt

PAC207Monitor.exe
HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-

PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir

Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files

Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows

SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows

SidebarSidebar.exe /autoRun
HKUS-1-5-21-2952820587-1313875728-3097918757-1000SOFTWARE |

Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe

/autoRun
HKUS-1-5-21-2952820587-1313875728-3097918757-1000SOFTWARE |

Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe”

/minimized /regrun
HKUS-1-5-21-2952820587-1313875728-3097918757-1000SOFTWARE |

Run : [Facebook Update] – “C:UsersSamiaAppDataLocal

FacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:Windows

System32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:Windows

System32mctadmin.exe

################## | Éléments infectieux |

Présent! C:UsersSamiaAppDataRoamingtfn2F32.tmp.exe
Présent! C:UsersSamiaAppDataRoamingtfnC0B6.tmp.exe

################## | Registre |

################## | Mountpoints2 |

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2kq9c8tt]