Répondre à : PC infecté après Virus Facebook 2016-09-08T13:05:11+00:00
samolo005
Participant
Post count: 4

bonsoir

voici le résultat du processus ( mode sans echec)[spoiler:2551m7cp]############################## | UsbFix V 7.133 | [Suppression]

Utilisateur: Samia (Administrateur) # SAMIA-PC
Mis à jour le 27/08/2013 par El Desaparecido
Lancé à 21:08:01 | 30/08/2013

Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: https://www.sosvirus.net/viewtopic.php?f=6&t=489” onclick=”window.open(this.href);return false;
Contact: eldesaparecido@sosvirus.net

PC: Hewlett-Packard (nc6xxxs) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz (1795)
RAM -> [Total : 1015 | Free : 549]
BIOS: KBC Version 12.00
BOOT: Fail-safe boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
FW: Windows FireWall Service [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 39 Go (4 Go libre(s) – 11%) [] # NTFS
D: -> Disque fixe # 59 Go (11 Go libre(s) – 18%) [] # FAT32
E: -> CD-ROM

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [Monitor] – C:WindowsPixArtPAC207Monitor.exe
HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-2952820587-1313875728-3097918757-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-2952820587-1313875728-3097918757-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-2952820587-1313875728-3097918757-1000SOFTWARE | Run : [Facebook Update] – “C:UsersSamiaAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:WindowsExplorer.EXE (1028)
Stoppé! C:Windowssystem32ctfmon.exe (1056)

################## | Éléments infectieux |

Supprimé! C:UsersSamiaAppDataRoamingtfn2F32.tmp.exe
Supprimé! C:UsersSamiaAppDataRoamingtfnC0B6.tmp.exe

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Mountpoints2 |

################## | Listing |

[27/01/2013 – 17:00:24 | SHD ] C:$Recycle.Bin
[28/08/2013 – 20:17:27 | D ] C:AdwCleaner
[25/04/2010 – 21:41:55 | D ] C:annexe
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[30/08/2013 – 21:07:15 | ASH | 798466048] C:hiberfil.sys
[12/10/2012 – 10:33:37 | N | 5538] C:M7BL_Rapport.log
[30/08/2013 – 21:07:16 | ASH | 1073741824] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[30/08/2013 – 16:15:13 | D ] C:Program Files
[28/08/2013 – 18:13:35 | HD ] C:ProgramData
[12/10/2012 – 01:35:40 | SHD ] C:Recovery
[28/08/2013 – 19:00:59 | SHD ] C:System Volume Information
[30/08/2013 – 21:09:15 | D ] C:UsbFix
[29/08/2013 – 11:01:38 | N | 5155] C:UsbFix [Clean 1] SAMIA-PC.txt
[30/08/2013 – 21:09:39 | A | 3699] C:UsbFix [Clean 2] SAMIA-PC.txt
[28/08/2013 – 20:47:40 | N | 5905] C:UsbFix [Scan 2] SAMIA-PC.txt
[12/10/2012 – 01:40:48 | D ] C:Users
[30/08/2013 – 21:07:15 | D ] C:Windows
[10/05/2011 – 20:19:34 | D ] D:FOUND.000
[17/06/2012 – 15:22:44 | D ] D:fantasy couple
[14/01/2010 – 17:20:30 | D ] D:Recycled
[03/07/2012 – 00:16:34 | D ] D:19062012 Sahel el Blaidi
[12/10/2012 – 01:41:00 | SHD ] D:$RECYCLE.BIN
[22/02/2010 – 23:37:44 | D ] D:movies
[02/07/2012 – 17:34:30 | D ] D:me au mariage
[03/07/2012 – 00:19:44 | D ] D:20062012 Bouameur Hadj Kouider
[17/06/2012 – 15:13:40 | D ] D:ma music
[01/11/2010 – 11:09:38 | SHD ] D:System Volume Information
[01/11/2010 – 19:55:28 | RASHD ] D:Autorun.inf
[06/11/2009 – 17:55:20 | N | 746301440] D:[D-J-F] Hana Yori Dango Final Le film DVDRIP vostf.avi
[04/06/2011 – 16:20:16 | D ] D:SMRTNTKY
[23/07/2011 – 13:02:42 | D ] D:my all music
[23/08/2011 – 18:13:32 | N | 205033] D:Aout 1984(2).JPG
[29/08/2011 – 23:35:02 | D ] D:????? ????
[16/01/2008 – 12:52:54 | N | 97296] D:install.res.1036.dll
[16/01/2008 – 12:48:06 | N | 12246] D:eula.1036.txt
[16/01/2008 – 12:48:06 | N | 1110] D:globdata.ini
[16/01/2008 – 12:48:14 | N | 843] D:install.ini
[16/01/2008 – 13:00:56 | N | 233984] D:VC_RED.MSI
[16/01/2008 – 12:58:54 | N | 1442522] D:VC_RED.cab
[05/01/2012 – 23:24:02 | D ] D:i am legend
[19/03/2012 – 23:30:54 | D ] D:law kana bain ana
[19/06/2011 – 00:15:44 | N | 49925299] D:pekin expresse en egypte- À voir Une leçon de vie pour la vie pour ceux qui se plaignent.flv
[06/04/2012 – 21:59:46 | D ] D:dehina
[06/04/2012 – 22:00:32 | D ] D:ACCESS 2 DOCUMENTATION monic
[06/04/2012 – 22:00:42 | D ] D:adaptation biosystem
[06/04/2012 – 22:01:04 | D ] D:Adaptations sur selectra Rabeh 30sep2010
[06/04/2012 – 22:02:08 | D ] D:selectra
[06/05/2011 – 16:01:56 | N | 20582400] D:HADJIRA.mdb
[29/04/2011 – 18:18:18 | N | 41984] D:NORMES IMX.doc
[01/05/2011 – 16:38:02 | N | 32768] D:phospho lip.doc

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2551m7cp]