############################## | UsbFix V 7.149 | [Suppression]

Utilisateur: BUN (Administrateur) # BUN-PC
Mis à jour le 03/11/2013 par El Desaparecido - Team SosVirus
Lancé à 19:06:38 | 04/11/2013

Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: FOXCONN (2AAF)
CPU: AMD Athlon(tm) II X2 220 Processor
RAM -> [Total : 1791 | Free : 405]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 8.0.7601.17514
WB: Mozilla Firefox : 24.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 288 Go (222 Go libre(s) - 77%) [COMPAQ] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 4 Go (4 Go libre(s) - 98%) [BUREAU IDF] # FAT32
G:\ -> Disque fixe # 100 Mo (32 Mo libre(s) - 32%) [System] # NTFS
H:\ -> Disque amovible # 4 Go (4 Go libre(s) - 98%) [] # FAT32

################## | Référence de comparaison MD5 |

Md5 : 32bef3bb4b558ade6cf41113628fc86d -> C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 32bef3bb4b558ade6cf41113628fc86d -> C:\Users\BUN\AppData\Local\Temp\iTunesHelper.vbe
Md5 : 32bef3bb4b558ade6cf41113628fc86d -> E:\iTunesHelper.vbe
Md5 : 32bef3bb4b558ade6cf41113628fc86d -> H:\iTunesHelper.vbe

################## | Processus Stoppés |

Stoppé! C:\Windows\system32\atiesrxx.exe (ID: 840 |ParentID: 536)
Stoppé! C:\Windows\system32\atieclxx.exe (ID: 1168 |ParentID: 840)
Stoppé! C:\Program Files\Tablet\Pen\Pen_TouchService.exe (ID: 1240 |ParentID: 536)
Stoppé! C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 1296 |ParentID: 960)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 1552 |ParentID: 536)
Stoppé! C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 1700 |ParentID: 960)
Stoppé! C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ID: 1716 |ParentID: 960)
Stoppé! C:\Windows\Explorer.EXE (ID: 1784 |ParentID: 1688)
Stoppé! C:\Windows\system32\taskhost.exe (ID: 1804 |ParentID: 536)
Stoppé! C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (ID: 1840 |ParentID: 1240)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID: 1972 |ParentID: 536)
Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1648 |ParentID: 536)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID: 1340 |ParentID: 536)
Stoppé! C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (ID: 524 |ParentID: 536)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID: 2232 |ParentID: 1784)
Stoppé! C:\Program Files\Bamboo Dock\BambooCore.exe (ID: 2240 |ParentID: 1784)
Stoppé! C:\Program Files\Tablet\Pen\Pen_Tablet.exe (ID: 2248 |ParentID: 536)
Stoppé! C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 2284 |ParentID: 1784)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (ID: 2300 |ParentID: 1784)
Stoppé! C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (ID: 2364 |ParentID: 1784)
Stoppé! C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (ID: 2400 |ParentID: 1784)
Stoppé! C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe (ID: 2456 |ParentID: 1784)
Stoppé! C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe (ID: 2476 |ParentID: 536)
Stoppé! C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (ID: 2568 |ParentID: 2248)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2720 |ParentID: 536)
Stoppé! C:\Program Files\Tablet\Pen\Pen_Tablet.exe (ID: 2732 |ParentID: 2248)
Stoppé! C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe (ID: 2824 |ParentID: 2400)
Stoppé! C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (ID: 2952 |ParentID: 536)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2964 |ParentID: 2720)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID: 3880 |ParentID: 1340)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 3912 |ParentID: 536)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2204 |ParentID: 536)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID: 412 |ParentID: 960)
Stoppé! C:\Windows\system32\DllHost.exe (ID: 5020 |ParentID: 708)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (ID: 5292 |ParentID: 536)
Stoppé! C:\Program Files\Mozilla Firefox\firefox.exe (ID: 4688 |ParentID: 1784)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (ID: 4480 |ParentID: 1784)
Stoppé! C:\Windows\system32\NOTEPAD.EXE (ID: 5352 |ParentID: 408)
Stoppé! C:\Program Files\Mozilla Firefox\plugin-container.exe (ID: 4076 |ParentID: 4688)
Stoppé! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (ID: 5088 |ParentID: 4076)
Stoppé! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (ID: 1412 |ParentID: 5088)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\SOFTWARE | Run : [BambooCore] - C:\Program Files\Bamboo Dock\BambooCore.exe
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2637158324-2203775089-3494527545-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-2637158324-2203775089-3494527545-1000\SOFTWARE | Run : [Google Update] - "C:\Users\BUN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-2637158324-2203775089-3494527545-1000\SOFTWARE | Run : [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKU\S-1-5-21-2637158324-2203775089-3494527545-1000\SOFTWARE | Run : [Sony PC Companion] - "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
04 - HKU\S-1-5-21-2637158324-2203775089-3494527545-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\BUN\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Supprimé! E:\Notification.lnk
Supprimé! E:\L1 PI C9.lnk
Supprimé! H:\IA - Notice Inscription 2013-2014 - web.lnk
Supprimé! H:\consultationDetail.lnk
Supprimé! H:\Net.lnk
Supprimé! C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Supprimé! C:\Users\BUN\AppData\Local\Temp\iTunesHelper.vbe
Supprimé! E:\iTunesHelper.vbe
Supprimé! H:\iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |


################## | Registre |

Supprimé! HKU\S-1-5-21-2637158324-2203775089-3494527545-1000\Software\.\.\.\.\Mountpoints2\{1c18623e-4694-11e2-b968-ca7f1d1da744}
Supprimé! HKU\S-1-5-21-2637158324-2203775089-3494527545-1000\Software\.\.\.\.\Mountpoints2\{92ad01c8-ffeb-11e0-8f3e-806e6f6e6963}
Supprimé! HKU\S-1-5-21-2637158324-2203775089-3494527545-1000\Software\.\.\.\.\Mountpoints2\{f0ad2917-718e-11e1-bcba-a777db1b552d}

################## | Listing |

[27/10/2011 - 01:46:12 | SHD ] 	C:\$Recycle.Bin
[08/10/2012 - 20:52:10 | D ] 	C:\121188d2980e0d935df64e
[10/06/2009 - 22:42:20 | N | 24] 	C:\autoexec.bat
[15/03/2013 - 02:26:02 | N | 112] 	C:\C8180A8D47AC
[28/10/2013 - 11:29:28 | SHD ] 	C:\Config.Msi
[10/06/2009 - 22:42:20 | N | 10] 	C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] 	C:\Documents and Settings
[29/09/2010 - 07:49:14 | N | 2492] 	C:\DPC10WEFALW661.INI
[13/11/2012 - 11:36:27 | N | 14] 	C:\END
[15/03/2013 - 02:26:02 | N | 40] 	C:\FBDB42A073D4
[04/11/2013 - 18:29:06 | ASH | 1408720896] 	C:\hiberfil.sys
[30/09/2010 - 00:03:38 | D ] 	C:\hp
[14/11/2011 - 19:59:02 | RHD ] 	C:\MSOCache
[04/11/2013 - 18:29:07 | ASH | 1878298624] 	C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] 	C:\PerfLogs
[01/10/2013 - 23:32:25 | D ] 	C:\Program Files
[15/03/2013 - 02:24:42 | D ] 	C:\Program Files (x86)
[28/10/2013 - 11:29:29 | HD ] 	C:\ProgramData
[20/11/2011 - 11:34:12 | D ] 	C:\Programmi
[26/10/2011 - 17:18:25 | SHD ] 	C:\Recovery
[30/09/2010 - 00:04:05 | D ] 	C:\SWSETUP
[04/11/2013 - 00:49:49 | SHD ] 	C:\System Volume Information
[29/09/2010 - 23:50:22 | D ] 	C:\system.sav
[04/11/2013 - 19:09:24 | D ] 	C:\UsbFix
[04/11/2013 - 19:09:25 | A | 8951] 	C:\UsbFix [Clean 2] BUN-PC.txt
[04/11/2013 - 18:43:08 | N | 8357] 	C:\UsbFix [Scan 1] BUN-PC.txt
[26/10/2011 - 17:18:31 | RD ] 	C:\Users
[04/11/2013 - 18:29:20 | D ] 	C:\Windows
[13/06/2013 - 18:33:54 | N | 8068] 	E:\Notification.pdf
[29/09/2013 - 15:46:42 | N | 79616] 	E:\L1 PI C9.pdf
[26/10/2011 - 17:18:38 | SHD ] 	G:\$RECYCLE.BIN
[01/11/2011 - 02:28:25 | SHD ] 	G:\Boot
[20/11/2010 - 13:40:07 | RASH | 383786] 	G:\bootmgr
[26/10/2011 - 17:59:31 | RASH | 8192] 	G:\BOOTSECT.BAK
[29/09/2010 - 23:20:27 | SHD ] 	G:\System Volume Information
[23/07/2013 - 19:00:02 | N | 134564] 	H:\IA - Notice Inscription 2013-2014 - web.pdf
[24/07/2013 - 01:17:50 | N | 4387] 	H:\consultationDetail.do.pdf
[15/07/2013 - 18:52:52 | D ] 	H:\Net

################## | Vaccin |

E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)