dodiawara
Participant
Nombre d'articles : 2

merci pour la promptitude

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: MAMADOU (Administrateur) # PORTABLE
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 12:24:15 | 16/04/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (1858)
CPU: Intel(R) Celeron(R) CPU B830 @ 1.80GHz
RAM -> [Total : 2726 Mo| Free : 1614 Mo]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 8 Professionnel avec Media Center (6.2.9200 32-Bit)
WB: Windows Internet Explorer : 10.0.9200.16863
WB: Google Chrome : 34.0.1847.116

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: AVG AntiVirus Free Edition 2014 [Enabled | Updated]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: AVG AntiVirus Free Edition 2014 [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 456 Go (165 Go libre(s) – 36%) [] # NTFS
D: -> Disque fixe # 10 Go (5 Go libre(s) – 54%) [] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 2 Go (2 Go libre(s) – 98%) [PENDRIVE] # FAT32
G: -> CD-ROM

################## | Processus Actif |

C:PROGRA~1AVGAVG2014avgrsx.exe (ID: 480 |ParentID: 468)
C:Program FilesAVGAVG2014avgcsrvx.exe (ID: 524 |ParentID: 480)
C:Windowssystem32csrss.exe (ID: 736 |ParentID: 728)
C:Windowssystem32wininit.exe (ID: 804 |ParentID: 728)
C:Windowssystem32csrss.exe (ID: 812 |ParentID: 792)
C:Windowssystem32services.exe (ID: 872 |ParentID: 804)
C:Windowssystem32winlogon.exe (ID: 880 |ParentID: 792)
C:Windowssystem32lsass.exe (ID: 888 |ParentID: 804)
C:Windowssystem32svchost.exe (ID: 996 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 1048 |ParentID: 872)
C:WindowsSystem32svchost.exe (ID: 1104 |ParentID: 872)
C:Windowssystem32dwm.exe (ID: 1136 |ParentID: 880)
C:Windowssystem32svchost.exe (ID: 1264 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 1296 |ParentID: 872)
C:WindowsSystem32svchost.exe (ID: 1364 |ParentID: 872)
C:Program FilesWTouchWTouchService.exe (ID: 1460 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 1564 |ParentID: 872)
C:WindowsSystem32spoolsv.exe (ID: 1728 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 1760 |ParentID: 872)
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1996 |ParentID: 872)
C:Windowssystem32AdminService.exe (ID: 2024 |ParentID: 872)
C:Program FilesAVGAVG2014avgidsagent.exe (ID: 440 |ParentID: 872)
C:Program FilesAVGAVG2014avgwdsvc.exe (ID: 540 |ParentID: 872)
C:Program FilesBonjourmDNSResponder.exe (ID: 468 |ParentID: 872)
C:Program FilesInteliCLS ClientHeciServer.exe (ID: 752 |ParentID: 872)
C:Program FilesInternetEverywhereInternetEverywhere_Service.exe (ID: 1032 |ParentID: 872)
C:WindowsSystem32svchost.exe (ID: 1116 |ParentID: 872)
C:WindowsSystem32svchost.exe (ID: 1480 |ParentID: 872)
C:Program FilesRealNetworksRealDownloaderrndlresolversvc.exe (ID: 1588 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 1416 |ParentID: 872)
C:Windowssystem32Pen_Tablet.exe (ID: 2004 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 2716 |ParentID: 872)
C:Program FilesAVGAVG2014avgnsx.exe (ID: 2960 |ParentID: 540)
C:Program FilesAVGAVG2014avgemcx.exe (ID: 2972 |ParentID: 540)
C:Windowssystem32taskhostex.exe (ID: 3644 |ParentID: 872)
C:WindowsExplorer.EXE (ID: 3736 |ParentID: 3728)
C:Program FilesWTouchWTouchUser.exe (ID: 3948 |ParentID: 1460)
C:Windowssystem32svchost.exe (ID: 2080 |ParentID: 872)
C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbweLiveComm.exe (ID: 1788 |ParentID: 996)
C:Program FilesGoogleUpdate1.3.23.9GoogleCrashHandler.exe (ID: 2684 |ParentID: 4000)
C:Program FilesCommon Filesmicrosoft sharedinkTabTip.exe (ID: 2416 |ParentID: 1364)
C:Windowssystem32SearchIndexer.exe (ID: 3912 |ParentID: 872)
C:Program FilesAVGAVG2014avgui.exe (ID: 2368 |ParentID: 3736)
C:Program FilesRealRealPlayerUpdaterealsched.exe (ID: 3016 |ParentID: 3736)
C:WindowsSystem32igfxtray.exe (ID: 3612 |ParentID: 3736)
C:WindowsSystem32hkcmd.exe (ID: 4132 |ParentID: 3736)
C:WindowsSystem32igfxpers.exe (ID: 4176 |ParentID: 3736)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 4204 |ParentID: 3736)
C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 4388 |ParentID: 3736)
C:Program FilesPowerISOPWRISOVM.EXE (ID: 4456 |ParentID: 3736)
C:Program FilesiTunesiTunesHelper.exe (ID: 4552 |ParentID: 3736)
C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 4616 |ParentID: 4284)
C:Program FilesCommon FilesAppleInternet ServicesiCloudServices.exe (ID: 4660 |ParentID: 3736)
C:Program FilesCommon FilesAppleInternet ServicesApplePhotoStreams.exe (ID: 4680 |ParentID: 3736)
C:Program FilesCommon FilesAppleInternet ServicesAppleIEDAV.exe (ID: 4728 |ParentID: 3736)
C:Program FilesiPodbiniPodService.exe (ID: 4736 |ParentID: 872)
C:Program FilesSkypePhoneSkype.exe (ID: 4968 |ParentID: 3736)
C:UsersMAMADOUAppDataLocalViberViber.exe (ID: 4988 |ParentID: 3736)
C:Windowssystem32wbemwmiprvse.exe (ID: 5016 |ParentID: 996)
C:Program FilesInternetEverywhereInternetEverywhere_Launcher.exe (ID: 5028 |ParentID: 3736)
C:Windowssystem32RunDll32.exe (ID: 5048 |ParentID: 3736)
C:UsersMAMADOUAppDataRoamingDropboxbinDropbox.exe (ID: 5076 |ParentID: 3736)
C:WindowsSystem32RuntimeBroker.exe (ID: 5368 |ParentID: 996)
C:Program FilesCommon FilesAppleInternet ServicesAPSDaemon.exe (ID: 5396 |ParentID: 996)
C:Program FilesIntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 1124 |ParentID: 872)
C:Program FilesIntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 2384 |ParentID: 872)
C:Windowssystem32wbemwmiprvse.exe (ID: 1336 |ParentID: 996)
C:Program FilesYahoo!Messengerymsgr_tray.exe (ID: 3816 |ParentID: 4636)
C:Windowssystem32SearchProtocolHost.exe (ID: 988 |ParentID: 3912)
C:Windowssystem32SearchFilterHost.exe (ID: 2868 |ParentID: 3912)
C:Windowssystem32SearchProtocolHost.exe (ID: 3436 |ParentID: 3912)
C:Windowssystem32RunDll32.exe (ID: 5692 |ParentID: 4300)
C:WindowsSystem32WUDFHost.exe (ID: 1872 |ParentID: 1364)

################## | Recherche générique |

Non supprimé ! F:168816984_MicrosoftUpdate.vbe
Supprimé! F:RECYCLER.lnk
Supprimé! F:Nouveau dossier.lnk
Supprimé! F:System Volume Information.lnk
Supprimé! F:Daouda Diallo Assane Ndiaye Mamadou Diawara.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-3193705447-2187729482-271068122-1001Software….Mountpoints2{ca606d60-9749-11e3-afbb-28924a2580df}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Messenger (Yahoo!)] “C:PROGRA~1Yahoo!MessengerYahooMessenger.exe” -quiet
04 – HKCU..Run : [iCloudServices] C:Program FilesCommon FilesAppleInternet ServicesiCloudServices.exe
04 – HKCU..Run : [ApplePhotoStreams] C:Program FilesCommon FilesAppleInternet ServicesApplePhotoStreams.exe
04 – HKCU..Run : [AppleIEDAV] C:Program FilesCommon FilesAppleInternet ServicesAppleIEDAV.exe
04 – HKCU..Run : [AVG-Secure-Search-Update_1213b] C:UsersMAMADOUAppDataRoamingAVG 1213b CampaignAVG-Secure-Search-Update-1213b.exe /PROMPT /mid=14949453640c47d38c24f121dbb71187-e520923374f2255aaad27b8d59c1c4916995b690 /CMPID=1213b
04 – HKCU..Run : [Google Update] “C:UsersMAMADOUAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKCU..Run : [sunuradiotv] C:Program Filessunugrafsunuradiotviconebarre.exe
04 – HKCU..Run : [Skype] “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
04 – HKCU..Run : [Viber] “C:UsersMAMADOUAppDataLocalViberViber.exe” StartMinimized
04 – HKLM..Run : [AVG_UI] “C:Program FilesAVGAVG2014avgui.exe” /TRAYONLY
04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLM..Run : [TkBellExe] “C:Program FilesRealRealPlayerUpdaterealsched.exe” -osboot
04 – HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXE -startup
04 – HKLM..Run : [QuickTime Task] “C:Program FilesQuickTimeQTTask.exe” -atboottime
04 – HKLM..Run : [iTunesHelper] “C:Program FilesiTunesiTunesHelper.exe”
04 – HKUS-1-5-21-3193705447-2187729482-271068122-1001..Run : [Messenger (Yahoo!)] “C:PROGRA~1Yahoo!MessengerYahooMessenger.exe” -quiet
04 – HKUS-1-5-21-3193705447-2187729482-271068122-1001..Run : [iCloudServices] C:Program FilesCommon FilesAppleInternet ServicesiCloudServices.exe
04 – HKUS-1-5-21-3193705447-2187729482-271068122-1001..Run : [ApplePhotoStreams] C:Program FilesCommon FilesAppleInternet ServicesApplePhotoStreams.exe
04 – HKUS-1-5-21-3193705447-2187729482-271068122-1001..Run : [AppleIEDAV] C:Program FilesCommon FilesAppleInternet ServicesAppleIEDAV.exe
04 – HKUS-1-5-21-3193705447-2187729482-271068122-1001..Run : [AVG-Secure-Search-Update_1213b] C:UsersMAMADOUAppDataRoamingAVG 1213b CampaignAVG-Secure-Search-Update-1213b.exe /PROMPT /mid=14949453640c47d38c24f121dbb71187-e520923374f2255aaad27b8d59c1c4916995b690 /CMPID=1213b
04 – HKUS-1-5-21-3193705447-2187729482-271068122-1001..Run : [Google Update] “C:UsersMAMADOUAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-3193705447-2187729482-271068122-1001..Run : [sunuradiotv] C:Program Filessunugrafsunuradiotviconebarre.exe
04 – HKUS-1-5-21-3193705447-2187729482-271068122-1001..Run : [Skype] “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-3193705447-2187729482-271068122-1001..Run : [Viber] “C:UsersMAMADOUAppDataLocalViberViber.exe” StartMinimized

################## | Listing |

[10/10/2013 – 21:59:57 | D] – C:$AVG
[07/12/2013 – 06:04:41 | SHD] – C:$Recycle.Bin
[26/07/2012 – 06:52:25 | A | 0 Ko] – C:autoexec.bat
[26/07/2012 – 03:44:30 | RASH | 389 Ko] – C:bootmgr
[02/06/2012 – 14:30:55 | N | 0 Ko] – C:BOOTNXT
[10/04/2014 – 09:31:02 | D] – C:Config.Msi
[26/07/2012 – 06:52:25 | N | 0 Ko] – C:config.sys
[30/01/2014 – 13:58:30 | D] – C:Desktop
[26/07/2012 – 06:04:44 | SHD] – C:Documents and Settings
[01/03/2014 – 21:24:52 | D] – C:favori_sunuradio
[16/04/2014 – 12:10:29 | ASH | 2233428 Ko] – C:hiberfil.sys
[11/10/2013 – 00:29:13 | D] – C:Intel
[06/01/2014 – 13:16:32 | D] – C:isoavdpcopy
[20/10/2013 – 13:34:08 | RHD] – C:MSOCache
[16/04/2014 – 12:10:30 | ASH | 1638400 Ko] – C:pagefile.sys
[26/07/2012 – 06:29:57 | D] – C:PerfLogs
[28/03/2014 – 07:35:19 | D] – C:Program Files
[15/03/2014 – 23:31:13 | HD] – C:ProgramData
[25/11/2012 – 21:49:18 | D] – C:sources
[01/03/2014 – 20:02:28 | D] – C:sunuradio
[16/04/2014 – 12:10:31 | ASH | 262144 Ko] – C:swapfile.sys
[13/04/2014 – 20:36:02 | SHD] – C:System Volume Information
[16/04/2014 – 09:22:48 | D] – C:UsbFix
[16/04/2014 – 12:29:30 | A | 12 Ko | 53B8FB7CF957FA3A3036A29554B4C3D7] – C:UsbFix [Clean 2] PORTABLE.txt
[16/04/2014 – 09:29:31 | N | 12 Ko | 9D33BA0FFAE1B1E4176B758FEF1E3785] – C:UsbFix [Scan 1] PORTABLE.txt
[16/04/2014 – 11:37:26 | N | 12 Ko | 18ED536F84905A1247109B4DB3F424C0] – C:UsbFix [Scan 2] PORTABLE.txt
[16/04/2014 – 11:58:12 | N | 12 Ko | F1E04A16BFD456A90813BCF5169B7BCD] – C:UsbFix [Scan 3] PORTABLE.txt
[30/12/2013 – 20:20:08 | D] – C:Users
[22/03/2014 – 04:20:13 | D] – C:Windows
[10/10/2013 – 21:41:30 | D] – C:Windows Activation Technologies
[10/10/2013 – 22:48:59 | D] – D:$AVG
[26/02/2014 – 07:58:25 | SHD] – D:$RECYCLE.BIN
[07/04/2014 – 12:55:34 | N | 15494 Ko] – D:CERTIFICAT DE PRISE DE SERVICE 2014.doc
[21/11/2013 – 01:55:00 | D] – D:cheikh
[13/10/2013 – 09:55:27 | N | 796 Ko] – D:Masalik_en_A5_aminta.pdf
[11/10/2013 – 00:27:55 | N | 73532 Ko | F8C4E959504F103CD736C288CA459C22] – D:MEI_9.5_1.5M_9.5.14.1724.exe
[20/10/2013 – 13:31:46 | D] – D:office 2007
[10/10/2013 – 22:14:32 | D] – D:OFFICE 2013
[18/11/2013 – 14:36:29 | N | 308779 Ko | EF05B921F803F5DDF588D88727C1BA22] – D:OJ_AIO_4500_G510g-m_Full_Win_WW_140_408.exe
[20/10/2013 – 13:32:40 | D] – D:OpenOffice 4.0.1 (fr) Installation Files
[11/10/2013 – 00:20:39 | D] – D:RtsP2Stor_6.2.9200.29069
[10/10/2013 – 21:24:39 | SHD] – D:System Volume Information
[10/12/2013 – 17:08:11 | D] – D:WIN8
[16/04/2014 – 11:26:24 | D] – F:$AVG
[02/01/1998 – 04:09:46 | SHD] – F:RECYCLER
[28/11/2013 – 12:09:08 | SHD] – F:System Volume Information
[14/04/2014 – 14:05:14 | N | 82 Ko] – F:Contribution mission evaluation.doc
[14/04/2014 – 13:13:46 | N | 75 Ko] – F:Prime de prudence 2014.doc
[14/04/2014 – 13:52:16 | N | 71 Ko] – F:Paiement des cotisation annuelles Ipres pape babacar diouf 2 echeance.doc
[15/04/2014 – 18:08:02 | N | 71 Ko] – F:rectification reclassement mamadou Samba Ba.doc
[14/04/2014 – 10:18:06 | N | 71 Ko] – F:decision demissionnaire papa babacar diouf.doc
[11/03/2014 – 09:19:16 | D] – F:Nouveau dossier
[11/04/2014 – 10:49:02 | N | 73 Ko] – F:décision retraite Mamadou Hamat Sarr mai 2014.doc
[14/04/2014 – 13:46:42 | N | 72 Ko] – F:Paiement des cotisation annuelles Ipres pape babacar diouf 1 echeance.doc
[15/04/2014 – 18:09:48 | N | 25 Ko] – F:contrat ibrahima Ba mars 2014.doc
[15/04/2014 – 17:31:26 | N | 27 Ko] – F:contrat dieynaba Guéye mars 2014.doc
[03/02/2014 – 16:04:28 | N | 679 Ko | D41D8CD98F00B204E9800998ECF8427E] – F:168816984_MicrosoftUpdate.vbe
[14/04/2014 – 13:17:58 | N | 86 Ko] – F:Etat des chauffeurs 2014.doc
[15/04/2014 – 21:23:16 | N | 56 Ko] – F:liste de donnees master 2 grh informatique.xls
[11/04/2014 – 18:24:00 | D] – F:Daouda Diallo Assane Ndiaye Mamadou Diawara

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |