############################## | UsbFix V 7.167 | [Suppression] Utilisateur: felix (Administrateur) # FELIX-TOSHIBA Mis à jour le 13/03/2014 par El Desaparecido - Team SosVirus Lancé à 22:03:06 | 24/03/2014 Site Web : http://www.usbfix.net/ Changelog : http://www.usbfix.net/maj/ Support : http://www.sosvirus.net/forum-virus-securite.html Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.usbfix.net/contact/ PC: TOSHIBA (NALAA) CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz RAM -> [Total : 3955 Mo| Free : 2525 Mo] Bios: TOSHIBA Boot: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1 WB: Windows Internet Explorer : 11.0.9600.16521 WB: Safari : 534.57.2 SC: Security Center [Enabled] WU: Windows Update [Enabled] AV: Avira Desktop [Enabled | Updated] AS: Avira Desktop [Enabled | Updated] AS: Windows Defender [Enabled | Updated] FW: Windows FireWall [(!) Disabled] C:\ (%systemdrive%) -> Disque fixe # 233 Go (59 Go libre(s) - 25%) [WINDOWS] # NTFS D:\ -> Disque fixe # 232 Go (103 Go libre(s) - 44%) [Data] # NTFS E:\ -> CD-ROM F:\ -> Disque amovible # 7 Go (3 Go libre(s) - 37%) [USB DISK] # FAT32 ################## | Processus Actif | C:\Windows\system32\csrss.exe (ID: 440 |ParentID: 432) C:\Windows\system32\wininit.exe (ID: 520 |ParentID: 432) C:\Windows\system32\csrss.exe (ID: 544 |ParentID: 528) C:\Windows\system32\services.exe (ID: 576 |ParentID: 520) C:\Windows\system32\winlogon.exe (ID: 616 |ParentID: 528) C:\Windows\system32\lsass.exe (ID: 628 |ParentID: 520) C:\Windows\system32\lsm.exe (ID: 636 |ParentID: 520) C:\Windows\system32\svchost.exe (ID: 748 |ParentID: 576) C:\Windows\system32\svchost.exe (ID: 840 |ParentID: 576) C:\Windows\system32\atiesrxx.exe (ID: 892 |ParentID: 576) C:\Windows\System32\svchost.exe (ID: 968 |ParentID: 576) C:\Windows\System32\svchost.exe (ID: 1000 |ParentID: 576) C:\Windows\system32\svchost.exe (ID: 128 |ParentID: 576) C:\Windows\system32\svchost.exe (ID: 328 |ParentID: 576) C:\Windows\system32\svchost.exe (ID: 1088 |ParentID: 576) C:\Windows\system32\atieclxx.exe (ID: 1180 |ParentID: 892) C:\Windows\System32\spoolsv.exe (ID: 1316 |ParentID: 576) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1356 |ParentID: 576) C:\Windows\system32\taskhost.exe (ID: 1448 |ParentID: 576) C:\Windows\system32\Dwm.exe (ID: 1536 |ParentID: 1000) C:\Windows\Explorer.EXE (ID: 1592 |ParentID: 1524) C:\Windows\system32\svchost.exe (ID: 1628 |ParentID: 576) C:\Windows\SysWOW64\svchost.exe (ID: 1772 |ParentID: 576) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1804 |ParentID: 576) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1828 |ParentID: 576) C:\Windows\system32\runonce.exe (ID: 1944 |ParentID: 1592) C:\Windows\SysWOW64\runonce.exe (ID: 1956 |ParentID: 1944) C:\Windows\system32\PrintIsolationHost.exe (ID: 1044 |ParentID: 748) C:\Windows\system32\taskeng.exe (ID: 1216 |ParentID: 328) C:\Windows\system32\taskeng.exe (ID: 460 |ParentID: 328) C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1936 |ParentID: 576) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (ID: 1364 |ParentID: 576) C:\Windows\system32\svchost.exe (ID: 1500 |ParentID: 576) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2052 |ParentID: 576) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (ID: 2092 |ParentID: 576) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (ID: 2120 |ParentID: 576) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (ID: 2224 |ParentID: 1796) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (ID: 2232 |ParentID: 1796) C:\Windows\System32\svchost.exe (ID: 2292 |ParentID: 576) C:\Windows\System32\svchost.exe (ID: 2328 |ParentID: 576) C:\Program Files (x86)\Skype\Updater\Updater.exe (ID: 2392 |ParentID: 576) C:\Windows\system32\svchost.exe (ID: 2424 |ParentID: 576) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (ID: 2460 |ParentID: 576) C:\Windows\system32\TODDSrv.exe (ID: 2596 |ParentID: 576) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (ID: 2624 |ParentID: 576) C:\Program Files\TOSHIBA\TECO\TecoService.exe (ID: 2680 |ParentID: 576) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2816 |ParentID: 576) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2940 |ParentID: 2816) C:\Windows\system32\wbem\wmiprvse.exe (ID: 1796 |ParentID: 748) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (ID: 2508 |ParentID: 460) C:\Windows\system32\wbem\wmiprvse.exe (ID: 2532 |ParentID: 748) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 1060 |ParentID: 1804) ################## | Regedit Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [64bit] HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] userinit.exe F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, 04 - HKCU\..\Run : [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe 04 - HKCU\..\Run : [Google Update] "C:\Users\felix\AppData\Local\Google\Update\GoogleUpdate.exe" /c 04 - HKCU\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background 04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 04 - HKCU\..\Run : [Akamai NetSession Interface] "C:\Users\felix\AppData\Local\Akamai\netsession_win.exe" 04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun 04 - HKCU\..\Run : [uTorrent] "C:\Users\felix\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED 04 - HKCU\..\Run : [] 04 - HKLM\..\Run : [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL 04 - HKLM\..\Run : [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP 04 - HKLM\..\Run : [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart 04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun 04 - HKLM\..\Run : [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe 04 - HKLM\..\Run : [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun 04 - HKLM\..\Run : [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 04 - HKLM\..\Run : [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE 04 - HKLM\..\Run : [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe 04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" 04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" 04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 04 - HKLM\..\Run : [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" 04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime 04 - HKLM\..\Run : [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" 04 - HKLM\..\Run : [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe 04 - [64bit] HKLM\..\Run : [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe 04 - [64bit] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe 04 - [64bit] HKLM\..\Run : [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe 04 - [64bit] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s 04 - [64bit] HKLM\..\Run : [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 04 - [64bit] HKLM\..\Run : [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE 04 - [64bit] HKLM\..\Run : [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe 04 - [64bit] HKLM\..\Run : [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe 04 - [64bit] HKLM\..\Run : [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe 04 - [64bit] HKLM\..\Run : [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe 04 - [64bit] HKLM\..\Run : [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe 04 - [64bit] HKLM\..\Run : [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe 04 - [64bit] HKLM\..\Run : [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe 04 - [64bit] HKLM\..\Run : [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe 04 - [64bit] HKLM\..\Run : [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe 04 - [64bit] HKLM\..\Run : [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe 04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Google Update] "C:\Users\felix\AppData\Local\Google\Update\GoogleUpdate.exe" /c 04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background 04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Akamai NetSession Interface] "C:\Users\felix\AppData\Local\Akamai\netsession_win.exe" 04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun 04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [uTorrent] "C:\Users\felix\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED 04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [] 04 - HKU\S-1-5-18\..\Run : [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe ################## | Recherche générique | (!) Fichiers temporaires supprimés. ################## | Registre | Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1 Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5 ################## | Listing | [19/02/2011 - 20:16:22 | SHD] - C:\$RECYCLE.BIN [14/12/2013 - 13:18:28 | D] - C:\2-click run [24/03/2014 - 21:15:04 | D] - C:\AdwCleaner [18/03/2014 - 18:41:05 | D] - C:\Config.Msi [14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings [03/02/2013 - 20:25:46 | D] - C:\downloads [12/10/2013 - 10:18:34 | D] - C:\FAHRENHEIT_DVD_1 [24/03/2014 - 22:02:12 | ASH | 3037188 Ko] - C:\hiberfil.sys [28/06/2011 - 13:33:45 | D] - C:\HP Universal Print Driver [12/10/2013 - 09:18:38 | D] - C:\invictus [05/12/2012 - 19:57:10 | D] - C:\Mes Sites Web [13/12/2010 - 21:17:44 | RHD] - C:\MSOCache [24/03/2014 - 22:02:15 | ASH | 4049584 Ko] - C:\pagefile.sys [06/04/2011 - 17:43:34 | D] - C:\PFiles [25/02/2014 - 18:30:37 | D] - C:\Program Files [24/03/2014 - 20:59:40 | D] - C:\Program Files (x86) [24/03/2014 - 20:59:40 | HD] - C:\ProgramData [23/10/2010 - 05:42:24 | N | 3 Ko] - C:\RHDSetup.log [23/06/2010 - 13:13:40 | N | 0 Ko | 43304F160FF7B559867CD977DB3D7325] - C:\SWSTAMP.TXT [24/03/2014 - 16:43:32 | SHD] - C:\System Volume Information [13/12/2010 - 17:38:06 | D] - C:\Toshiba [24/03/2014 - 20:30:25 | D] - C:\UsbFix [24/03/2014 - 20:16:17 | N | 14 Ko | 8BA69218FE12E53C5A3D81C8A8A5EBA0] - C:\UsbFix [Clean 2] FELIX-TOSHIBA.txt [24/03/2014 - 20:22:14 | N | 14 Ko | 4B37A890DAC7D24F0C628092E69BC06C] - C:\UsbFix [Clean 4] FELIX-TOSHIBA.txt [24/03/2014 - 22:03:57 | A | 12 Ko | 12B8222291A2893C3747AD8B9AFD2CCD] - C:\UsbFix [Clean 6] FELIX-TOSHIBA.txt [24/03/2014 - 20:03:55 | N | 16 Ko | E64AF7A8BECD27CE25B79ECCD8BB616B] - C:\UsbFix [Scan 1] FELIX-TOSHIBA.txt [24/03/2014 - 20:31:19 | N | 13 Ko | 810151844C353E7A24A5CA41D2AA4333] - C:\UsbFix [Scan 2] FELIX-TOSHIBA.txt [24/03/2014 - 21:47:15 | N | 16 Ko | 298281E0B99E21B50CD60300981173C7] - C:\UsbFix [Scan 3] FELIX-TOSHIBA.txt [21/06/2012 - 18:25:32 | N | 3 Ko] - C:\user.js [13/12/2010 - 17:31:40 | D] - C:\Users [10/02/2012 - 12:21:10 | D] - C:\v2d [05/12/2013 - 14:43:08 | D] - C:\wamp [24/03/2014 - 20:53:44 | D] - C:\Windows [03/06/2011 - 21:19:00 | SHD] - D:\$RECYCLE.BIN [24/12/2010 - 12:10:21 | D] - D:\ancien disque portable [03/10/2013 - 13:31:38 | D] - D:\bepecaser [06/07/2013 - 16:36:35 | D] - D:\char [24/03/2014 - 19:55:08 | D] - D:\copie clé usb 06072013 [16/01/2014 - 22:15:14 | D] - D:\documents importants jerome [06/07/2013 - 16:46:54 | D] - D:\echasses urbaines [08/07/2013 - 16:46:06 | D] - D:\feu artifice [06/07/2013 - 15:54:02 | D] - D:\films et séries [03/03/2014 - 17:29:30 | D] - D:\futuroscope [14/12/2010 - 02:25:45 | D] - D:\HDDRecovery [25/10/2012 - 16:57:49 | D] - D:\hypnose [06/07/2013 - 16:05:30 | D] - D:\Isaac [27/11/2013 - 19:46:59 | D] - D:\J_L_SEAGULL [25/10/2012 - 16:54:59 | D] - D:\LMC [13/12/2013 - 23:44:32 | D] - D:\logiciels installation [11/08/2013 - 17:49:44 | D] - D:\maison [06/09/2013 - 23:39:27 | D] - D:\mini z [07/07/2013 - 11:06:52 | D] - D:\musique [25/10/2013 - 14:13:11 | D] - D:\photos [05/07/2013 - 10:53:20 | D] - D:\porteau [23/10/2010 - 05:30:28 | SHD] - D:\System Volume Information [30/08/2013 - 21:51:20 | D] - D:\titou [11/10/2011 - 12:37:01 | D] - D:\_SYNCAPP ################## | Vaccin | D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |