cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.165 | [Recherche]

Utilisateur: L�a (Administrateur) # PC-DE-L�A
Mis � jour le16/02/2014 par El Desaparecido - Team SosVirus
Lanc� � 14:28:12 | 21/02/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: TOSHIBA (Portable PC)
CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
RAM -> [Total : 3069 Mo| Free : 1021 Mo]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft� Windows Vista� �dition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 33.0.1750.117
WB: Mozilla Firefox : 25.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 149 Go (14 Go libre(s) - 9%) [Vista] # NTFS
D:\ -> Disque amovible # 30 Go (30 Go libre(s) - 100%) [L�A USB] # FAT32
E:\ -> Disque fixe # 148 Go (15 Go libre(s) - 10%) [Data] # NTFS
F:\ -> CD-ROM

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 660 |ParentID: 648)
C:\Windows\system32\wininit.exe (ID: 732 |ParentID: 648)
C:\Windows\system32\csrss.exe (ID: 744 |ParentID: 724)
C:\Windows\system32\services.exe (ID: 780 |ParentID: 732)
C:\Windows\system32\lsass.exe (ID: 796 |ParentID: 732)
C:\Windows\system32\lsm.exe (ID: 804 |ParentID: 732)
C:\Windows\system32\winlogon.exe (ID: 852 |ParentID: 724)
C:\Windows\system32\svchost.exe (ID: 972 |ParentID: 780)
C:\Windows\system32\svchost.exe (ID: 1104 |ParentID: 780)
C:\Windows\System32\svchost.exe (ID: 1152 |ParentID: 780)
C:\Windows\system32\atiesrxx.exe (ID: 1236 |ParentID: 780)
C:\Windows\System32\svchost.exe (ID: 1256 |ParentID: 780)
C:\Windows\System32\svchost.exe (ID: 1288 |ParentID: 780)
C:\Windows\system32\svchost.exe (ID: 1304 |ParentID: 780)
C:\Windows\system32\svchost.exe (ID: 1440 |ParentID: 780)
C:\Windows\system32\SLsvc.exe (ID: 1460 |ParentID: 780)
C:\Windows\system32\atieclxx.exe (ID: 1508 |ParentID: 1236)
C:\Windows\system32\svchost.exe (ID: 1616 |ParentID: 780)
C:\Windows\system32\svchost.exe (ID: 1776 |ParentID: 780)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1916 |ParentID: 780)
C:\Windows\System32\spoolsv.exe (ID: 300 |ParentID: 780)
C:\Windows\system32\svchost.exe (ID: 440 |ParentID: 780)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ID: 2232 |ParentID: 780)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 2244 |ParentID: 780)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2288 |ParentID: 780)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2336 |ParentID: 780)
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (ID: 2424 |ParentID: 780)
C:\Program Files\Comodo\Dragon\dragon_updater.exe (ID: 2556 |ParentID: 780)
C:\Windows\system32\FsUsbExService.Exe (ID: 2616 |ParentID: 780)
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (ID: 2652 |ParentID: 780)
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (ID: 2684 |ParentID: 780)
C:\Windows\System32\svchost.exe (ID: 2696 |ParentID: 780)
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (ID: 2720 |ParentID: 780)
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (ID: 2792 |ParentID: 780)
C:\Windows\System32\svchost.exe (ID: 2812 |ParentID: 780)
C:\Program Files\RelevantKnowledge\rlservice.exe (ID: 2852 |ParentID: 780)
C:\Windows\system32\svchost.exe (ID: 2900 |ParentID: 780)
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (ID: 2948 |ParentID: 780)
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (ID: 3112 |ParentID: 780)
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (ID: 3148 |ParentID: 780)
C:\Windows\system32\TODDSrv.exe (ID: 3168 |ParentID: 780)
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (ID: 3208 |ParentID: 780)
C:\Windows\System32\svchost.exe (ID: 3280 |ParentID: 780)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3328 |ParentID: 780)
C:\Windows\system32\SearchIndexer.exe (ID: 3356 |ParentID: 780)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3404 |ParentID: 3328)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (ID: 3656 |ParentID: 780)
C:\Windows\system32\taskeng.exe (ID: 3864 |ParentID: 1304)
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (ID: 3976 |ParentID: 780)
C:\Windows\system32\taskeng.exe (ID: 1924 |ParentID: 1304)
C:\Windows\system32\Dwm.exe (ID: 3012 |ParentID: 1288)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3016 |ParentID: 972)
C:\Windows\Explorer.EXE (ID: 1912 |ParentID: 2160)
C:\Program Files\Windows Defender\MSASCui.exe (ID: 1940 |ParentID: 1912)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2600 |ParentID: 1912)
C:\Program Files\Toshiba TEMPRO\TemproTray.exe (ID: 2732 |ParentID: 1912)
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (ID: 3424 |ParentID: 1912)
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (ID: 1400 |ParentID: 1912)
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (ID: 1344 |ParentID: 1912)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 3988 |ParentID: 1912)
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (ID: 3616 |ParentID: 1912)
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (ID: 2832 |ParentID: 1912)
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (ID: 2584 |ParentID: 1912)
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (ID: 1860 |ParentID: 1912)
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (ID: 2828 |ParentID: 1912)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ID: 1652 |ParentID: 1912)
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (ID: 2784 |ParentID: 1912)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3856 |ParentID: 1912)
C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ID: 2768 |ParentID: 1912)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 1492 |ParentID: 1912)
C:\Program Files\DivX\DivX Update\DivXUpdate.exe (ID: 2608 |ParentID: 1912)
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (ID: 1044 |ParentID: 1912)
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (ID: 4104 |ParentID: 1912)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4120 |ParentID: 1912)
C:\Windows\ehome\ehtray.exe (ID: 4164 |ParentID: 1912)
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (ID: 4236 |ParentID: 1912)
C:\Users\L�a\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID: 4248 |ParentID: 1912)
C:\Program Files\Windows Media Player\wmpnscfg.exe (ID: 4260 |ParentID: 1912)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 4308 |ParentID: 1160)
C:\Users\L�a\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 4332 |ParentID: 1912)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ID: 4788 |ParentID: 1652)
C:\Windows\ehome\ehmsas.exe (ID: 4924 |ParentID: 972)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5080 |ParentID: 780)
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (ID: 5468 |ParentID: 2832)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 5512 |ParentID: 4120)
C:\Program Files\iPod\bin\iPodService.exe (ID: 5828 |ParentID: 780)
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (ID: 5940 |ParentID: 972)
C:\Program Files\iTunes\iTunes.exe (ID: 4368 |ParentID: 1492)
C:\Windows\system32\svchost.exe (ID: 4388 |ParentID: 780)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 4484 |ParentID: 4308)
C:\Windows\system32\svchost.exe (ID: 1148 |ParentID: 780)
C:\Program Files\OrangeHSS\systray\systrayapp.exe (ID: 4752 |ParentID: 4816)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 3600 |ParentID: 2600)
C:\Windows\system32\conime.exe (ID: 4628 |ParentID: 2884)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (ID: 5292 |ParentID: 4368)
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (ID: 5044 |ParentID: 5292)
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (ID: 5920 |ParentID: 5292)
C:\Program Files\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe (ID: 6744 |ParentID: 4368)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 8056 |ParentID: 1912)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6864 |ParentID: 8056)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 948 |ParentID: 8056)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7556 |ParentID: 8056)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6656 |ParentID: 8056)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4444 |ParentID: 8056)
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe (ID: 1612 |ParentID: 4368)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4348 |ParentID: 8056)
C:\Users\L�a\Desktop\RogueKiller.exe (ID: 6984 |ParentID: 1912)
C:\Windows\system32\SearchProtocolHost.exe (ID: 6840 |ParentID: 3356)
C:\Windows\system32\SearchFilterHost.exe (ID: 7072 |ParentID: 3356)

################## | Regedit Run |

04 - HKCU\..\Run : [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
04 - HKCU\..\Run : [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [ehTray.exe] C:\Windows\ehome\ehTray.exe
04 - HKCU\..\Run : [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKCU\..\Run : [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\L�a\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKCU\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLM\..\Run : [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
04 - HKLM\..\Run : [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
04 - HKLM\..\Run : [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
04 - HKLM\..\Run : [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
04 - HKLM\..\Run : [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
04 - HKLM\..\Run : [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
04 - HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
04 - HKLM\..\Run : [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
04 - HKLM\..\Run : [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
04 - HKLM\..\Run : [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
04 - HKLM\..\Run : [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
04 - HKLM\..\Run : [ORAHSSSessionManager] "C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe"
04 - HKLM\..\Run : [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
04 - HKLM\..\Run : [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
04 - HKLM\..\Run : [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
04 - HKLM\..\Run : [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
04 - HKLM\..\Run : [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
04 - HKLM\..\Run : [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
04 - HKLM\..\Run : [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
04 - HKLM\..\Run : [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
04 - HKLM\..\RunOnce : [20131224] C:\Program Files\Alwil Software\Avast5\setup\emupdate\974f8d54-1ede-477b-99d1-c8279f580848.exe /check
04 - HKLM\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-538639188-2399404762-4000689836-1000\..\Run : [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
04 - HKU\S-1-5-21-538639188-2399404762-4000689836-1000\..\Run : [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
04 - HKU\S-1-5-21-538639188-2399404762-4000689836-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-538639188-2399404762-4000689836-1000\..\Run : [ehTray.exe] C:\Windows\ehome\ehTray.exe
04 - HKU\S-1-5-21-538639188-2399404762-4000689836-1000\..\Run : [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKU\S-1-5-21-538639188-2399404762-4000689836-1000\..\Run : [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
04 - HKU\S-1-5-21-538639188-2399404762-4000689836-1000\..\Run : [Spotify Web Helper] "C:\Users\L�a\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-538639188-2399404762-4000689836-1000\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKU\S-1-5-18\..\Run : [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe

################## | Recherche g�n�rique |

Pr�sent! D:\SURVIVAL.vbe
Pr�sent! D:\SURVIVAL.lnk
Pr�sent! D:\zqpszkbcjx.lnk
Pr�sent! D:\UE 3.lnk
Pr�sent! D:\UE 6.lnk
Pr�sent! D:\UE 7.lnk
Pr�sent! D:\System Volume Information.lnk
Pr�sent! D:\M�canique des fluides parfaits 3.lnk
Pr�sent! D:\M�canique des fluides 2.lnk
Pr�sent! C:\Users\L�a\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
Pr�sent! C:\Users\L�a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz97CE.tmp
Pr�sent! C:\Users\L�a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz9F71.tmp

################## | Registre |


################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité