Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.163 | [Recherche]
Utilisateur: Telo� (Administrateur) # TELO�-PC
Mis � jour le 02/02/2014 par El Desaparecido - Team SosVirus
Lanc� � 07:36:51 | 06/02/2014
Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Acer (JV50 )
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
RAM -> [Total : 4091 Mo| Free : 1934 Mo]
Bios: Phoenix Technologies LTD
Boot: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 32.0.1700.107
WB: Mozilla Firefox : 1.9.2.28
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
C:\ (%systemdrive%) -> Disque fixe # 285 Go (168 Go libre(s) - 59%) [ACER] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 4 Go (2 Go libre(s) - 61%) [MOON] # FAT32
F:\ -> Disque amovible # 914 Mo (506 Mo libre(s) - 55%) [] # FAT
G:\ -> Disque amovible # 984 Mo (490 Mo libre(s) - 50%) [] # FAT
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 500 |ParentID: 436)
C:\Windows\system32\wininit.exe (ID: 576 |ParentID: 436)
C:\Windows\system32\csrss.exe (ID: 584 |ParentID: 568)
C:\Windows\system32\services.exe (ID: 632 |ParentID: 576)
C:\Windows\system32\lsass.exe (ID: 648 |ParentID: 576)
C:\Windows\system32\lsm.exe (ID: 656 |ParentID: 576)
C:\Windows\system32\winlogon.exe (ID: 716 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 796 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 888 |ParentID: 632)
C:\Windows\system32\atiesrxx.exe (ID: 936 |ParentID: 632)
C:\Windows\System32\svchost.exe (ID: 1016 |ParentID: 632)
C:\Windows\System32\svchost.exe (ID: 376 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 516 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 396 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 1204 |ParentID: 632)
C:\Windows\system32\atieclxx.exe (ID: 1232 |ParentID: 936)
C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 1244 |ParentID: 376)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1416 |ParentID: 632)
C:\Windows\System32\spoolsv.exe (ID: 1520 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 1548 |ParentID: 632)
C:\Windows\system32\taskhost.exe (ID: 1780 |ParentID: 632)
C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 1816 |ParentID: 376)
C:\Windows\system32\taskeng.exe (ID: 1828 |ParentID: 396)
C:\Windows\system32\taskeng.exe (ID: 1952 |ParentID: 396)
C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe (ID: 1964 |ParentID: 1828)
C:\Windows\system32\Dwm.exe (ID: 1148 |ParentID: 376)
C:\Windows\Explorer.EXE (ID: 1228 |ParentID: 2044)
C:\Program Files\LSI SoftModem\agr64svc.exe (ID: 1596 |ParentID: 632)
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (ID: 572 |ParentID: 1936)
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (ID: 1700 |ParentID: 1936)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (ID: 1568 |ParentID: 632)
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 1720 |ParentID: 632)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe (ID: 2052 |ParentID: 632)
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 2084 |ParentID: 1720)
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (ID: 2176 |ParentID: 632)
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (ID: 2260 |ParentID: 632)
C:\Program Files\IB Updater\ExtensionUpdaterService.exe (ID: 2392 |ParentID: 632)
C:\Windows\system32\dmwu.exe (ID: 2416 |ParentID: 632)
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (ID: 2448 |ParentID: 632)
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (ID: 2500 |ParentID: 632)
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (ID: 2564 |ParentID: 632)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 2616 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 2716 |ParentID: 632)
C:\Program Files\Acer\Acer Updater\UpdaterService.exe (ID: 2764 |ParentID: 632)
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (ID: 2796 |ParentID: 632)
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (ID: 2896 |ParentID: 632)
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (ID: 2920 |ParentID: 632)
C:\Windows\System32\svchost.exe (ID: 2944 |ParentID: 632)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2996 |ParentID: 632)
C:\Windows\System32\atwtusb.exe (ID: 3064 |ParentID: 632)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (ID: 3108 |ParentID: 632)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3144 |ParentID: 2996)
C:\Windows\system32\atwtusb.exe (ID: 3352 |ParentID: 3064)
C:\Windows\system32\svchost.exe (ID: 3644 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 3876 |ParentID: 632)
C:\Windows\SysWOW64\jmdp\stij.exe (ID: 4000 |ParentID: 2416)
C:\Windows\System32\ljkb\stij.exe (ID: 1056 |ParentID: 2416)
C:\Windows\System32\rundll32.exe (ID: 3476 |ParentID: 796)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (ID: 3188 |ParentID: 1228)
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (ID: 3196 |ParentID: 1228)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 4088 |ParentID: 1228)
C:\Windows\PLFSetI.exe (ID: 496 |ParentID: 1228)
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (ID: 2480 |ParentID: 1228)
C:\Windows\System32\WTMKM.exe (ID: 3184 |ParentID: 1228)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 2400 |ParentID: 4088)
C:\Windows\system32\SearchIndexer.exe (ID: 3096 |ParentID: 632)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 4120 |ParentID: 1228)
C:\Windows\system32\wbem\unsecapp.exe (ID: 4128 |ParentID: 796)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4196 |ParentID: 796)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 4336 |ParentID: 1228)
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (ID: 4468 |ParentID: 4152)
C:\Users\Telo�\AppData\Roaming\cacaoweb\cacaoweb.exe (ID: 4596 |ParentID: 1228)
C:\Windows\System32\wscript.exe (ID: 4608 |ParentID: 1228)
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (ID: 4624 |ParentID: 2176)
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (ID: 4688 |ParentID: 1228)
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (ID: 4920 |ParentID: 4616)
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (ID: 5008 |ParentID: 4616)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (ID: 3720 |ParentID: 4744)
C:\Program Files (x86)\Launch Manager\LManager.exe (ID: 3796 |ParentID: 4616)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 3764 |ParentID: 4616)
C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (ID: 2820 |ParentID: 4616)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3704 |ParentID: 4616)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4496 |ParentID: 4616)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (ID: 1768 |ParentID: 3720)
C:\Program Files\iPod\bin\iPodService.exe (ID: 4656 |ParentID: 632)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 4772 |ParentID: 5032)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5600 |ParentID: 632)
C:\Windows\System32\svchost.exe (ID: 5988 |ParentID: 632)
C:\Windows\system32\DllHost.exe (ID: 5524 |ParentID: 796)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4736 |ParentID: 796)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 6068 |ParentID: 4772)
C:\Windows\system32\wuauclt.exe (ID: 2032 |ParentID: 396)
C:\Windows\System32\WUDFHost.exe (ID: 4816 |ParentID: 376)
C:\Windows\system32\taskeng.exe (ID: 1600 |ParentID: 396)
C:\Windows\SysWOW64\ctfmon.exe (ID: 4508 |ParentID: 3704)
################## | Regedit Run |
04 - HKCU\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [cacaoweb] "C:\Users\Telo�\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKCU\..\Run : [AdobeBridge]
04 - HKCU\..\Run : [flashmemory] wscript.exe //B "C:\Users\TELO~1\AppData\Local\Temp\flashmemory.vbe"
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
04 - HKLM\..\Run : [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
04 - HKLM\..\Run : [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\..\Run : [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM64\..\Run : [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
04 - HKLM64\..\Run : [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [PLFSetI] C:\Windows\PLFSetI.exe
04 - HKLM64\..\Run : [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
04 - HKLM64\..\Run : []
04 - HKLM64\..\Run : [MacroKeyManager] WTMKM.exe
04 - HKLM64\..\Run : [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - HKLM64\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\..\Run : [cacaoweb] "C:\Users\Telo�\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\..\Run : [AdobeBridge]
04 - HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\..\Run : [flashmemory] wscript.exe //B "C:\Users\TELO~1\AppData\Local\Temp\flashmemory.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | Recherche g�n�rique |
Pr�sent! C:\Users\Telo�\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Pr�sent! C:\Users\TELO~1\AppData\Local\Temp\flashmemory.vbe
Pr�sent! E:\flashmemory.vbe
Pr�sent! F:\flashmemory.vbe
Pr�sent! G:\flashmemory.vbe
Pr�sent! E:\.TemporaryItems.lnk
Pr�sent! E:\.lnk
Pr�sent! E:\Le loup de wall street (2013).lnk
Pr�sent! E:\Le loup de Wall street.lnk
Pr�sent! E:\.Trashes.lnk
Pr�sent! E:\.fseventsd.lnk
Pr�sent! E:\.Spotlight-V100.lnk
Pr�sent! F:\Musique pop � �couter.lnk
Pr�sent! F:\2012-2013.lnk
Pr�sent! F:\2013-2014.lnk
Pr�sent! F:\Stage.lnk
Pr�sent! F:\Partitions.lnk
Pr�sent! F:\ENGLISH-Oral presentation.lnk
Pr�sent! F:\Organo.lnk
Pr�sent! F:\s2.lnk
Pr�sent! F:\deri-MA109.lnk
Pr�sent! F:\LETT_048_0109.lnk
Pr�sent! G:\freitag.lnk
Pr�sent! G:\cible.lnk
Pr�sent! G:\jpg.lnk
Pr�sent! G:\fille 1.lnk
Pr�sent! G:\fille 2.lnk
Pr�sent! G:\.lnk
Pr�sent! G:\D�coupe.lnk
Pr�sent! G:\impressionfaille.lnk
Pr�sent! G:\impessionfaille2.lnk
Pr�sent! G:\impressionfaille3.lnk
Pr�sent! G:\Rapport de stage finalis� (R�cup�r�).lnk
Pr�sent! G:\Rapport de stage finalis� (R�cup�r�) 2.lnk
Pr�sent! G:\Fiche de lecture.lnk
Pr�sent! G:\imprimer final jardin.lnk
Pr�sent! G:\impression final jardin 2.lnk
Pr�sent! G:\�crit accumulation.lnk
Pr�sent! G:\20140129092306.lnk
Pr�sent! G:\20140129092343.lnk
Pr�sent! G:\20140129092441.lnk
Pr�sent! G:\20140129092500.lnk
Pr�sent! G:\RAPPORT DE STAGE.lnk
Pr�sent! G:\39f9f66a6ab7b4656e6221347f881844.lnk
Pr�sent! G:\4da0190ca36209da2bd0379412e40cd8.lnk
Pr�sent! G:\.Spotlight-V100.lnk
Pr�sent! G:\.Trashes.lnk
Pr�sent! G:\IMPRESSION.lnk
Pr�sent! G:\Rapport de stage finalis� (R�cup�r�).pages.lnk
Pr�sent! G:\faille programme.lnk
Pr�sent! G:\.TemporaryItems.lnk
Pr�sent! G:\bouchra jarrar.lnk
Pr�sent! G:\fiche projet perso.lnk
Pr�sent! C:\Users\Telo�\AppData\Local\Temp\flashmemory.vbe
################## | Registre |
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Pr�sent! HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
################## | Vaccin |
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
Utilisateur: Telo� (Administrateur) # TELO�-PC
Mis � jour le 02/02/2014 par El Desaparecido - Team SosVirus
Lanc� � 07:36:51 | 06/02/2014
Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Acer (JV50 )
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
RAM -> [Total : 4091 Mo| Free : 1934 Mo]
Bios: Phoenix Technologies LTD
Boot: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 32.0.1700.107
WB: Mozilla Firefox : 1.9.2.28
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
C:\ (%systemdrive%) -> Disque fixe # 285 Go (168 Go libre(s) - 59%) [ACER] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 4 Go (2 Go libre(s) - 61%) [MOON] # FAT32
F:\ -> Disque amovible # 914 Mo (506 Mo libre(s) - 55%) [] # FAT
G:\ -> Disque amovible # 984 Mo (490 Mo libre(s) - 50%) [] # FAT
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 500 |ParentID: 436)
C:\Windows\system32\wininit.exe (ID: 576 |ParentID: 436)
C:\Windows\system32\csrss.exe (ID: 584 |ParentID: 568)
C:\Windows\system32\services.exe (ID: 632 |ParentID: 576)
C:\Windows\system32\lsass.exe (ID: 648 |ParentID: 576)
C:\Windows\system32\lsm.exe (ID: 656 |ParentID: 576)
C:\Windows\system32\winlogon.exe (ID: 716 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 796 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 888 |ParentID: 632)
C:\Windows\system32\atiesrxx.exe (ID: 936 |ParentID: 632)
C:\Windows\System32\svchost.exe (ID: 1016 |ParentID: 632)
C:\Windows\System32\svchost.exe (ID: 376 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 516 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 396 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 1204 |ParentID: 632)
C:\Windows\system32\atieclxx.exe (ID: 1232 |ParentID: 936)
C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 1244 |ParentID: 376)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1416 |ParentID: 632)
C:\Windows\System32\spoolsv.exe (ID: 1520 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 1548 |ParentID: 632)
C:\Windows\system32\taskhost.exe (ID: 1780 |ParentID: 632)
C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 1816 |ParentID: 376)
C:\Windows\system32\taskeng.exe (ID: 1828 |ParentID: 396)
C:\Windows\system32\taskeng.exe (ID: 1952 |ParentID: 396)
C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe (ID: 1964 |ParentID: 1828)
C:\Windows\system32\Dwm.exe (ID: 1148 |ParentID: 376)
C:\Windows\Explorer.EXE (ID: 1228 |ParentID: 2044)
C:\Program Files\LSI SoftModem\agr64svc.exe (ID: 1596 |ParentID: 632)
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (ID: 572 |ParentID: 1936)
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (ID: 1700 |ParentID: 1936)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (ID: 1568 |ParentID: 632)
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 1720 |ParentID: 632)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe (ID: 2052 |ParentID: 632)
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 2084 |ParentID: 1720)
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (ID: 2176 |ParentID: 632)
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (ID: 2260 |ParentID: 632)
C:\Program Files\IB Updater\ExtensionUpdaterService.exe (ID: 2392 |ParentID: 632)
C:\Windows\system32\dmwu.exe (ID: 2416 |ParentID: 632)
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (ID: 2448 |ParentID: 632)
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (ID: 2500 |ParentID: 632)
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (ID: 2564 |ParentID: 632)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 2616 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 2716 |ParentID: 632)
C:\Program Files\Acer\Acer Updater\UpdaterService.exe (ID: 2764 |ParentID: 632)
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (ID: 2796 |ParentID: 632)
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (ID: 2896 |ParentID: 632)
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (ID: 2920 |ParentID: 632)
C:\Windows\System32\svchost.exe (ID: 2944 |ParentID: 632)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2996 |ParentID: 632)
C:\Windows\System32\atwtusb.exe (ID: 3064 |ParentID: 632)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (ID: 3108 |ParentID: 632)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3144 |ParentID: 2996)
C:\Windows\system32\atwtusb.exe (ID: 3352 |ParentID: 3064)
C:\Windows\system32\svchost.exe (ID: 3644 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 3876 |ParentID: 632)
C:\Windows\SysWOW64\jmdp\stij.exe (ID: 4000 |ParentID: 2416)
C:\Windows\System32\ljkb\stij.exe (ID: 1056 |ParentID: 2416)
C:\Windows\System32\rundll32.exe (ID: 3476 |ParentID: 796)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (ID: 3188 |ParentID: 1228)
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (ID: 3196 |ParentID: 1228)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 4088 |ParentID: 1228)
C:\Windows\PLFSetI.exe (ID: 496 |ParentID: 1228)
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (ID: 2480 |ParentID: 1228)
C:\Windows\System32\WTMKM.exe (ID: 3184 |ParentID: 1228)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 2400 |ParentID: 4088)
C:\Windows\system32\SearchIndexer.exe (ID: 3096 |ParentID: 632)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 4120 |ParentID: 1228)
C:\Windows\system32\wbem\unsecapp.exe (ID: 4128 |ParentID: 796)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4196 |ParentID: 796)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 4336 |ParentID: 1228)
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (ID: 4468 |ParentID: 4152)
C:\Users\Telo�\AppData\Roaming\cacaoweb\cacaoweb.exe (ID: 4596 |ParentID: 1228)
C:\Windows\System32\wscript.exe (ID: 4608 |ParentID: 1228)
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (ID: 4624 |ParentID: 2176)
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (ID: 4688 |ParentID: 1228)
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (ID: 4920 |ParentID: 4616)
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (ID: 5008 |ParentID: 4616)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (ID: 3720 |ParentID: 4744)
C:\Program Files (x86)\Launch Manager\LManager.exe (ID: 3796 |ParentID: 4616)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 3764 |ParentID: 4616)
C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (ID: 2820 |ParentID: 4616)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3704 |ParentID: 4616)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4496 |ParentID: 4616)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (ID: 1768 |ParentID: 3720)
C:\Program Files\iPod\bin\iPodService.exe (ID: 4656 |ParentID: 632)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 4772 |ParentID: 5032)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5600 |ParentID: 632)
C:\Windows\System32\svchost.exe (ID: 5988 |ParentID: 632)
C:\Windows\system32\DllHost.exe (ID: 5524 |ParentID: 796)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4736 |ParentID: 796)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 6068 |ParentID: 4772)
C:\Windows\system32\wuauclt.exe (ID: 2032 |ParentID: 396)
C:\Windows\System32\WUDFHost.exe (ID: 4816 |ParentID: 376)
C:\Windows\system32\taskeng.exe (ID: 1600 |ParentID: 396)
C:\Windows\SysWOW64\ctfmon.exe (ID: 4508 |ParentID: 3704)
################## | Regedit Run |
04 - HKCU\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [cacaoweb] "C:\Users\Telo�\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKCU\..\Run : [AdobeBridge]
04 - HKCU\..\Run : [flashmemory] wscript.exe //B "C:\Users\TELO~1\AppData\Local\Temp\flashmemory.vbe"
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
04 - HKLM\..\Run : [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
04 - HKLM\..\Run : [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\..\Run : [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM64\..\Run : [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
04 - HKLM64\..\Run : [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [PLFSetI] C:\Windows\PLFSetI.exe
04 - HKLM64\..\Run : [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
04 - HKLM64\..\Run : []
04 - HKLM64\..\Run : [MacroKeyManager] WTMKM.exe
04 - HKLM64\..\Run : [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - HKLM64\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\..\Run : [cacaoweb] "C:\Users\Telo�\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\..\Run : [AdobeBridge]
04 - HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\..\Run : [flashmemory] wscript.exe //B "C:\Users\TELO~1\AppData\Local\Temp\flashmemory.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | Recherche g�n�rique |
Pr�sent! C:\Users\Telo�\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Pr�sent! C:\Users\TELO~1\AppData\Local\Temp\flashmemory.vbe
Pr�sent! E:\flashmemory.vbe
Pr�sent! F:\flashmemory.vbe
Pr�sent! G:\flashmemory.vbe
Pr�sent! E:\.TemporaryItems.lnk
Pr�sent! E:\.lnk
Pr�sent! E:\Le loup de wall street (2013).lnk
Pr�sent! E:\Le loup de Wall street.lnk
Pr�sent! E:\.Trashes.lnk
Pr�sent! E:\.fseventsd.lnk
Pr�sent! E:\.Spotlight-V100.lnk
Pr�sent! F:\Musique pop � �couter.lnk
Pr�sent! F:\2012-2013.lnk
Pr�sent! F:\2013-2014.lnk
Pr�sent! F:\Stage.lnk
Pr�sent! F:\Partitions.lnk
Pr�sent! F:\ENGLISH-Oral presentation.lnk
Pr�sent! F:\Organo.lnk
Pr�sent! F:\s2.lnk
Pr�sent! F:\deri-MA109.lnk
Pr�sent! F:\LETT_048_0109.lnk
Pr�sent! G:\freitag.lnk
Pr�sent! G:\cible.lnk
Pr�sent! G:\jpg.lnk
Pr�sent! G:\fille 1.lnk
Pr�sent! G:\fille 2.lnk
Pr�sent! G:\.lnk
Pr�sent! G:\D�coupe.lnk
Pr�sent! G:\impressionfaille.lnk
Pr�sent! G:\impessionfaille2.lnk
Pr�sent! G:\impressionfaille3.lnk
Pr�sent! G:\Rapport de stage finalis� (R�cup�r�).lnk
Pr�sent! G:\Rapport de stage finalis� (R�cup�r�) 2.lnk
Pr�sent! G:\Fiche de lecture.lnk
Pr�sent! G:\imprimer final jardin.lnk
Pr�sent! G:\impression final jardin 2.lnk
Pr�sent! G:\�crit accumulation.lnk
Pr�sent! G:\20140129092306.lnk
Pr�sent! G:\20140129092343.lnk
Pr�sent! G:\20140129092441.lnk
Pr�sent! G:\20140129092500.lnk
Pr�sent! G:\RAPPORT DE STAGE.lnk
Pr�sent! G:\39f9f66a6ab7b4656e6221347f881844.lnk
Pr�sent! G:\4da0190ca36209da2bd0379412e40cd8.lnk
Pr�sent! G:\.Spotlight-V100.lnk
Pr�sent! G:\.Trashes.lnk
Pr�sent! G:\IMPRESSION.lnk
Pr�sent! G:\Rapport de stage finalis� (R�cup�r�).pages.lnk
Pr�sent! G:\faille programme.lnk
Pr�sent! G:\.TemporaryItems.lnk
Pr�sent! G:\bouchra jarrar.lnk
Pr�sent! G:\fiche projet perso.lnk
Pr�sent! C:\Users\Telo�\AppData\Local\Temp\flashmemory.vbe
################## | Registre |
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Pr�sent! HKU\S-1-5-21-3257031791-4191643407-3681858138-1000\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
################## | Vaccin |
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |