Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.167 | [Suppression]
Utilisateur: felix (Administrateur) # FELIX-TOSHIBA
Mis � jour le 13/03/2014 par El Desaparecido - Team SosVirus
Lanc� � 22:03:06 | 24/03/2014
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: TOSHIBA (NALAA)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
RAM -> [Total : 3955 Mo| Free : 2525 Mo]
Bios: TOSHIBA
Boot: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16521
WB: Safari : 534.57.2
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Avira Desktop [Enabled | Updated]
AS: Avira Desktop [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
C:\ (%systemdrive%) -> Disque fixe # 233 Go (59 Go libre(s) - 25%) [WINDOWS] # NTFS
D:\ -> Disque fixe # 232 Go (103 Go libre(s) - 44%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 7 Go (3 Go libre(s) - 37%) [USB DISK] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 440 |ParentID: 432)
C:\Windows\system32\wininit.exe (ID: 520 |ParentID: 432)
C:\Windows\system32\csrss.exe (ID: 544 |ParentID: 528)
C:\Windows\system32\services.exe (ID: 576 |ParentID: 520)
C:\Windows\system32\winlogon.exe (ID: 616 |ParentID: 528)
C:\Windows\system32\lsass.exe (ID: 628 |ParentID: 520)
C:\Windows\system32\lsm.exe (ID: 636 |ParentID: 520)
C:\Windows\system32\svchost.exe (ID: 748 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 840 |ParentID: 576)
C:\Windows\system32\atiesrxx.exe (ID: 892 |ParentID: 576)
C:\Windows\System32\svchost.exe (ID: 968 |ParentID: 576)
C:\Windows\System32\svchost.exe (ID: 1000 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 128 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 328 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 1088 |ParentID: 576)
C:\Windows\system32\atieclxx.exe (ID: 1180 |ParentID: 892)
C:\Windows\System32\spoolsv.exe (ID: 1316 |ParentID: 576)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1356 |ParentID: 576)
C:\Windows\system32\taskhost.exe (ID: 1448 |ParentID: 576)
C:\Windows\system32\Dwm.exe (ID: 1536 |ParentID: 1000)
C:\Windows\Explorer.EXE (ID: 1592 |ParentID: 1524)
C:\Windows\system32\svchost.exe (ID: 1628 |ParentID: 576)
C:\Windows\SysWOW64\svchost.exe (ID: 1772 |ParentID: 576)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1804 |ParentID: 576)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1828 |ParentID: 576)
C:\Windows\system32\runonce.exe (ID: 1944 |ParentID: 1592)
C:\Windows\SysWOW64\runonce.exe (ID: 1956 |ParentID: 1944)
C:\Windows\system32\PrintIsolationHost.exe (ID: 1044 |ParentID: 748)
C:\Windows\system32\taskeng.exe (ID: 1216 |ParentID: 328)
C:\Windows\system32\taskeng.exe (ID: 460 |ParentID: 328)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1936 |ParentID: 576)
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (ID: 1364 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 1500 |ParentID: 576)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2052 |ParentID: 576)
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (ID: 2092 |ParentID: 576)
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (ID: 2120 |ParentID: 576)
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (ID: 2224 |ParentID: 1796)
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (ID: 2232 |ParentID: 1796)
C:\Windows\System32\svchost.exe (ID: 2292 |ParentID: 576)
C:\Windows\System32\svchost.exe (ID: 2328 |ParentID: 576)
C:\Program Files (x86)\Skype\Updater\Updater.exe (ID: 2392 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 2424 |ParentID: 576)
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (ID: 2460 |ParentID: 576)
C:\Windows\system32\TODDSrv.exe (ID: 2596 |ParentID: 576)
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (ID: 2624 |ParentID: 576)
C:\Program Files\TOSHIBA\TECO\TecoService.exe (ID: 2680 |ParentID: 576)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2816 |ParentID: 576)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2940 |ParentID: 2816)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1796 |ParentID: 748)
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (ID: 2508 |ParentID: 460)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2532 |ParentID: 748)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 1060 |ParentID: 1804)
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
04 - HKCU\..\Run : [Google Update] "C:\Users\felix\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [Akamai NetSession Interface] "C:\Users\felix\AppData\Local\Akamai\netsession_win.exe"
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [uTorrent] "C:\Users\felix\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : []
04 - HKLM\..\Run : [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
04 - HKLM\..\Run : [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
04 - HKLM\..\Run : [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
04 - HKLM\..\Run : [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
04 - HKLM\..\Run : [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
04 - HKLM\..\Run : [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
04 - HKLM\..\Run : [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
04 - [64bit] HKLM\..\Run : [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
04 - [64bit] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - [64bit] HKLM\..\Run : [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
04 - [64bit] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [64bit] HKLM\..\Run : [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
04 - [64bit] HKLM\..\Run : [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
04 - [64bit] HKLM\..\Run : [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
04 - [64bit] HKLM\..\Run : [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
04 - [64bit] HKLM\..\Run : [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
04 - [64bit] HKLM\..\Run : [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
04 - [64bit] HKLM\..\Run : [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
04 - [64bit] HKLM\..\Run : [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
04 - [64bit] HKLM\..\Run : [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
04 - [64bit] HKLM\..\Run : [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
04 - [64bit] HKLM\..\Run : [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
04 - [64bit] HKLM\..\Run : [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Google Update] "C:\Users\felix\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Akamai NetSession Interface] "C:\Users\felix\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [uTorrent] "C:\Users\felix\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : []
04 - HKU\S-1-5-18\..\Run : [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Recherche g�n�rique |
(!) Fichiers temporaires supprim�s.
################## | Registre |
R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
################## | Listing |
[19/02/2011 - 20:16:22 | SHD] - C:\$RECYCLE.BIN
[14/12/2013 - 13:18:28 | D] - C:\2-click run
[24/03/2014 - 21:15:04 | D] - C:\AdwCleaner
[18/03/2014 - 18:41:05 | D] - C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[03/02/2013 - 20:25:46 | D] - C:\downloads
[12/10/2013 - 10:18:34 | D] - C:\FAHRENHEIT_DVD_1
[24/03/2014 - 22:02:12 | ASH | 3037188 Ko] - C:\hiberfil.sys
[28/06/2011 - 13:33:45 | D] - C:\HP Universal Print Driver
[12/10/2013 - 09:18:38 | D] - C:\invictus
[05/12/2012 - 19:57:10 | D] - C:\Mes Sites Web
[13/12/2010 - 21:17:44 | RHD] - C:\MSOCache
[24/03/2014 - 22:02:15 | ASH | 4049584 Ko] - C:\pagefile.sys
[06/04/2011 - 17:43:34 | D] - C:\PFiles
[25/02/2014 - 18:30:37 | D] - C:\Program Files
[24/03/2014 - 20:59:40 | D] - C:\Program Files (x86)
[24/03/2014 - 20:59:40 | HD] - C:\ProgramData
[23/10/2010 - 05:42:24 | N | 3 Ko] - C:\RHDSetup.log
[23/06/2010 - 13:13:40 | N | 0 Ko | 43304F160FF7B559867CD977DB3D7325] - C:\SWSTAMP.TXT
[24/03/2014 - 16:43:32 | SHD] - C:\System Volume Information
[13/12/2010 - 17:38:06 | D] - C:\Toshiba
[24/03/2014 - 20:30:25 | D] - C:\UsbFix
[24/03/2014 - 20:16:17 | N | 14 Ko | 8BA69218FE12E53C5A3D81C8A8A5EBA0] - C:\UsbFix [Clean 2] FELIX-TOSHIBA.txt
[24/03/2014 - 20:22:14 | N | 14 Ko | 4B37A890DAC7D24F0C628092E69BC06C] - C:\UsbFix [Clean 4] FELIX-TOSHIBA.txt
[24/03/2014 - 22:03:57 | A | 12 Ko | 12B8222291A2893C3747AD8B9AFD2CCD] - C:\UsbFix [Clean 6] FELIX-TOSHIBA.txt
[24/03/2014 - 20:03:55 | N | 16 Ko | E64AF7A8BECD27CE25B79ECCD8BB616B] - C:\UsbFix [Scan 1] FELIX-TOSHIBA.txt
[24/03/2014 - 20:31:19 | N | 13 Ko | 810151844C353E7A24A5CA41D2AA4333] - C:\UsbFix [Scan 2] FELIX-TOSHIBA.txt
[24/03/2014 - 21:47:15 | N | 16 Ko | 298281E0B99E21B50CD60300981173C7] - C:\UsbFix [Scan 3] FELIX-TOSHIBA.txt
[21/06/2012 - 18:25:32 | N | 3 Ko] - C:\user.js
[13/12/2010 - 17:31:40 | D] - C:\Users
[10/02/2012 - 12:21:10 | D] - C:\v2d
[05/12/2013 - 14:43:08 | D] - C:\wamp
[24/03/2014 - 20:53:44 | D] - C:\Windows
[03/06/2011 - 21:19:00 | SHD] - D:\$RECYCLE.BIN
[24/12/2010 - 12:10:21 | D] - D:\ancien disque portable
[03/10/2013 - 13:31:38 | D] - D:\bepecaser
[06/07/2013 - 16:36:35 | D] - D:\char
[24/03/2014 - 19:55:08 | D] - D:\copie cl� usb 06072013
[16/01/2014 - 22:15:14 | D] - D:\documents importants jerome
[06/07/2013 - 16:46:54 | D] - D:\echasses urbaines
[08/07/2013 - 16:46:06 | D] - D:\feu artifice
[06/07/2013 - 15:54:02 | D] - D:\films et s�ries
[03/03/2014 - 17:29:30 | D] - D:\futuroscope
[14/12/2010 - 02:25:45 | D] - D:\HDDRecovery
[25/10/2012 - 16:57:49 | D] - D:\hypnose
[06/07/2013 - 16:05:30 | D] - D:\Isaac
[27/11/2013 - 19:46:59 | D] - D:\J_L_SEAGULL
[25/10/2012 - 16:54:59 | D] - D:\LMC
[13/12/2013 - 23:44:32 | D] - D:\logiciels installation
[11/08/2013 - 17:49:44 | D] - D:\maison
[06/09/2013 - 23:39:27 | D] - D:\mini z
[07/07/2013 - 11:06:52 | D] - D:\musique
[25/10/2013 - 14:13:11 | D] - D:\photos
[05/07/2013 - 10:53:20 | D] - D:\porteau
[23/10/2010 - 05:30:28 | SHD] - D:\System Volume Information
[30/08/2013 - 21:51:20 | D] - D:\titou
[11/10/2011 - 12:37:01 | D] - D:\_SYNCAPP
################## | Vaccin |
D:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |
Utilisateur: felix (Administrateur) # FELIX-TOSHIBA
Mis � jour le 13/03/2014 par El Desaparecido - Team SosVirus
Lanc� � 22:03:06 | 24/03/2014
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: TOSHIBA (NALAA)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
RAM -> [Total : 3955 Mo| Free : 2525 Mo]
Bios: TOSHIBA
Boot: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16521
WB: Safari : 534.57.2
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Avira Desktop [Enabled | Updated]
AS: Avira Desktop [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
C:\ (%systemdrive%) -> Disque fixe # 233 Go (59 Go libre(s) - 25%) [WINDOWS] # NTFS
D:\ -> Disque fixe # 232 Go (103 Go libre(s) - 44%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 7 Go (3 Go libre(s) - 37%) [USB DISK] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 440 |ParentID: 432)
C:\Windows\system32\wininit.exe (ID: 520 |ParentID: 432)
C:\Windows\system32\csrss.exe (ID: 544 |ParentID: 528)
C:\Windows\system32\services.exe (ID: 576 |ParentID: 520)
C:\Windows\system32\winlogon.exe (ID: 616 |ParentID: 528)
C:\Windows\system32\lsass.exe (ID: 628 |ParentID: 520)
C:\Windows\system32\lsm.exe (ID: 636 |ParentID: 520)
C:\Windows\system32\svchost.exe (ID: 748 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 840 |ParentID: 576)
C:\Windows\system32\atiesrxx.exe (ID: 892 |ParentID: 576)
C:\Windows\System32\svchost.exe (ID: 968 |ParentID: 576)
C:\Windows\System32\svchost.exe (ID: 1000 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 128 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 328 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 1088 |ParentID: 576)
C:\Windows\system32\atieclxx.exe (ID: 1180 |ParentID: 892)
C:\Windows\System32\spoolsv.exe (ID: 1316 |ParentID: 576)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1356 |ParentID: 576)
C:\Windows\system32\taskhost.exe (ID: 1448 |ParentID: 576)
C:\Windows\system32\Dwm.exe (ID: 1536 |ParentID: 1000)
C:\Windows\Explorer.EXE (ID: 1592 |ParentID: 1524)
C:\Windows\system32\svchost.exe (ID: 1628 |ParentID: 576)
C:\Windows\SysWOW64\svchost.exe (ID: 1772 |ParentID: 576)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1804 |ParentID: 576)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1828 |ParentID: 576)
C:\Windows\system32\runonce.exe (ID: 1944 |ParentID: 1592)
C:\Windows\SysWOW64\runonce.exe (ID: 1956 |ParentID: 1944)
C:\Windows\system32\PrintIsolationHost.exe (ID: 1044 |ParentID: 748)
C:\Windows\system32\taskeng.exe (ID: 1216 |ParentID: 328)
C:\Windows\system32\taskeng.exe (ID: 460 |ParentID: 328)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1936 |ParentID: 576)
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (ID: 1364 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 1500 |ParentID: 576)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2052 |ParentID: 576)
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (ID: 2092 |ParentID: 576)
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (ID: 2120 |ParentID: 576)
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (ID: 2224 |ParentID: 1796)
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (ID: 2232 |ParentID: 1796)
C:\Windows\System32\svchost.exe (ID: 2292 |ParentID: 576)
C:\Windows\System32\svchost.exe (ID: 2328 |ParentID: 576)
C:\Program Files (x86)\Skype\Updater\Updater.exe (ID: 2392 |ParentID: 576)
C:\Windows\system32\svchost.exe (ID: 2424 |ParentID: 576)
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (ID: 2460 |ParentID: 576)
C:\Windows\system32\TODDSrv.exe (ID: 2596 |ParentID: 576)
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (ID: 2624 |ParentID: 576)
C:\Program Files\TOSHIBA\TECO\TecoService.exe (ID: 2680 |ParentID: 576)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2816 |ParentID: 576)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2940 |ParentID: 2816)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1796 |ParentID: 748)
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (ID: 2508 |ParentID: 460)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2532 |ParentID: 748)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 1060 |ParentID: 1804)
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
04 - HKCU\..\Run : [Google Update] "C:\Users\felix\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [Akamai NetSession Interface] "C:\Users\felix\AppData\Local\Akamai\netsession_win.exe"
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [uTorrent] "C:\Users\felix\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : []
04 - HKLM\..\Run : [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
04 - HKLM\..\Run : [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
04 - HKLM\..\Run : [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
04 - HKLM\..\Run : [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
04 - HKLM\..\Run : [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
04 - HKLM\..\Run : [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
04 - HKLM\..\Run : [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
04 - [64bit] HKLM\..\Run : [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
04 - [64bit] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - [64bit] HKLM\..\Run : [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
04 - [64bit] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [64bit] HKLM\..\Run : [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
04 - [64bit] HKLM\..\Run : [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
04 - [64bit] HKLM\..\Run : [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
04 - [64bit] HKLM\..\Run : [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
04 - [64bit] HKLM\..\Run : [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
04 - [64bit] HKLM\..\Run : [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
04 - [64bit] HKLM\..\Run : [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
04 - [64bit] HKLM\..\Run : [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
04 - [64bit] HKLM\..\Run : [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
04 - [64bit] HKLM\..\Run : [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
04 - [64bit] HKLM\..\Run : [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
04 - [64bit] HKLM\..\Run : [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Google Update] "C:\Users\felix\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Akamai NetSession Interface] "C:\Users\felix\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : [uTorrent] "C:\Users\felix\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-74005529-2658170294-3501726801-1001\..\Run : []
04 - HKU\S-1-5-18\..\Run : [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Recherche g�n�rique |
(!) Fichiers temporaires supprim�s.
################## | Registre |
R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
################## | Listing |
[19/02/2011 - 20:16:22 | SHD] - C:\$RECYCLE.BIN
[14/12/2013 - 13:18:28 | D] - C:\2-click run
[24/03/2014 - 21:15:04 | D] - C:\AdwCleaner
[18/03/2014 - 18:41:05 | D] - C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[03/02/2013 - 20:25:46 | D] - C:\downloads
[12/10/2013 - 10:18:34 | D] - C:\FAHRENHEIT_DVD_1
[24/03/2014 - 22:02:12 | ASH | 3037188 Ko] - C:\hiberfil.sys
[28/06/2011 - 13:33:45 | D] - C:\HP Universal Print Driver
[12/10/2013 - 09:18:38 | D] - C:\invictus
[05/12/2012 - 19:57:10 | D] - C:\Mes Sites Web
[13/12/2010 - 21:17:44 | RHD] - C:\MSOCache
[24/03/2014 - 22:02:15 | ASH | 4049584 Ko] - C:\pagefile.sys
[06/04/2011 - 17:43:34 | D] - C:\PFiles
[25/02/2014 - 18:30:37 | D] - C:\Program Files
[24/03/2014 - 20:59:40 | D] - C:\Program Files (x86)
[24/03/2014 - 20:59:40 | HD] - C:\ProgramData
[23/10/2010 - 05:42:24 | N | 3 Ko] - C:\RHDSetup.log
[23/06/2010 - 13:13:40 | N | 0 Ko | 43304F160FF7B559867CD977DB3D7325] - C:\SWSTAMP.TXT
[24/03/2014 - 16:43:32 | SHD] - C:\System Volume Information
[13/12/2010 - 17:38:06 | D] - C:\Toshiba
[24/03/2014 - 20:30:25 | D] - C:\UsbFix
[24/03/2014 - 20:16:17 | N | 14 Ko | 8BA69218FE12E53C5A3D81C8A8A5EBA0] - C:\UsbFix [Clean 2] FELIX-TOSHIBA.txt
[24/03/2014 - 20:22:14 | N | 14 Ko | 4B37A890DAC7D24F0C628092E69BC06C] - C:\UsbFix [Clean 4] FELIX-TOSHIBA.txt
[24/03/2014 - 22:03:57 | A | 12 Ko | 12B8222291A2893C3747AD8B9AFD2CCD] - C:\UsbFix [Clean 6] FELIX-TOSHIBA.txt
[24/03/2014 - 20:03:55 | N | 16 Ko | E64AF7A8BECD27CE25B79ECCD8BB616B] - C:\UsbFix [Scan 1] FELIX-TOSHIBA.txt
[24/03/2014 - 20:31:19 | N | 13 Ko | 810151844C353E7A24A5CA41D2AA4333] - C:\UsbFix [Scan 2] FELIX-TOSHIBA.txt
[24/03/2014 - 21:47:15 | N | 16 Ko | 298281E0B99E21B50CD60300981173C7] - C:\UsbFix [Scan 3] FELIX-TOSHIBA.txt
[21/06/2012 - 18:25:32 | N | 3 Ko] - C:\user.js
[13/12/2010 - 17:31:40 | D] - C:\Users
[10/02/2012 - 12:21:10 | D] - C:\v2d
[05/12/2013 - 14:43:08 | D] - C:\wamp
[24/03/2014 - 20:53:44 | D] - C:\Windows
[03/06/2011 - 21:19:00 | SHD] - D:\$RECYCLE.BIN
[24/12/2010 - 12:10:21 | D] - D:\ancien disque portable
[03/10/2013 - 13:31:38 | D] - D:\bepecaser
[06/07/2013 - 16:36:35 | D] - D:\char
[24/03/2014 - 19:55:08 | D] - D:\copie cl� usb 06072013
[16/01/2014 - 22:15:14 | D] - D:\documents importants jerome
[06/07/2013 - 16:46:54 | D] - D:\echasses urbaines
[08/07/2013 - 16:46:06 | D] - D:\feu artifice
[06/07/2013 - 15:54:02 | D] - D:\films et s�ries
[03/03/2014 - 17:29:30 | D] - D:\futuroscope
[14/12/2010 - 02:25:45 | D] - D:\HDDRecovery
[25/10/2012 - 16:57:49 | D] - D:\hypnose
[06/07/2013 - 16:05:30 | D] - D:\Isaac
[27/11/2013 - 19:46:59 | D] - D:\J_L_SEAGULL
[25/10/2012 - 16:54:59 | D] - D:\LMC
[13/12/2013 - 23:44:32 | D] - D:\logiciels installation
[11/08/2013 - 17:49:44 | D] - D:\maison
[06/09/2013 - 23:39:27 | D] - D:\mini z
[07/07/2013 - 11:06:52 | D] - D:\musique
[25/10/2013 - 14:13:11 | D] - D:\photos
[05/07/2013 - 10:53:20 | D] - D:\porteau
[23/10/2010 - 05:30:28 | SHD] - D:\System Volume Information
[30/08/2013 - 21:51:20 | D] - D:\titou
[11/10/2011 - 12:37:01 | D] - D:\_SYNCAPP
################## | Vaccin |
D:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |