Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
Avatar du membre
par kais9001
#22261
############################## | UsbFix V 7.154 | [Recherche]

Utilisateur: user (Administrateur) # USER-TOSH
Mis à  jour le 13/12/2013 par El Desaparecido - Team SosVirus
Lancé à  20:50:17 | 15/12/2013

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: TOSHIBA (KTWAA)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
RAM -> [Total : 3933 | Free : 896]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Edition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16750

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 116 Go (21 Go libre(s) - 18%) [WINDOWS] # NTFS
D:\ -> Disque fixe # 116 Go (4 Go libre(s) - 3%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> Disque amovible # 7 Go (6 Go libre(s) - 78%) [KAIS] # FAT32
I:\ -> CD-ROM

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 576 |ParentID: 564)
C:\Windows\system32\wininit.exe (ID: 616 |ParentID: 564)
C:\Windows\system32\csrss.exe (ID: 624 |ParentID: 608)
C:\Windows\system32\winlogon.exe (ID: 672 |ParentID: 608)
C:\Windows\system32\services.exe (ID: 740 |ParentID: 616)
C:\Windows\system32\lsass.exe (ID: 748 |ParentID: 616)
C:\Windows\system32\lsm.exe (ID: 760 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 848 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 928 |ParentID: 740)
C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 1004 |ParentID: 740)
C:\Windows\System32\svchost.exe (ID: 536 |ParentID: 740)
C:\Windows\System32\svchost.exe (ID: 612 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 912 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 1040 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 1220 |ParentID: 740)
C:\Windows\System32\spoolsv.exe (ID: 1388 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 1460 |ParentID: 740)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1552 |ParentID: 740)
C:\Windows\system32\taskhost.exe (ID: 1636 |ParentID: 740)
C:\Windows\system32\Dwm.exe (ID: 1664 |ParentID: 612)
C:\Windows\Explorer.EXE (ID: 1672 |ParentID: 1656)
C:\Windows\system32\taskeng.exe (ID: 1764 |ParentID: 1040)
C:\Windows\system32\taskeng.exe (ID: 1844 |ParentID: 1040)
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (ID: 1964 |ParentID: 1764)
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (ID: 2004 |ParentID: 740)
C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (ID: 1828 |ParentID: 740)
C:\Windows\SysWOW64\nhsrvice.exe (ID: 1500 |ParentID: 740)
C:\Windows\system32\hasplms.exe (ID: 1176 |ParentID: 740)
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (ID: 2092 |ParentID: 1672)
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (ID: 2100 |ParentID: 1672)
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (ID: 2116 |ParentID: 1672)
C:\Windows\System32\igfxtray.exe (ID: 2144 |ParentID: 1672)
C:\Windows\System32\hkcmd.exe (ID: 2168 |ParentID: 1672)
C:\Windows\System32\igfxpers.exe (ID: 2176 |ParentID: 1672)
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (ID: 2184 |ParentID: 1672)
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (ID: 2192 |ParentID: 1672)
C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe (ID: 2276 |ParentID: 740)
C:\Windows\system32\igfxsrvc.exe (ID: 2284 |ParentID: 848)
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (ID: 2368 |ParentID: 1672)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2416 |ParentID: 1672)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2452 |ParentID: 1672)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 2552 |ParentID: 2452)
C:\Program Files\TOSHIBA\TECO\TEco.exe (ID: 2580 |ParentID: 1672)
C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (ID: 2648 |ParentID: 1672)
C:\Windows\system32\igfxext.exe (ID: 2704 |ParentID: 848)
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (ID: 2796 |ParentID: 1764)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 2804 |ParentID: 1672)
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (ID: 2900 |ParentID: 1672)
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (ID: 2964 |ParentID: 1672)
C:\Program Files (x86)\WWW.HOSTJSC.NET\Internet Download Manager\IDMan.exe (ID: 2992 |ParentID: 1672)
C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe (ID: 3032 |ParentID: 1672)
C:\Users\user\AppData\Roaming\SearchProtect\bin\cltmng.exe (ID: 3064 |ParentID: 1672)
C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe (ID: 448 |ParentID: 1672)
C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe (ID: 1016 |ParentID: 1672)
C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (ID: 2712 |ParentID: 1672)
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (ID: 2892 |ParentID: 1164)
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (ID: 412 |ParentID: 1164)
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (ID: 1404 |ParentID: 1164)
C:\Program Files (x86)\AVG Secure Search\vprot.exe (ID: 3152 |ParentID: 1164)
C:\Program Files (x86)\POWERISO\PWRISOVM.EXE (ID: 3180 |ParentID: 1164)
C:\Program Files (x86)\Ligne 100 Edition Pilotee\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (ID: 3208 |ParentID: 740)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 3412 |ParentID: 1164)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3432 |ParentID: 1164)
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (ID: 3452 |ParentID: 1164)
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (ID: 3728 |ParentID: 740)
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 3964 |ParentID: 740)
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\okitspace\protect\PluginProtect.exe (ID: 4000 |ParentID: 740)
C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe (ID: 1020 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 3164 |ParentID: 740)
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (ID: 1520 |ParentID: 740)
C:\Windows\system32\TODDSrv.exe (ID: 2792 |ParentID: 740)
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (ID: 1416 |ParentID: 740)
C:\Program Files\TOSHIBA\TECO\TecoService.exe (ID: 4184 |ParentID: 740)
C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe (ID: 4256 |ParentID: 740)
C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe (ID: 4436 |ParentID: 740)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (ID: 4524 |ParentID: 740)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 4596 |ParentID: 740)
C:\Windows\splwow64.exe (ID: 4632 |ParentID: 3452)
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (ID: 4696 |ParentID: 740)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe (ID: 4724 |ParentID: 4524)
C:\Windows\system32\conhost.exe (ID: 4752 |ParentID: 576)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 4820 |ParentID: 4596)
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (ID: 4576 |ParentID: 3728)
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (ID: 4612 |ParentID: 740)
C:\Windows\system32\SearchIndexer.exe (ID: 924 |ParentID: 740)
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (ID: 4956 |ParentID: 572)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4628 |ParentID: 848)
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (ID: 4976 |ParentID: 3452)
C:\Program Files\Microsoft Security Client\NisSrv.exe (ID: 5208 |ParentID: 740)
C:\Windows\system32\wbem\unsecapp.exe (ID: 5652 |ParentID: 848)
C:\Program Files (x86)\WWW.HOSTJSC.NET\Internet Download Manager\IEMonitor.exe (ID: 5784 |ParentID: 2992)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (ID: 6028 |ParentID: 2796)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (ID: 1084 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 5904 |ParentID: 740)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (ID: 3804 |ParentID: 740)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (ID: 2640 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 5332 |ParentID: 740)
C:\Program Files (x86)\InternetEverywhere\InternetEverywhere.exe (ID: 3744 |ParentID: 1016)
C:\Windows\System32\WUDFHost.exe (ID: 5740 |ParentID: 612)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6472 |ParentID: 5852)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6752 |ParentID: 6472)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5564 |ParentID: 6472)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5596 |ParentID: 6472)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5308 |ParentID: 6472)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6328 |ParentID: 6472)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6432 |ParentID: 6472)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6160 |ParentID: 6472)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (ID: 7108 |ParentID: 740)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4760 |ParentID: 6472)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 1200 |ParentID: 6472)
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (ID: 2404 |ParentID: 740)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5868 |ParentID: 6472)
C:\Windows\system32\SearchProtocolHost.exe (ID: 1028 |ParentID: 924)
C:\Windows\system32\prevhost.exe (ID: 4560 |ParentID: 848)
C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE (ID: 3784 |ParentID: 848)
C:\Windows\explorer.exe (ID: 7424 |ParentID: 848)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6812 |ParentID: 6472)
C:\Windows\system32\SearchFilterHost.exe (ID: 4376 |ParentID: 924)
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5924 |ParentID: 6472)
C:\UsbFix\Go.exe (ID: 3504 |ParentID: 3940)
C:\Users\user\AppData\Local\SwvUpdater\Updater.exe (ID: 7788 |ParentID: 1764)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
04 - HKLM\SOFTWARE | Run : [HWSetup] - "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
04 - HKLM\SOFTWARE | Run : [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
04 - HKLM\SOFTWARE | Run : [TWebCamera] - "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
04 - HKLM\SOFTWARE | Run : [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
04 - HKLM\SOFTWARE | Run : [YSearchProtection] - "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
04 - HKLM\SOFTWARE | Run : [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
04 - HKLM\SOFTWARE | Run : [WinampAgent] - "C:\Program Files (x86)\Winamp\winampa.exe"
04 - HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
04 - HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\SOFTWARE | Run : [DATAMNGR] - C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe
04 - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
04 - HKLM\SOFTWARE\wow6432Node | Run : [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
04 - HKLM\SOFTWARE\wow6432Node | Run : [HWSetup] - "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
04 - HKLM\SOFTWARE\wow6432Node | Run : [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [TWebCamera] - "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
04 - HKLM\SOFTWARE\wow6432Node | Run : [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
04 - HKLM\SOFTWARE\wow6432Node | Run : [YSearchProtection] - "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
04 - HKLM\SOFTWARE\wow6432Node | Run : [WinampAgent] - "C:\Program Files (x86)\Winamp\winampa.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\SOFTWARE\wow6432Node | Run : [DATAMNGR] - C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKLM\SOFTWARE | Policies\Explorer\run : [rescue] - "C:\ProgramData\rescue.vbe"
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1035455305-2029446767-3736822713-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-1035455305-2029446767-3736822713-1000\SOFTWARE | Run : [IDMan] - C:\Program Files (x86)\WWW.HOSTJSC.NET\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-1035455305-2029446767-3736822713-1000\SOFTWARE | Run : [AdobeBridge] -
04 - HKU\S-1-5-21-1035455305-2029446767-3736822713-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1035455305-2029446767-3736822713-1000\SOFTWARE | Run : [Google Update] - "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1035455305-2029446767-3736822713-1000\SOFTWARE | Run : [Badoo Desktop] - C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
04 - HKU\S-1-5-21-1035455305-2029446767-3736822713-1000\SOFTWARE | Run : [SearchProtect] - C:\Users\user\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-1035455305-2029446767-3736822713-1000\SOFTWARE | Run : [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
04 - HKU\S-1-5-21-1035455305-2029446767-3736822713-1000\SOFTWARE | Run : [Viber] - "C:\Users\user\AppData\Local\Viber\Viber.exe"
04 - HKU\S-1-5-21-1035455305-2029446767-3736822713-1000\SOFTWARE | Run : [BIBLauncher] - C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Service présent! system

Présent! D:\$RECYCLE.BIN.lnk
Présent! H:\STE EXPRO 2013.lnk
Présent! H:\CKM DOCUMENT.lnk
Présent! H:\photo marbres.lnk
Présent! H:\LOGICIEL SAGE 13.01.lnk
Présent! H:\tarek comptable.lnk
Présent! H:\SMCB.lnk
Présent! C:\Users\user\AppData\Local\GLF90B6.tmp
Présent! C:\ProgramData\rescue.vbe
Présent! C:\Users\user\AppData\Local\Temp\cmdx.exe.tmp
Présent! C:\Users\user\AppData\Local\Temp\Trojan.exe.tmp
Présent! C:\Users\user\AppData\Local\Temp\Win32

################## | Référence de comparaison MD5 |

Md5 : 0AF9E8059F91BB22ED163C882AB29C73 -> C:\Users\All Users\rescue.vbe
Md5 : 0AF9E8059F91BB22ED163C882AB29C73 -> C:\ProgramData\rescue.vbe
Md5 : 0AF9E8059F91BB22ED163C882AB29C73 -> C:\ProgramData\rescue.vbe

################## | Comparaison MD5 |

Présent! Md5 : 0AF9E8059F91BB22ED163C882AB29C73 -> C:\ProgramData\rescue.vbe
Présent! Md5 : 0AF9E8059F91BB22ED163C882AB29C73 -> C:\Users\All Users\rescue.vbe

################## | Registre |

Présent! HKLM\SYSTEM\CurrentControlSet\Services\system
Présent! HKLM\SYSTEM\ControlSet001\Services\system
Présent! HKLM\SYSTEM\ControlSet002\Services\system
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|rescue

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
Avatar du membre
par g3n-h@ckm@n
#22305
salut :D

fais suppression avec usbfix tous peripheriques branchés puis poste le rapport en découlant

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)