Loubene
Participant
Nombre d'articles : 7

############################## | UsbFix V 7.170 | [Recherche]

Utilisateur: oless (Administrateur) # TOSHIBA
Mis à jour le 13/05/2014 par El Desaparecido – SosVirus
Lancé à 20:27:41 | 14/05/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: TOSHIBA (PWWAA)
CPU: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
RAM -> [Total : 3891 Mo| Free : 1442 Mo]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17105
WB: Google Chrome : 34.0.1847.131

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall [(!) Disabled]

C: (%SystemDrive%) -> Disque fixe # 350 Go (302 Go libre(s) – 86%) [WINDOWS] # NTFS
D: -> Disque fixe # 349 Go (340 Go libre(s) – 98%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 947 Mo (0 Mo libre(s) – 0%) [] # FAT
G: -> Disque amovible # 2 Go (454 Mo libre(s) – 24%) [KINGSTON] # FAT

################## | Processus Actif |

C:WindowsSystem32smss.exe (ID: 332|ParentID: 4|Système)
C:WindowsSystem32wininit.exe (ID: 556|ParentID: 416)
C:WindowsSystem32services.exe (ID: 612|ParentID: 556)
C:WindowsSystem32lsass.exe (ID: 628|ParentID: 556)
C:WindowsSystem32lsm.exe (ID: 636|ParentID: 556)
C:WindowsSystem32svchost.exe (ID: 768|ParentID: 612)
C:WindowsSystem32winlogon.exe (ID: 792|ParentID: 564)
C:WindowsSystem32svchost.exe (ID: 892|ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 944|ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 1016|ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 348|ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 536|ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 1096|ParentID: 612)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1296|ParentID: 612)
C:WindowsSystem32spoolsv.exe (ID: 1460|ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 1488|ParentID: 612)
C:Program Files (x86)RealtekRealtek USB 2.0 Card ReaderRIconMan.exe (ID: 1596|ParentID: 612)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1652|ParentID: 612)
C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 1912|ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 1976|ParentID: 612)
C:WindowsSystem32TODDSrv.exe (ID: 2012|ParentID: 612)
C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID: 2032|ParentID: 612)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1312|ParentID: 612)
C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 2072|ParentID: 612)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVCM.EXE (ID: 2332|ParentID: 1312)
C:Program Files (x86)Common Filesmicrosoft sharedVirtualization HandlerCVHSVC.EXE (ID: 2368|ParentID: 612)
C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe (ID: 2444|ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 2500|ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 3020|ParentID: 612)
C:Program Files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe (ID: 620|ParentID: 612)
C:Program Files (x86)TOSHIBAConfigFreeCFSvcs.exe (ID: 2428|ParentID: 612)
C:Program Files (x86)NeroUpdateNASvc.exe (ID: 2640|ParentID: 612)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 1928|ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 1228|ParentID: 612)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1812|ParentID: 612)
C:WindowsSystem32SearchIndexer.exe (ID: 1568|ParentID: 612)
C:WindowsSystem32taskhost.exe (ID: 3280|ParentID: 612|oless)
C:WindowsSystem32dwm.exe (ID: 3364|ParentID: 1016|oless)
C:Windowsexplorer.exe (ID: 3376|ParentID: 3340|oless)
C:Program FilesTOSHIBABulletinBoardTosNcCore.exe (ID: 3640|ParentID: 3376|oless)
C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe (ID: 3648|ParentID: 3376|oless)
C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID: 3656|ParentID: 3376|oless)
C:WindowsSystem32igfxtray.exe (ID: 3664|ParentID: 3376|oless)
C:WindowsSystem32hkcmd.exe (ID: 3680|ParentID: 3376|oless)
C:WindowsSystem32igfxpers.exe (ID: 3692|ParentID: 3376|oless)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 3700|ParentID: 3376|oless)
C:Program FilesRealtekAudioHDARAVBg64.exe (ID: 3708|ParentID: 3376|oless)
C:Program FilesTOSHIBAPower SaverTPwrMain.exe (ID: 3720|ParentID: 3376|oless)
C:Program FilesTOSHIBASmoothViewSmoothView.exe (ID: 3760|ParentID: 3376|oless)
C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID: 3776|ParentID: 3376|oless)
C:WindowsSystem32igfxsrvc.exe (ID: 3792|ParentID: 768|oless)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3804|ParentID: 3376|oless)
C:Program Files (x86)TOSHIBATOSHIBA Online Product InformationTOPI.exe (ID: 3924|ParentID: 3376|oless)
C:WindowsSystem32wscript.exe (ID: 4076|ParentID: 3376|oless)
C:Program FilesTOSHIBATOSHIBA Places Icon UtilityTosDIMonitor.exe (ID: 1824|ParentID: 3376|oless)
C:UsersolessAppDataRoamingDropboxbinDropbox.exe (ID: 3224|ParentID: 3376|oless)
C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAAAM Updates Notifier.exe (ID: 3544|ParentID: 3916|oless)
C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe (ID: 2656|ParentID: 4088|oless)
C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe (ID: 3616|ParentID: 4088|oless)
C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe (ID: 3988|ParentID: 4088|oless)
C:Program FilesAVAST SoftwareAvastavastui.exe (ID: 3320|ParentID: 4088|oless)
C:Program Files (x86)Common FilesAdobeOOBEPDAppIPCAdobeIPCBroker.exe (ID: 4164|ParentID: 3988|oless)
C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 4368|ParentID: 3804|oless)
C:WindowsSystem32igfxext.exe (ID: 4632|ParentID: 768|oless)
C:WindowsSystem32taskeng.exe (ID: 4308|ParentID: 536|oless)
C:Program Files (x86)TOSHIBAConfigFreeNDSTray.exe (ID: 1672|ParentID: 4308|oless)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4396|ParentID: 3376|oless)
C:WindowsSystem32wuauclt.exe (ID: 3340|ParentID: 536|oless)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1368|ParentID: 4396|oless)
C:Program Files (x86)AdobeAdobe Creative CloudHEXAdobe CEF Helper.exe (ID: 3252|ParentID: 3988|oless)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5164|ParentID: 4396|oless)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5352|ParentID: 4396|oless)
C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe (ID: 5484|ParentID: 612)
C:Program Files (x86)TOSHIBAConfigFreeCFSwMgr.exe (ID: 6140|ParentID: 1672|oless)
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID: 5556|ParentID: 612)
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID: 5576|ParentID: 3840|oless)
C:Program Files (x86)AdobeAdobe Creative CloudCoreSyncV1CoreSync.exe (ID: 5424|ParentID: 3988|oless)
C:WindowsSystem32wbemunsecapp.exe (ID: 5020|ParentID: 768|oless)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4832|ParentID: 4396|oless)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 884|ParentID: 4396|oless)
C:WindowsSystem32audiodg.exe (ID: 4356|ParentID: 944)
C:UsbFixUsbFix.exe (ID: 4892|ParentID: 5860|oless)

################## | Autorun |

G:Capture d’écran 2014-05-07 12.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)
G:System Volume Information.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)
G:Homefront 2013 FRENCH BRRiP XviD-CARPEDIEM.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)
G:Al-Air.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)
G:2.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)
G:9052014_COMMANDE_C1842E52791O1599.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
04 – HKCU..Run : [Facebook Update] « C:UsersolessAppDataLocalFacebookUpdateFacebookUpdate.exe » /c /nocrashserver
04 – HKCU..Run : [swg] « C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe »
04 – HKCU..Run : [iTunesHelper] wscript.exe //B « C:UsersolessAppDataLocalTempiTunesHelper.vbe »
04 – HKLM..Run : [NBAgent] « c:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe » /WinStart
04 – HKLM..Run : [HWSetup] C:Program FilesTOSHIBAUtilitiesHWSetup.exe hwSetUP
04 – HKLM..Run : [SVPWUTIL] C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
04 – HKLM..Run : [KeNotify] « C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe » LPCM
04 – HKLM..Run : [ToshibaServiceStation] C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe /hide:60
04 – HKLM..Run : [Adobe Reader Speed Launcher] « C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe »
04 – HKLM..Run : [Adobe ARM] « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
04 – HKLM..Run : [Adobe Creative Cloud] « C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe » –showwindow=false –onOSstartup=true
04 – HKLM..Run : [AvastUI.exe] « C:Program FilesAVAST SoftwareAvastAvastUI.exe » /nogui
04 – [x64] HKLM..Run : [TosNC] %ProgramFiles%ToshibaBulletinBoardTosNcCore.exe
04 – [x64] HKLM..Run : [TosReelTimeMonitor] %ProgramFiles%TOSHIBAReelTimeTosReelTimeMonitor.exe
04 – [x64] HKLM..Run : [Toshiba TEMPRO] C:Program Files (x86)Toshiba TEMPROTemproTray.exe
04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – [x64] HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /FORPCEE3
04 – [x64] HKLM..Run : [TPwrMain] %ProgramFiles%TOSHIBAPower SaverTPwrMain.EXE
04 – [x64] HKLM..Run : [SmoothView] %ProgramFiles%ToshibaSmoothViewSmoothView.exe
04 – [x64] HKLM..Run : [00TCrdMain] %ProgramFiles%TOSHIBAFlashCardsTCrdMain.exe
04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – [x64] HKLM..Run : [SmartFaceVWatcher] %ProgramFiles%ToshibaSmartFaceVSmartFaceVWatcher.exe
04 – [x64] HKLM..Run : [TosSENotify] C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe
04 – [x64] HKLM..Run : [TosVolRegulator] C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe
04 – [x64] HKLM..Run : [Toshiba Registration] C:Program FilesTOSHIBARegistrationToshibaReminder.exe
04 – [x64] HKLM..Run : [AdobeAAMUpdater-1.0] « C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe »
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-21-4192795423-3154527359-3879142809-1000..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
04 – HKUS-1-5-21-4192795423-3154527359-3879142809-1000..Run : [Facebook Update] « C:UsersolessAppDataLocalFacebookUpdateFacebookUpdate.exe » /c /nocrashserver
04 – HKUS-1-5-21-4192795423-3154527359-3879142809-1000..Run : [swg] « C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe »
04 – HKUS-1-5-21-4192795423-3154527359-3879142809-1000..Run : [iTunesHelper] wscript.exe //B « C:UsersolessAppDataLocalTempiTunesHelper.vbe »
04 – HKUS-1-5-18..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Présent! C:UsersolessAppDataLocalTempiTunesHelper.vbe
Présent! C:UsersolessAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Présent! G:iTunesHelper.vbe
Présent! F:Videos.lnk
Présent! F:imgcache.lnk
Présent! F:Clips vidéo.lnk
Présent! F:predeftemp.lnk
Présent! F:nokia_unprocessed_images_.lnk
Présent! F:Playlists.lnk
Présent! F:BlackBerry.lnk
Présent! F:RECYCLER.lnk
Présent! F:System Volume Information.lnk
Présent! F:353760047528445WMLicense.lnk
Présent! F:WMLicense.lnk
Présent! F:WMPInfo.lnk
Présent! F:_disk_id.lnk
Présent! F:Photos.lnk
Présent! G:2.lnk
Présent! G:Homefront 2013 FRENCH BRRiP XviD-CARPEDIEM.lnk
Présent! G:Al-Air.lnk
Présent! G:9052014_COMMANDE_C1842E52791O1599.lnk
Présent! G:Capture d’écran 2014-05-07 12.lnk
Présent! G:System Volume Information.lnk
Présent! F:RecyclerS-5-3-42-2819952290-8240758988-879315005-3665

################## | Registre |

Présent! HKUS-1-5-21-4192795423-3154527359-3879142809-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |