Loubene
Participant
Nombre d'articles : 7

############################## | UsbFix V 7.170 | [Nettoyage]

Utilisateur: oless (Administrateur) # TOSHIBA
Mis à jour le 13/05/2014 par El Desaparecido – SosVirus
Lancé à 22:13:09 | 18/05/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: TOSHIBA (PWWAA)
CPU: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
RAM -> [Total : 3891 Mo| Free : 2710 Mo]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17107
WB: Google Chrome : 34.0.1847.137

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall [(!) Disabled]

C: (%SystemDrive%) -> Disque fixe # 350 Go (302 Go libre(s) – 86%) [WINDOWS] # NTFS
D: -> Disque fixe # 349 Go (340 Go libre(s) – 98%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 947 Mo (0 Mo libre(s) – 0%) [] # FAT
G: -> Disque amovible # 2 Go (454 Mo libre(s) – 24%) [KINGSTON] # FAT

################## | Processus Stoppés |

C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID: 3404|ParentID: 1316|oless)
C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe (ID: 5212|ParentID: 580|SERVICE LOCAL)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 4484|ParentID: 580|Système)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 6048|ParentID: 580|Système)
C:WindowsSystem32WUDFHost.exe (ID: 2956|ParentID: 996|SERVICE LOCAL)
C:WindowsSystem32SearchIndexer.exe (ID: 2008|ParentID: 580|Système)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2032|ParentID: 580|SERVICE RÉSEAU)
C:WindowsSystem32SearchProtocolHost.exe (ID: 1324|ParentID: 2008|Système)
C:WindowsSystem32SearchFilterHost.exe (ID: 3052|ParentID: 2008|Système)
C:Windowsexplorer.exe (ID: 3248|ParentID: 4124|oless)
C:WindowsSystem32spoolsv.exe (ID: 684|ParentID: 580|Système)

################## | Autorun |

G:Capture d’écran 2014-05-07 12.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)
G:Homefront 2013 FRENCH BRRiP XviD-CARPEDIEM.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)
G:2.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)
G:9052014_COMMANDE_C1842E52791O1599.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)
G:Al-Air.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)
G:System Volume Information.lnk -> G:iTunesHelper.vbe – VirusTotal – (17/49)

################## | Recherche générique |

Supprimé! F:Videos.lnk
Supprimé! F:imgcache.lnk
Supprimé! F:Clips vidéo.lnk
Supprimé! F:predeftemp.lnk
Supprimé! F:nokia_unprocessed_images_.lnk
Supprimé! F:Playlists.lnk
Supprimé! F:BlackBerry.lnk
Supprimé! F:RECYCLER.lnk
Supprimé! F:System Volume Information.lnk
Supprimé! F:353760047528445WMLicense.lnk
Supprimé! F:WMLicense.lnk
Supprimé! F:WMPInfo.lnk
Supprimé! F:_disk_id.lnk
Supprimé! F:Photos.lnk
Supprimé! G:2.lnk
Supprimé! G:Homefront 2013 FRENCH BRRiP XviD-CARPEDIEM.lnk
Supprimé! G:Al-Air.lnk
Supprimé! G:9052014_COMMANDE_C1842E52791O1599.lnk
Supprimé! G:Capture d’écran 2014-05-07 12.lnk
Supprimé! G:System Volume Information.lnk
Supprimé! F:RecyclerS-5-3-42-2819952290-8240758988-879315005-3665
Supprimé! G:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
04 – HKCU..Run : [Facebook Update] « C:UsersolessAppDataLocalFacebookUpdateFacebookUpdate.exe » /c /nocrashserver
04 – HKCU..Run : [swg] « C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe »
04 – HKLM..Run : [NBAgent] « c:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe » /WinStart
04 – HKLM..Run : [HWSetup] C:Program FilesTOSHIBAUtilitiesHWSetup.exe hwSetUP
04 – HKLM..Run : [SVPWUTIL] C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
04 – HKLM..Run : [KeNotify] « C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe » LPCM
04 – HKLM..Run : [ToshibaServiceStation] C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe /hide:60
04 – HKLM..Run : [Adobe Reader Speed Launcher] « C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe »
04 – HKLM..Run : [Adobe ARM] « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
04 – HKLM..Run : [Adobe Creative Cloud] « C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe » –showwindow=false –onOSstartup=true
04 – HKLM..Run : [AvastUI.exe] « C:Program FilesAVAST SoftwareAvastAvastUI.exe » /nogui
04 – [x64] HKLM..Run : [TosNC] %ProgramFiles%ToshibaBulletinBoardTosNcCore.exe
04 – [x64] HKLM..Run : [TosReelTimeMonitor] %ProgramFiles%TOSHIBAReelTimeTosReelTimeMonitor.exe
04 – [x64] HKLM..Run : [Toshiba TEMPRO] C:Program Files (x86)Toshiba TEMPROTemproTray.exe
04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – [x64] HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /FORPCEE3
04 – [x64] HKLM..Run : [TPwrMain] %ProgramFiles%TOSHIBAPower SaverTPwrMain.EXE
04 – [x64] HKLM..Run : [SmoothView] %ProgramFiles%ToshibaSmoothViewSmoothView.exe
04 – [x64] HKLM..Run : [00TCrdMain] %ProgramFiles%TOSHIBAFlashCardsTCrdMain.exe
04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – [x64] HKLM..Run : [SmartFaceVWatcher] %ProgramFiles%ToshibaSmartFaceVSmartFaceVWatcher.exe
04 – [x64] HKLM..Run : [TosSENotify] C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe
04 – [x64] HKLM..Run : [TosVolRegulator] C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe
04 – [x64] HKLM..Run : [Toshiba Registration] C:Program FilesTOSHIBARegistrationToshibaReminder.exe
04 – [x64] HKLM..Run : [AdobeAAMUpdater-1.0] « C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe »
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-21-4192795423-3154527359-3879142809-1000..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
04 – HKUS-1-5-21-4192795423-3154527359-3879142809-1000..Run : [Facebook Update] « C:UsersolessAppDataLocalFacebookUpdateFacebookUpdate.exe » /c /nocrashserver
04 – HKUS-1-5-21-4192795423-3154527359-3879142809-1000..Run : [swg] « C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe »
04 – HKUS-1-5-18..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | C: %SystemDrive% – Disque Fixe (NTFS) |

[27/05/2011 – 15:00:51 | N | 0 Ko] – C:SWSTAMP.TXT
[18/05/2014 – 18:35:43 | ASH | 2988036 Ko] – C:hiberfil.sys
[18/05/2014 – 18:35:45 | ASH | 3984048 Ko] – C:pagefile.sys
[20/06/2013 – 16:28:39 | N | 2 Ko] – C:RHDSetup.log
[13/03/2014 – 22:17:39 | SHD] – C:$RECYCLE.BIN
[14/07/2009 – 05:20:08 | D] – C:PerfLogs
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[20/06/2013 – 16:23:17 | D] – C:Intel
[20/06/2013 – 16:53:28 | D] – C:Users
[21/06/2013 – 09:32:10 | D] – C:Toshiba
[21/06/2013 – 15:08:52 | RHD] – C:MSOCache
[17/02/2014 – 13:12:16 | HD] – C:ProgramData
[02/03/2014 – 21:39:03 | D] – C:Program Files
[13/05/2014 – 09:35:59 | D] – C:Windows
[13/05/2014 – 20:10:56 | D] – C:Program Files (x86)
[17/05/2014 – 03:00:40 | SHD] – C:System Volume Information
[18/05/2014 – 22:12:56 | D] – C:UsbFix

################## | D: – Disque Fixe (NTFS) |

[11/04/2008 – 10:07:18 | N | 6 Ko] – D:eula.1042.txt
[11/04/2008 – 10:07:18 | N | 4 Ko] – D:eula.2052.txt
[11/04/2008 – 10:07:18 | N | 4 Ko] – D:eula.1028.txt
[11/04/2008 – 10:07:18 | N | 15 Ko] – D:eula.1031.txt
[11/04/2008 – 10:07:18 | N | 10 Ko] – D:eula.1033.txt
[11/04/2008 – 10:07:18 | N | 12 Ko] – D:eula.1036.txt
[11/04/2008 – 10:07:18 | N | 14 Ko] – D:eula.1040.txt
[11/04/2008 – 10:07:18 | N | 6 Ko] – D:eula.1041.txt
[11/04/2008 – 10:07:18 | N | 10 Ko] – D:eula.1049.txt
[11/04/2008 – 10:07:18 | N | 13 Ko] – D:eula.3082.txt
[13/04/2012 – 13:26:54 | N | 5274 Ko] – D:44.pdf
[11/04/2008 – 10:11:40 | N | 228 Ko] – D:VC_RED.MSI
[11/04/2008 – 10:07:18 | N | 1 Ko] – D:install.ini
[11/04/2008 – 10:07:18 | N | 1 Ko] – D:globdata.ini
[11/04/2008 – 08:03:48 | N | 550 Ko | VirusTotal – (0/53)] – D:install.exe
[14/04/2012 – 02:40:00 | N | 43 Ko] – D:Pierre et Marie Curie.docx
[24/05/2012 – 14:00:08 | N | 233 Ko] – D:Marie Sklodowska.docx
[24/05/2012 – 14:41:02 | N | 358 Ko] – D:oless.docx
[11/04/2008 – 08:03:48 | N | 95 Ko | VirusTotal – (0/51)] – D:install.res.1036.dll
[11/04/2008 – 08:03:48 | N | 93 Ko | VirusTotal – (0/50)] – D:install.res.1040.dll
[11/04/2008 – 08:03:48 | N | 80 Ko | VirusTotal – (0/50)] – D:install.res.1041.dll
[11/04/2008 – 08:03:48 | N | 78 Ko | VirusTotal – (0/50)] – D:install.res.1042.dll
[11/04/2008 – 08:03:48 | N | 89 Ko | VirusTotal – (0/51)] – D:install.res.1033.dll
[11/04/2008 – 08:03:48 | N | 94 Ko | VirusTotal – (0/51)] – D:install.res.1031.dll
[11/04/2008 – 08:03:48 | N | 74 Ko | VirusTotal – (0/50)] – D:install.res.2052.dll
[11/04/2008 – 08:03:48 | N | 94 Ko | VirusTotal – (0/51)] – D:install.res.3082.dll
[11/04/2008 – 08:03:48 | N | 75 Ko | VirusTotal – (0/50)] – D:install.res.1028.dll
[11/04/2008 – 10:09:24 | N | 91 Ko | VirusTotal – (0/49)] – D:install.res.1049.dll
[11/04/2008 – 10:09:38 | N | 3708 Ko] – D:VC_RED.cab
[11/04/2008 – 10:07:18 | N | 6 Ko] – D:vcredist.bmp
[20/06/2013 – 16:55:06 | SHD] – D:$RECYCLE.BIN
[21/03/2012 – 09:12:02 | SHD] – D:System Volume Information
[21/03/2012 – 18:34:42 | D] – D:HDDRecovery

################## | F: – Disque USB (FAT) |

[25/05/2009 – 22:47:00 | N | 0 Ko] – F:WMPInfo.xml
[19/02/2013 – 13:44:58 | N | 0 Ko] – F:_disk_id.pod
[31/08/2008 – 17:34:06 | N | 132 Ko] – F:WMLicense.dat
[11/07/2012 – 17:24:42 | N | 132 Ko] – F:353760047528445WMLicense.dat
[01/01/2007 – 00:00:00 | D] – F:predeftemp
[01/01/2008 – 09:16:28 | D] – F:????
[01/01/2008 – 09:16:28 | D] – F:??????
[13/03/2009 – 18:23:50 | D] – F:Videos
[01/01/2008 – 09:16:28 | D] – F:?????
[04/09/2010 – 11:34:20 | SHD] – F:RECYCLER
[08/09/2010 – 15:02:18 | D] – F:Photos
[08/09/2010 – 15:33:06 | D] – F:Clips vidéo
[09/09/2010 – 07:34:12 | D] – F:nokia_unprocessed_images_
[21/02/2012 – 18:02:12 | D] – F:imgcache
[27/03/2012 – 14:03:36 | D] – F:Playlists
[10/07/2012 – 22:02:14 | D] – F:BlackBerry
[28/04/2014 – 22:32:28 | SHD] – F:System Volume Information

################## | G: – Disque USB (FAT) |

[07/05/2014 – 12:08:02 | N | 191 Ko] – G:Capture d’écran 2014-05-07 12.08.02.png
[09/05/2014 – 11:10:54 | N | 161 Ko] – G:9052014_COMMANDE_C1842E52791O1599.pdf
[13/05/2014 – 23:01:32 | N | 679 Ko] – G:Al-Air.odp
[19/11/2013 – 01:59:38 | N | 724830 Ko] – G:2.Guns.2013.FRENCH.DVDRip.XviD-RELiC.[emule-island.ru].avi
[28/04/2014 – 22:02:14 | N | 719874 Ko] – G:Homefront 2013 FRENCH BRRiP XviD-CARPEDIEM.avi
[28/04/2014 – 22:36:08 | SHD] – G:System Volume Information

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |