############################## | UsbFix V 7.149 | [Recherche]

Utilisateur: COULIBALY (Administrateur) # COULIBALY
Mis à jour le 03/11/2013 par El Desaparecido - Team SosVirus
Lancé à 20:34:39 | 06/01/2016

Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: Hewlett-Packard (184B)
CPU: AMD A8-4500M APU with Radeon(tm) HD Graphics   
RAM -> [Total : 3560 | Free : 1371]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 10 Professionnel (6.3.10240 64-Bit) 
WB: Windows Internet Explorer : 11.0.10240.16384
WB: Google Chrome : 47.0.2526.106

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender : 4.8.10240.16384 (th1.150709-1700)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 502 Go (365 Go libre(s) - 73%) [COULIBALY] # NTFS
D:\ -> Disque fixe # 349 Mo (80 Mo libre(s) - 23%) [] # NTFS
E:\ -> Disque fixe # 195 Go (30 Go libre(s) - 15%) [COULIBALY] # NTFS
F:\ -> CD-ROM
G:\ -> Disque amovible # 4 Go (4 Go libre(s) - 100%) [GSP1RMCPRFR] # FAT
J:\ -> Disque amovible # 4 Go (4 Go libre(s) - 100%) [WINDOWS_XP_] # FAT32
K:\ -> Disque fixe # 112 Go (20 Go libre(s) - 18%) [DEUTCH] # NTFS

################## | Processus Actif |

C:\WINDOWS\system32\lsass.exe (ID: 828 |ParentID: 740)
C:\WINDOWS\system32\svchost.exe (ID: 920 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 980 |ParentID: 820)
C:\WINDOWS\system32\winlogon.exe (ID: 84 |ParentID: 732)
C:\WINDOWS\system32\dwm.exe (ID: 608 |ParentID: 84)
C:\WINDOWS\system32\svchost.exe (ID: 960 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 1096 |ParentID: 820)
C:\WINDOWS\System32\svchost.exe (ID: 1160 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 1220 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 1272 |ParentID: 820)
C:\WINDOWS\System32\svchost.exe (ID: 1440 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 1748 |ParentID: 820)
C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe (ID: 1792 |ParentID: 820)
C:\WINDOWS\System32\svchost.exe (ID: 2160 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 2520 |ParentID: 820)
C:\WINDOWS\SysWOW64\svchost.exe (ID: 2592 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 2632 |ParentID: 820)
C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe (ID: 4420 |ParentID: 1792)
C:\WINDOWS\system32\sihost.exe (ID: 3396 |ParentID: 960)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 5864 |ParentID: 920)
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (ID: 6196 |ParentID: 1792)
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (ID: 3616 |ParentID: 820)
C:\WINDOWS\system32\SearchIndexer.exe (ID: 3356 |ParentID: 820)
C:\Windows\System32\RuntimeBroker.exe (ID: 3492 |ParentID: 920)
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.5.2.117090.0\bavhm.exe (ID: 6576 |ParentID: 7940)
C:\WINDOWS\System32\spoolsv.exe (ID: 884 |ParentID: 820)
C:\WINDOWS\system32\conhost.exe (ID: 3424 |ParentID: 6576)
C:\WINDOWS\system32\DllHost.exe (ID: 2608 |ParentID: 920)
C:\Windows\System32\WUDFHost.exe (ID: 5920 |ParentID: 1220)
C:\WINDOWS\system32\dashost.exe (ID: 3180 |ParentID: 1220)
C:\Program Files (x86)\TeamViewer\TeamViewer.exe (ID: 4552 |ParentID: 3616)
C:\WINDOWS\explorer.exe (ID: 5676 |ParentID: 84)
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe (ID: 5076 |ParentID: 920)
C:\Program Files (x86)\TeamViewer\tv_w32.exe (ID: 6712 |ParentID: 3616)
C:\Program Files (x86)\TeamViewer\tv_x64.exe (ID: 6448 |ParentID: 3616)
C:\WINDOWS\System32\svchost.exe (ID: 7512 |ParentID: 820)
C:\WINDOWS\system32\SettingSyncHost.exe (ID: 3588 |ParentID: 920)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 3724 |ParentID: 820)
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BavTray.exe (ID: 8000 |ParentID: 7148)
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (ID: 5880 |ParentID: 8076)
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (ID: 4584 |ParentID: 5880)
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (ID: 3632 |ParentID: 5880)
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (ID: 3388 |ParentID: 5880)
C:\WINDOWS\system32\fontdrvhost.exe (ID: 4840 |ParentID: 84)
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (ID: 6420 |ParentID: 5880)
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (ID: 4996 |ParentID: 5880)
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (ID: 2528 |ParentID: 5880)
C:\UsbFix\Go.exe (ID: 5248 |ParentID: 4084)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 1068 |ParentID: 920)
C:\WINDOWS\system32\wermgr.exe (ID: 7504 |ParentID: 960)
C:\WINDOWS\system32\SearchProtocolHost.exe (ID: 5684 |ParentID: 3356)
C:\WINDOWS\system32\SearchFilterHost.exe (ID: 5536 |ParentID: 3356)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [NBKeyScan] - "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
04 - HKLM\SOFTWARE | Run : [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [Baidu Antivirus] - "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BavTray.exe" -auto
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [] - 
04 - HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\SOFTWARE | Run : [QHSafeTray] - "C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe" /start
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [NBKeyScan] - "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [Baidu Antivirus] - "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BavTray.exe" -auto
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [] - 
04 - HKLM\SOFTWARE\wow6432Node | Run : [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\SOFTWARE\wow6432Node | Run : [QHSafeTray] - "C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe" /start
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [OneDriveSetup] - C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\SOFTWARE | Run : [OneDriveSetup] - C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-868442934-2450809455-2111623478-1001\SOFTWARE | Run : [OneDrive] - "C:\Users\COULIBALY\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-868442934-2450809455-2111623478-1001\SOFTWARE | Run : [GUDelayStartup] - "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
04 - HKU\S-1-5-21-868442934-2450809455-2111623478-1001\SOFTWARE | Run : [CCleaner Monitoring] - "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKU\S-1-5-21-868442934-2450809455-2111623478-1001\SOFTWARE | Run : [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
04 - HKU\S-1-5-21-868442934-2450809455-2111623478-1001\SOFTWARE | Run : [BingSvc] - C:\Users\COULIBALY\AppData\Local\Microsoft\BingSvc\BingSvc.exe
04 - HKU\S-1-5-21-868442934-2450809455-2111623478-1001\SOFTWARE | Run : [E09FXLRD_2654218] - "C:\Program Files (x86)\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m
04 - HKU\S-1-5-21-868442934-2450809455-2111623478-1001\SOFTWARE | Run : [Viber] - "C:\Users\COULIBALY\AppData\Local\Viber\Viber.exe" StartMinimized
04 - HKU\S-1-5-21-868442934-2450809455-2111623478-1001\SOFTWARE | Run : [Sony PC Companion] - "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
04 - HKU\S-1-5-21-868442934-2450809455-2111623478-1001\SOFTWARE | RunOnce : [Uninstall C:\Users\COULIBALY\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] - C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\COULIBALY\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
04 - HKU\S-1-5-21-868442934-2450809455-2111623478-1001\SOFTWARE | RunOnce : [Uninstall C:\Users\COULIBALY\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] - C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\COULIBALY\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
04 - HKU\S-1-5-21-868442934-2450809455-2111623478-1001\SOFTWARE | RunOnce : [Uninstall C:\Users\COULIBALY\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] - C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\COULIBALY\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"

################## | Recherche générique |

Présent! C:\ProgramData\Baidu Security\Duplicaterecord.js
Présent! C:\ProgramData\Baidu Security

################## | Registre |


################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
K:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |