############################## | UsbFix V 7.164 | [Suppression]

Utilisateur: Christian (Administrateur) # TRAFALGAR16
Mis à jour le05/02/2014 par El Desaparecido - Team SosVirus
Lancé à 10:51:06 | 12/02/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Hewlett-Packard (1896)
CPU: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
RAM -> [Total : 3992 Mo| Free : 2979 Mo]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 8.1 (6.3.9600 64-Bit) 
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 32.0.1700.107

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Windows Defender [(!) Disabled | Updated]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]

C:\ (%systemdrive%) -> Disque fixe # 437 Go (244 Go libre(s) - 56%) [OS] # NTFS
D:\ -> Disque fixe # 28 Go (3 Go libre(s) - 12%) [RECOVERY] # NTFS
E:\ -> Disque amovible # 7 Go (6 Go libre(s) - 78%) [MYKEY] # FAT32

################## | Processus Actif |

C:\WINDOWS\system32\wininit.exe (ID: 580 |ParentID: 444)
C:\WINDOWS\system32\winlogon.exe (ID: 644 |ParentID: 572)
C:\WINDOWS\system32\lsass.exe (ID: 676 |ParentID: 580)
C:\WINDOWS\system32\svchost.exe (ID: 764 |ParentID: 668)
C:\WINDOWS\system32\svchost.exe (ID: 804 |ParentID: 668)
C:\WINDOWS\system32\dwm.exe (ID: 936 |ParentID: 644)
C:\WINDOWS\System32\svchost.exe (ID: 948 |ParentID: 668)
C:\WINDOWS\system32\svchost.exe (ID: 1004 |ParentID: 668)
C:\WINDOWS\system32\svchost.exe (ID: 364 |ParentID: 668)
C:\WINDOWS\System32\svchost.exe (ID: 664 |ParentID: 668)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 920 |ParentID: 668)
C:\WINDOWS\system32\Hpservice.exe (ID: 1108 |ParentID: 668)
C:\WINDOWS\system32\svchost.exe (ID: 1344 |ParentID: 668)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1420 |ParentID: 668)
C:\WINDOWS\System32\spoolsv.exe (ID: 1548 |ParentID: 668)
C:\WINDOWS\system32\svchost.exe (ID: 1588 |ParentID: 668)
C:\WINDOWS\system32\svchost.exe (ID: 1756 |ParentID: 668)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1800 |ParentID: 668)
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (ID: 1836 |ParentID: 668)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1868 |ParentID: 668)
C:\WINDOWS\system32\dashost.exe (ID: 1904 |ParentID: 664)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID: 1912 |ParentID: 668)
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (ID: 1944 |ParentID: 668)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 1968 |ParentID: 668)
C:\Windows\SysWOW64\irstrtsv.exe (ID: 2000 |ParentID: 668)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID: 1248 |ParentID: 668)
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (ID: 1288 |ParentID: 668)
C:\WINDOWS\system32\svchost.exe (ID: 1664 |ParentID: 668)
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (ID: 1900 |ParentID: 668)
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (ID: 2392 |ParentID: 668)
C:\WINDOWS\system32\svchost.exe (ID: 2696 |ParentID: 668)
C:\WINDOWS\system32\svchost.exe (ID: 2780 |ParentID: 668)
C:\WINDOWS\System32\svchost.exe (ID: 3100 |ParentID: 668)
C:\Windows\System32\WUDFHost.exe (ID: 3132 |ParentID: 664)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 3848 |ParentID: 764)
C:\WINDOWS\system32\DllHost.exe (ID: 3900 |ParentID: 764)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 1436 |ParentID: 668)
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (ID: 4040 |ParentID: 668)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 3528 |ParentID: 668)
C:\WINDOWS\system32\SearchIndexer.exe (ID: 2824 |ParentID: 668)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 3384 |ParentID: 668)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3644 |ParentID: 668)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 3468 |ParentID: 764)
C:\WINDOWS\system32\taskeng.exe (ID: 3360 |ParentID: 1004)
C:\WINDOWS\system32\taskhostex.exe (ID: 1240 |ParentID: 1004)
C:\WINDOWS\Explorer.EXE (ID: 1224 |ParentID: 3972)
C:\WINDOWS\system32\runonce.exe (ID: 3804 |ParentID: 1224)
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe (ID: 2312 |ParentID: 2392)
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe (ID: 2636 |ParentID: 2392)
C:\WINDOWS\system32\SearchProtocolHost.exe (ID: 4248 |ParentID: 2824)
C:\WINDOWS\system32\SearchFilterHost.exe (ID: 4264 |ParentID: 2824)
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (ID: 4416 |ParentID: 1004)

################## | Regedit Run |

04 - HKCU\..\Run : [cacaoweb] "C:\Users\Christian\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKCU\..\Run : [Documentation] wscript.exe //B "C:\Users\CHRIST~1\AppData\Local\Temp\Documentation.vbs"
04 - HKLM\..\Run : [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\..\Run : [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\..\Run : [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [Boxore Client] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\RunOnce : [] 
04 - HKLM\..\Policies\Explorer\run : [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
04 - HKLM64\..\Run : [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
04 - HKLM64\..\Run : [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
04 - HKLM64\..\Run : [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
04 - HKLM64\..\Run : [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
04 - HKLM64\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKLM64\..\Policies\Explorer\run : [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
04 - HKU\S-1-5-21-3388229202-602857072-2511271055-1001\..\Run : [cacaoweb] "C:\Users\Christian\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-3388229202-602857072-2511271055-1001\..\Run : [Documentation] wscript.exe //B "C:\Users\CHRIST~1\AppData\Local\Temp\Documentation.vbs"

################## | Recherche générique |

Supprimé! C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Documentation.vbs
Supprimé! E:\Documentation.vbs
Supprimé! C:\Users\CHRIST~1\AppData\Local\Temp\Documentation.vbs
Supprimé! E:\cv canadien.lnk
Supprimé! E:\Bordereau-d-echange-titres-2013-CGOS-VF.lnk
Supprimé! E:\.lnk
Supprimé! E:\cv canadien anglais.lnk
Supprimé! E:\cv canadien (2).lnk
Supprimé! E:\K letter.lnk
Supprimé! E:\131228010906.lnk
Supprimé! E:\gabarit cv mems.lnk
Supprimé! E:\Chris Brown - X Files.lnk
Supprimé! E:\Tout Le Monde Deteste Chris - Saison 1.lnk
Supprimé! E:\Bruno Mars - Unorthodox Jukebox (Album 2012).lnk
Supprimé! E:\Sampha-Dual-SonidoEvolucion.lnk
Supprimé! E:\System Volume Information.lnk
Supprimé! E:\msxmlfra.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Supprimé! HKU\S-1-5-21-3388229202-602857072-2511271055-1001\Software\Microsoft\Windows\CurrentVersion\Run|Documentation
Supprimé! HKU\S-1-5-21-3388229202-602857072-2511271055-1001\Software\.\.\.\.\Mountpoints2\{0ce2cfd9-7857-11e3-be82-6c3be585fe5b}

################## | Listing |

[01/02/2014 - 01:57:23 | SHD] - C:\$Recycle.Bin
[21/01/2014 - 22:12:19 | D] - C:\$SysReset
[04/08/2012 - 00:21:36 | SHD] - C:\Boot
[26/07/2012 - 04:44:30 | RASH | 389 Ko] - C:\bootmgr
[18/06/2013 - 13:18:29 | N | 0 Ko] - C:\BOOTNXT
[04/08/2012 - 00:21:37 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[22/08/2013 - 15:45:52 | SHD] - C:\Documents and Settings
[12/02/2014 - 10:41:14 | ASH | 3270468 Ko] - C:\hiberfil.sys
[07/06/2013 - 01:45:42 | D] - C:\HP
[12/01/2014 - 07:10:56 | D] - C:\inetpub
[07/06/2013 - 01:28:49 | D] - C:\Intel
[12/02/2014 - 10:41:16 | ASH | 1310720 Ko] - C:\pagefile.sys
[09/12/2013 - 20:18:28 | D] - C:\PCShareManagerUpload
[22/08/2013 - 16:22:35 | D] - C:\PerfLogs
[06/02/2014 - 23:00:21 | D] - C:\Program Files
[06/02/2014 - 23:00:20 | D] - C:\Program Files (x86)
[06/02/2014 - 23:00:20 | HD] - C:\ProgramData
[12/01/2014 - 07:14:40 | SHD] - C:\Recovery
[12/02/2014 - 10:41:16 | ASH | 262144 Ko] - C:\swapfile.sys
[14/01/2014 - 23:20:27 | D] - C:\SWSetup
[08/02/2014 - 12:26:57 | SHD] - C:\System Volume Information
[22/11/2013 - 21:49:59 | D] - C:\SYSTEM.SAV
[12/02/2014 - 10:18:45 | D] - C:\UsbFix
[12/02/2014 - 10:55:36 | A | 9 Ko | F105114D6301EC85617E93C0C7CE9BC1] - C:\UsbFix [Clean 2] TRAFALGAR16.txt
[12/01/2014 - 07:20:45 | D] - C:\Users
[24/01/2014 - 00:09:24 | D] - C:\Windows
[22/11/2013 - 22:16:21 | SHD] - D:\$RECYCLE.BIN
[07/06/2013 - 03:03:27 | RSHD] - D:\boot
[26/07/2012 - 20:44:32 | RASH | 389 Ko] - D:\bootmgr
[26/07/2012 - 21:57:10 | N | 1319 Ko] - D:\bootmgr.efi
[07/06/2013 - 03:03:27 | D] - D:\EFI
[07/06/2013 - 03:03:27 | D] - D:\FactoryUpdate
[07/06/2013 - 03:03:27 | D] - D:\hp
[07/06/2013 - 03:03:28 | RSHD] - D:\preload
[28/11/2013 - 20:30:34 | SD] - D:\recovery
[07/06/2013 - 03:03:27 | D] - D:\RM_Reserve
[24/01/2014 - 00:16:45 | SHD] - D:\System Volume Information
[20/01/2014 - 12:44:40 | N | 122 Ko] - E:\Bordereau-d-echange-titres-2013-CGOS-VF.pdf
[19/11/2013 - 16:07:34 | N | 33 Ko] - E:\cv canadien.docx
[01/01/1980 - 00:00:00 | N | 0 Ko] - E:\.cm0012
[19/11/2013 - 16:15:18 | N | 35 Ko] - E:\cv canadien anglais.docx
[19/11/2013 - 16:17:50 | N | 34 Ko] - E:\cv canadien (2).docx
[23/01/2014 - 21:27:54 | D] - E:\Chris Brown - X Files
[10/12/2013 - 15:56:56 | N | 14 Ko] - E:\K letter.docx
[14/01/2014 - 23:39:32 | D] - E:\Tout Le Monde Deteste Chris - Saison 1
[27/12/2013 - 17:42:58 | N | 609 Ko] - E:\131228010906.pdf
[30/11/2013 - 21:26:44 | D] - E:\Bruno Mars - Unorthodox Jukebox (Album 2012)
[30/11/2013 - 22:00:50 | D] - E:\Sampha-Dual-SonidoEvolucion
[06/01/2014 - 14:38:46 | SHD] - E:\System Volume Information
[06/01/2014 - 14:39:32 | N | 22 Ko] - E:\gabarit cv mems.docx
[10/01/2014 - 22:16:54 | N | 5166 Ko] - E:\msxmlfra.msi

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |