Bonjour
.Télécharge hijackthis sur ton bureau
http://www.commentcamarche.net/telecharger/telecharger-159-h­ijackthis
.Clique sur "télécharger hijackthis"
.enregistre le sur le bureau
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installe le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Clique sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"

Salut macmurphy

Impératif sous vista:

desactives tes comptes d'utilisateur:
http://www.zebulon.fr/astuces/220-desactiver-l-uac-dans-vist­a.html

ENSUITE:

[*]Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

[*] Déconnecte-toi et ferme toutes applications en cours

[*]Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
[*]Clique droit sur l'icône [AD-Remover située sur ton Bureau et choisis "Executer en tant qu'administrateur"[*]Au menu principal, choisis l'option L.
[*]Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure







a+
Si c'est ton seul problème ..°!°... sois heureux °!².....

Voilà

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:00, on 4/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.macmurphy11.spaces.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http:­//fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http:­//fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" -"http://www.immoweb.be/...
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
End of file - 8479 bytes

Et les Cherche.us
est-ce normal ???
je crois poser des questions idiotes mais bon j'aime savoir et suis curieux de connaître...

Salut à toi nathandre,

Je te laisse la main ,bien sur....

a+++ Si c'est ton seul problème ..°!°... sois heureux °!².....

En fait g cherche.us qui apparait et de temps se met comme page de démarrage ???

Voilà après AD remover



======= LOGFILE OF AD-REMOVER 1.1.4.6_A | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 18.10.2009 at 19:05
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 14:55:01, mer. 04/11/2009 | Normal Boot | Option: SCAN
Executed from: C:\Program Files\Ad-Remover\
Operating system: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Computer Name: PC-DE-GIANNI | Current user: GIANNI
.
============== FOUND ELEMENT(S) ==============
.

HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC0­04A67F}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F­3D3542}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1­E416D}
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0­DBBD1CC}
HKLM\Software\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAA­C0D64870E}
HKLM\Software\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4­866D60C7D}
.
C:\Users\GIANNI\AppData\Roaming\Mozilla\Firefox\Profiles\vcy­p6mlg.default\searchplugins\ask.xml
C:\Users\GIANNI\AppData\Roaming\Mozilla\Firefox\Profiles\vcy­p6mlg.default\searchplugins\askcom.xml
C:\Users\GIANNI\AppData\Roaming\Search Settings
C:\Users\GIANNI\AppData\LocalLow\Search Settings
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\Windows\Installer\61b05.msi
.
============== Added scan ==============
.
.
* Mozilla FireFox Version 3.5.4 [fr] *
.
ProfilePath: vcyp6mlg.default (GIANNI)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Ask");
(Prefs.js) user_pref("browser.search.selectedEngine", "Ask");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.macmurphy11.spaces.live.com");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.4");
.
(prefs.js) FOUND: user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1");
(prefs.js) FOUND: user_pref("extensions.snipit.history_query", "mraz=ASKURL=hxxp://www.ask.com/web?q=mraz&qsrc=2871&o=10615&l=dis||mraz=ASKURL=//www.ask.com/web?q=mraz&qsrc=2871&o=10615&l=dis||mraz=ASKURL=//www.ask.com/web?q=mraz&qsrc=2871&o=10615&l=dis");
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.cherche.us
Start Page: hxxp://www.macmurphy11.spaces.live.com/
Default_Page_URL: hxxp://www.google.com
Search Bar: hxxp://www.cherche.us
Default_Search_URL: hxxp://www.cherche.us/keyword/%s
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://www.msn.com/
Default_Page_URL: hxxp://www.google.com
Default_Search_URL: hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*hxxp://fr.search.yahoo.com
Search Page: hxxp://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*hxxp://fr.search.yahoo.com
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Users\GIANNI\AppData\Local\VirtualStore\Program Files\BitComet\torrents\LMSOFT.Web.Creator.Pro.v4.0.0.5.Incl.Crack.torrent
C:\Users\GIANNI\AppData\Local\VirtualStore\Program Files\BitComet\torrents\LMSOFT.Web.Creator.Pro.v4.0.0.5.Incl.Crack[0].torrent
C:\Users\GIANNI\AppData\Local\VirtualStore\Program Files\BitComet\torrents\LMSOFT.Web.Creator.Pro.v4.0.0.5.with.Crack.torrent
C:\Users\GIANNI\AppData\Local\VirtualStore\Program Files\BitComet\torrents\QUAD REGISTRY CLEANER v.1.5.69 + crack works perfect.rar.torrent
C:\Users\GIANNI\Downloads\AVAST PRO.V 4.8.1335.0 With Serials\setupengpro.exe
C:\Users\GIANNI\Downloads\AVAST PRO.V 4.8.1335.0 With Serials\AVAST PRO.V 4.8.1335.0 With Serials\AVAST PRO.V 4.8.1335.0 With Serials.rar
.
===================================
.
592 Byte(s) - C:\Ad-Report-SCAN[1].log
4173 Byte(s) - C:\Ad-Report-SCAN[2].log
.
74 File(s) - C:\Users\GIANNI\AppData\Local\Temp
7 File(s) - C:\Windows\Temp
.
2 File(s) - C:\Program Files\Ad-Remover\BACKUP
0 File(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
End at: 14:58:25 | mer. 04/11/2009 - SCAN[2]
.
============== E.O.F ==============
.

Et ensuite ????

Supprimer comment ???

Voilà

.
======= LOGFILE OF AD-REMOVER 1.1.4.6_A | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 18.10.2009 at 19:05
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 15:05:27, mer. 04/11/2009 | Normal Boot | Option: CLEAN
Executed from: C:\Program Files\Ad-Remover\
Operating system: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Computer Name: PC-DE-GIANNI | Current user: GIANNI
.
============== NEUTRALIZED ELEMENT(S) ==============
.

HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC0­04A67F}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F­3D3542}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1­E416D}
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0­DBBD1CC}
HKLM\Software\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAA­C0D64870E}
HKLM\Software\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4­866D60C7D}
.
C:\Users\GIANNI\AppData\Roaming\Mozilla\Firefox\Profiles\vcy­p6mlg.default\searchplugins\ask.xml
C:\Users\GIANNI\AppData\Roaming\Mozilla\Firefox\Profiles\vcy­p6mlg.default\searchplugins\askcom.xml
C:\Users\GIANNI\AppData\Roaming\Search Settings
C:\Users\GIANNI\AppData\LocalLow\Search Settings
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\Windows\Installer\61b05.msi

(!) -- Temp files deleted.

.
============== Added scan ==============
.
.
* Mozilla FireFox Version 3.5.4 [fr] *
.
ProfilePath: vcyp6mlg.default (GIANNI)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Ask");
(Prefs.js) user_pref("browser.search.selectedEngine", "Ask");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.macmurphy11.spaces.live.com");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.4");
.
(prefs.js) ERASED: user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1");
(prefs.js) ERASED: user_pref("extensions.snipit.history_query", "mraz=ASKURL=hxxp://www.ask.com/web?q=mraz&qsrc=2871&o=10615&l=dis||mraz=ASKURL=//www.ask.com/web?q=mraz&qsrc=2871&o=10615&l=dis||mraz=ASKURL=//www.ask.com/web?q=mraz&qsrc=2871&o=10615&l=dis");
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.cherche.us
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.

Mais g tjs pas supprimer ce que tu me disais ...

Je ne te suis pas là g fais la manip mais je dois les supprimer en allant à quel endroit exactement ?

Voilà poubelle vidée

cherche.us je ne le vois pas mais je ne suis pas certain d'avoir regarder au bon endroit...
dois je refaire un passage avec un des programme ??? ou une toute autre manip ???

Voilà la prmeière partie:

Logfile of random's system information tool 1.06 (written by random/random)
Run by GIANNI at 2009-11-04 15:42:50
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 117 GB (76%) free of 153 GB
Total RAM: 895 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:58, on 4/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\explorer.exe
C:\Users\GIANNI\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\GIANNI.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" -"http://www.immoweb.be/...
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
End of file - 8078 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
C:\Windows\tasks\Uniblue SpeedUpMyPC.job
C:\Windows\tasks\User_Feed_Synchronization-{A5599F64-821C-40­E3-9000-71BE4A8BFA04}.job
et voici la seconde


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-14 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-11-02 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-14 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-09-15 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2007-03-09 598016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-05-08 2780432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-09 39408]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe [2009-01-16 460216]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{033c486d-14ac-11de-8d9b-00222d016c46}]
shell\AutoRun\command - F:\
shell\open\command - rundll32.exe .\\htwi.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33613799-2745-11dd-a519-0013d3d865e0}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2009-11-04 15:40:14 ----D---- C:\rsit
2009-11-04 14:49:30 ----D---- C:\Program Files\Ad-Remover
2009-11-04 14:31:42 ----D---- C:\Program Files\Trend Micro
2009-11-04 14:12:35 ----A---- C:\TB.txt
2009-11-04 14:12:09 ----D---- C:\ToolBar SD
2009-11-04 13:04:18 ----A---- C:\Windows\system32\wups2.dll
2009-11-04 13:04:18 ----A---- C:\Windows\system32\wuauclt.exe
2009-11-04 13:04:17 ----A---- C:\Windows\system32\wucltux.dll
2009-11-04 13:04:17 ----A---- C:\Windows\system32\wuaueng.dll
2009-11-04 13:04:00 ----A---- C:\Windows\system32\wups.dll
2009-11-04 13:04:00 ----A---- C:\Windows\system32\wudriver.dll
2009-11-04 13:04:00 ----A---- C:\Windows\system32\wuapi.dll
2009-11-04 13:03:50 ----A---- C:\Windows\system32\wuwebv.dll
2009-11-04 13:03:50 ----A---- C:\Windows\system32\wuapp.exe
2009-11-04 10:21:27 ----D---- C:\Users\GIANNI\AppData\Roaming\Malwarebytes
2009-11-03 13:30:05 ----D---- C:\Belgacom.msi.2.2
2009-11-03 12:35:03 ----D---- C:\Program Files\Common Files\SupportSoft
2009-11-03 09:12:59 ----D---- C:\Program Files\JkDefrag
2009-11-03 09:12:59 ----A---- C:\Windows\system32\JkDefragScreenSaver.exe
2009-11-03 08:49:25 ----A---- C:\Windows\system32\mshtml.dll
2009-11-02 09:11:55 ----A---- C:\Windows\system32\msv1_0.dll
2009-11-02 09:11:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-11-02 09:11:46 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-11-02 09:10:12 ----N---- C:\Windows\system32\MpSigStub.exe
2009-11-02 09:08:34 ----A---- C:\Windows\system32\ieframe.dll
2009-11-02 09:08:32 ----A---- C:\Windows\system32\urlmon.dll
2009-11-02 09:08:32 ----A---- C:\Windows\system32\iertutil.dll
2009-11-02 09:08:31 ----A---- C:\Windows\system32\wininet.dll
2009-11-02 09:08:30 ----A---- C:\Windows\system32\msfeeds.dll
2009-11-02 09:08:29 ----A---- C:\Windows\system32\occache.dll
2009-11-02 09:08:29 ----A---- C:\Windows\system32\iedkcs32.dll
2009-11-02 09:08:28 ----A---- C:\Windows\system32\ieui.dll
2009-11-02 09:08:28 ----A---- C:\Windows\system32\iepeers.dll
2009-11-02 09:08:27 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-11-02 09:08:27 ----A---- C:\Windows\system32\ieUnatt.exe
2009-11-02 09:08:26 ----A---- C:\Windows\system32\msfeedssync.exe
2009-11-02 09:08:26 ----A---- C:\Windows\system32\jsproxy.dll
2009-11-02 09:08:26 ----A---- C:\Windows\system32\iesysprep.dll
2009-11-02 09:08:26 ----A---- C:\Windows\system32\iesetup.dll
2009-11-02 09:08:26 ----A---- C:\Windows\system32\iernonce.dll
2009-11-02 09:08:26 ----A---- C:\Windows\system32\ie4uinit.exe
2009-11-02 09:06:32 ----A---- C:\Windows\system32\msasn1.dll
2009-11-02 09:00:08 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-11-02 08:59:05 ----A---- C:\Windows\system32\wmp.dll
2009-11-02 08:58:56 ----A---- C:\Windows\system32\unregmp2.exe
2009-11-02 08:58:50 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-31 11:28:00 ----D---- C:\Users\GIANNI\AppData\Roaming\uTorrent
2009-10-12 21:33:32 ----D---- C:\Users\GIANNI\AppData\Roaming\dvdcss
2009-09-10 19:05:42 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-10 19:05:41 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-10 19:05:41 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-10 19:05:41 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-10 19:05:41 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-10 19:05:41 ----A---- C:\Windows\system32\finger.exe
2009-09-10 19:05:41 ----A---- C:\Windows\system32\ARP.EXE
2009-09-10 19:05:40 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-10 19:05:39 ----A---- C:\Windows\system32\netevent.dll
2009-09-10 18:32:13 ----A---- C:\Windows\system32\jscript.dll
2009-09-10 18:32:08 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-10 18:32:08 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-10 18:32:07 ----A---- C:\Windows\system32\wlansec.dll
2009-09-10 18:32:05 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-10 18:32:05 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-10 18:31:36 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-10 18:31:33 ----A---- C:\Windows\system32\mf.dll

======List of files/folders modified in the last 2 months======

2009-11-04 15:42:58 ----D---- C:\Windows\Temp
2009-11-04 15:40:26 ----D---- C:\Windows\Prefetch
2009-11-04 15:26:07 ----HD---- C:\ProgramData
2009-11-04 15:09:17 ----D---- C:\Program Files\Mozilla Firefox
2009-11-04 15:08:27 ----SHD---- C:\Windows\Installer
2009-11-04 15:04:19 ----D---- C:\Windows\rescache
2009-11-04 14:49:30 ----RD---- C:\Program Files
2009-11-04 14:48:16 ----D---- C:\Windows
2009-11-04 14:45:35 ----D---- C:\Windows\system32\fr-FR
2009-11-04 14:45:35 ----D---- C:\Windows\System32
2009-11-04 14:43:58 ----D---- C:\Windows\winsxs
2009-11-04 14:28:36 ----SHD---- C:\System Volume Information
2009-11-04 14:14:07 ----D---- C:\Windows\system32\Tasks
2009-11-04 13:04:42 ----D---- C:\Windows\system32\catroot
2009-11-04 13:02:06 ----D---- C:\Windows\system32\catroot2
2009-11-04 12:54:49 ----D---- C:\Windows\system32\Msdtc
2009-11-04 12:54:47 ----D---- C:\Windows\system32\wbem
2009-11-04 12:53:36 ----D---- C:\Windows\system32\config
2009-11-04 12:53:15 ----D---- C:\Windows\Tasks
2009-11-04 12:53:15 ----D---- C:\Windows\system32\spool
2009-11-04 12:53:15 ----D---- C:\Windows\system32\drivers
2009-11-04 12:53:14 ----D---- C:\Windows\system32\CodeIntegrity
2009-11-04 12:53:14 ----D---- C:\Windows\inf
2009-11-04 12:53:13 ----D---- C:\Users\GIANNI\AppData\Roaming\vlc
2009-11-04 12:53:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-11-04 12:53:12 ----D---- C:\Program Files\YesMessenger
2009-11-04 12:53:10 ----D---- C:\Windows\registration
2009-11-04 11:31:53 ----D---- C:\Windows\Debug
2009-11-03 16:53:53 ----D---- C:\Windows\system32\zh-HK
2009-11-03 16:53:53 ----D---- C:\Windows\system32\uk-UA
2009-11-03 16:53:53 ----D---- C:\Windows\system32\tr-TR
2009-11-03 16:53:53 ----D---- C:\Windows\system32\th-TH
2009-11-03 16:53:53 ----D---- C:\Windows\system32\sv-SE
2009-11-03 16:53:53 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-03 16:53:53 ----D---- C:\Windows\system32\sl-SI
2009-11-03 16:53:53 ----D---- C:\Windows\system32\pt-PT
2009-11-03 16:53:53 ----D---- C:\Windows\system32\pt-BR
2009-11-03 16:53:53 ----D---- C:\Windows\system32\pl-PL
2009-11-03 16:53:53 ----D---- C:\Windows\system32\nl-NL
2009-11-03 16:53:53 ----D---- C:\Windows\system32\ko-KR
2009-11-03 16:53:53 ----D---- C:\Windows\system32\it-IT
2009-11-03 16:53:53 ----D---- C:\Windows\system32\hu-HU
2009-11-03 16:53:53 ----D---- C:\Windows\system32\hr-HR
2009-11-03 16:53:53 ----D---- C:\Windows\system32\he-IL
2009-11-03 16:53:53 ----D---- C:\Windows\system32\fi-FI
2009-11-03 16:53:53 ----D---- C:\Windows\system32\el-GR
2009-11-03 16:53:53 ----D---- C:\Windows\system32\bg-BG
2009-11-03 16:53:52 ----D---- C:\Windows\system32\zh-TW
2009-11-03 16:53:52 ----D---- C:\Windows\system32\zh-CN
2009-11-03 16:53:52 ----D---- C:\Windows\system32\sk-SK
2009-11-03 16:53:52 ----D---- C:\Windows\system32\ru-RU
2009-11-03 16:53:52 ----D---- C:\Windows\system32\ro-RO
2009-11-03 16:53:52 ----D---- C:\Windows\system32\nb-NO
2009-11-03 16:53:52 ----D---- C:\Windows\system32\lv-LV
2009-11-03 16:53:52 ----D---- C:\Windows\system32\lt-LT
2009-11-03 16:53:52 ----D---- C:\Windows\system32\ja-JP
2009-11-03 16:53:52 ----D---- C:\Windows\system32\et-EE
2009-11-03 16:53:52 ----D---- C:\Windows\system32\es-ES
2009-11-03 16:53:52 ----D---- C:\Windows\system32\en-US
2009-11-03 16:53:52 ----D---- C:\Windows\system32\de-DE
2009-11-03 16:53:52 ----D---- C:\Windows\system32\da-DK
2009-11-03 16:53:52 ----D---- C:\Windows\system32\cs-CZ
2009-11-03 16:53:52 ----D---- C:\Windows\system32\ar-SA
2009-11-03 12:35:03 ----D---- C:\Program Files\Common Files
2009-11-02 19:30:53 ----D---- C:\Windows\Microsoft.NET
2009-11-02 19:30:51 ----RSD---- C:\Windows\assembly
2009-11-02 19:19:11 ----D---- C:\Windows\ehome
2009-11-02 19:19:11 ----D---- C:\Program Files\Windows Mail
2009-11-02 19:19:09 ----D---- C:\Windows\system32\migration
2009-11-02 19:19:09 ----D---- C:\Program Files\Internet Explorer
2009-11-02 19:19:05 ----D---- C:\Program Files\Windows Media Player
2009-11-02 08:52:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-02 08:41:45 ----D---- C:\Users\GIANNI\AppData\Roaming\XnView
2009-11-02 08:41:42 ----D---- C:\Users\GIANNI\AppData\Roaming\LimeWire
2009-11-02 08:41:39 ----D---- C:\Program Files\Defraggler
2009-11-02 08:41:38 ----D---- C:\Program Files\CCleaner
2009-11-02 06:37:34 ----D---- C:\Windows\pss
2009-11-01 19:23:51 ----D---- C:\Windows\Minidump
2009-11-01 14:36:42 ----SHD---- C:\Boot
2009-11-01 14:36:40 ----D---- C:\Program Files\WinRAR
2009-11-01 09:34:42 ----D---- C:\Windows\system32\WDI
2009-10-31 23:01:45 ----D---- C:\Users\GIANNI\AppData\Roaming\WinRAR
2009-10-02 19:01:57 ----A---- C:\Windows\system32\mrt.exe
2009-09-24 08:25:38 ----RD---- C:\Users
2009-09-24 08:25:09 ----HD---- C:\Windows\system32\GroupPolicyUsers
2009-09-15 12:59:36 ----A---- C:\Windows\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-09-15 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-09-15 52368]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-03-25 4137312]
R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2009-04-30 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2009-04-30 495768]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 2314752]
R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\system32\DRIVERS\vbtenum.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-18 8192]
S3 s115bus;s115bus; C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;s115mdfl; C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;s115mdm; C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;s115mgmt; C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;s115obex; C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SMCUSBT;EZ ConnectTM g 108Mbps Wireless USB Adapter Service; C:\Windows\system32\DRIVERS\smcusbt1.sys []
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC); C:\Windows\system32\DRIVERS\SMCWGU.sys [2005-12-16 408064]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Si g bien cherche.us y est toujours...

Télécharge USBFix de Chiquitine29 , C_XX et Chimay8 sur ton bureau
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe­­

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Sélectionne l'option 1 ( Recherche )

# Laisse travailler l'outil.

# Ensuite poste le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

############################## | UsbFix V6.047 |

User : GIANNI (Administrateurs) # PC-DE-GIANNI
Update on 02/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:50:27 | 4/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 Processor 3400+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 149,05 Go (114 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe

################## | Fichiers # Dossiers infectieux |


################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{033c486d-14ac-11de-8d9b-00222d016c46}
shell\AutoRun\command =F:\
shell\open\Command =rundll32.exe .\\htwi.dll,InstallM

HKCU\..\..\Explorer\MountPoints2\{33613799-2745-11dd-a519-0013d3d865e0}
shell\AutoRun\command =G:\InstallTomTomHOME.exe

################## | Suspect | http://www.virustotal.com |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.047 ! |

############################## | UsbFix V6.047 |

User : GIANNI (Administrateurs) # PC-DE-GIANNI
Update on 02/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 16:06:25 | 4/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 Processor 3400+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 149,05 Go (114,01 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe

################## | Fichiers # Dossiers infectieux |


################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{033c486d-14ac-11de-8d9b-00222d016c46}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{33613799-2745-11dd-a519-0013d3d865e0}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[04/11/2009 15:08|--a------|4694] C:\Ad-Report-CLEAN[1].log
[04/11/2009 14:49|--a------|592] C:\Ad-Report-SCAN[1].log
[04/11/2009 14:58|--a------|4494] C:\Ad-Report-SCAN[2].log
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[18/09/2006 22:43|--a------|10] C:\config.sys
[01/05/2008 14:24|--a------|168] C:\InfoSat.txt
[02/06/2007 11:19|-rahs----|0] C:\IO.SYS
[02/06/2007 11:19|-rahs----|0] C:\MSDOS.SYS
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[28/01/2008 12:02|--ah-----|232] C:\sqmdata00.sqm
[09/02/2008 23:10|--ah-----|232] C:\sqmdata01.sqm
[06/04/2008 10:45|--ah-----|232] C:\sqmdata02.sqm
[21/04/2008 07:04|--ah-----|232] C:\sqmdata03.sqm
[21/04/2008 12:59|--ah-----|232] C:\sqmdata04.sqm
[20/06/2008 23:39|--ah-----|232] C:\sqmdata05.sqm
[05/07/2008 19:17|--ah-----|232] C:\sqmdata06.sqm
[15/10/2008 11:53|--ah-----|232] C:\sqmdata07.sqm
[28/10/2008 18:42|--ah-----|232] C:\sqmdata08.sqm
[02/11/2008 16:50|--ah-----|232] C:\sqmdata09.sqm
[18/11/2008 11:27|--ah-----|232] C:\sqmdata10.sqm
[08/12/2008 17:18|--ah-----|232] C:\sqmdata11.sqm
[18/01/2009 15:42|--ah-----|232] C:\sqmdata12.sqm
[27/03/2009 12:01|--ah-----|232] C:\sqmdata13.sqm
[31/03/2009 21:11|--ah-----|232] C:\sqmdata14.sqm
[23/04/2009 15:37|--ah-----|232] C:\sqmdata15.sqm
[15/05/2009 11:06|--ah-----|232] C:\sqmdata16.sqm
[28/01/2008 12:02|--ah-----|244] C:\sqmnoopt00.sqm
[09/02/2008 23:10|--ah-----|244] C:\sqmnoopt01.sqm
[06/04/2008 10:45|--ah-----|244] C:\sqmnoopt02.sqm
[21/04/2008 07:04|--ah-----|244] C:\sqmnoopt03.sqm
[21/04/2008 12:59|--ah-----|244] C:\sqmnoopt04.sqm
[20/06/2008 23:39|--ah-----|244] C:\sqmnoopt05.sqm
[05/07/2008 19:17|--ah-----|244] C:\sqmnoopt06.sqm
[15/10/2008 11:53|--ah-----|244] C:\sqmnoopt07.sqm
[28/10/2008 18:42|--ah-----|244] C:\sqmnoopt08.sqm
[02/11/2008 16:50|--ah-----|244] C:\sqmnoopt09.sqm
[18/11/2008 11:27|--ah-----|244] C:\sqmnoopt10.sqm
[08/12/2008 17:18|--ah-----|244] C:\sqmnoopt11.sqm
[18/01/2009 15:42|--ah-----|244] C:\sqmnoopt12.sqm
[27/03/2009 12:01|--ah-----|244] C:\sqmnoopt13.sqm
[31/03/2009 21:11|--ah-----|244] C:\sqmnoopt14.sqm
[23/04/2009 15:37|--ah-----|244] C:\sqmnoopt15.sqm
[15/05/2009 11:06|--ah-----|244] C:\sqmnoopt16.sqm
[23/07/2009 11:10|--a------|284] C:\sqmnoopt17.sqm
[04/11/2009 14:26|--a------|3221] C:\TB.txt
[04/11/2009 16:08|--a------|4830] C:\UsbFix.txt
[30/08/2007 15:45|--a------|150] C:\YServer.txt

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.

################## | Suspect | http://www.virustotal.com |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.047 ! |