Infection virus [Résolu]

Salut :


DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est détecte a tort comme infection)

Télécharge ici :List_Kill'em de gen-hackman

http://sd-4.archive-host.com/...

et enregistre le sur ton bureau

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "exécuter en tant que...."

sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

Exécuter List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

Il commencera par télécharger et installer ses mises à jour , puis te donnera son menu

choisis l'option Search

laisse travailler l'outil

il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "OK" ou "Agrée"

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal ,c'est une recherche supplémentaire de fichiers cachés , le programme n'est pas bloqué.

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"

J'ai hijackthis ça marche aussi ?

oui poste le en même temps List_Kill'em

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:29, on 02/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Lemoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lemoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lemoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\Lemoine\scriptjava.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/...
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

Personne pour un petit coup de main ?

"Virus" toujours présent ! J'ai des alertes bloqué par Avast, mais suis je vraiment infecté ?

J'ai essayé deux fois List_Kill'em

Par deux fois, mon écran devient noir, (il m'affiche "Hors Plage") et impossible de réaccéder à mon PC. Bloquage complet, donc redémarrage...

Que faire d'autre ?

salut laisse tomber List_Kill'em

télécharge

http://www.commentcamarche.net/download/telecharger-34055379-malwarebytes

a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Vérifier si tout est coché et clic Supprimer la sélection

S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le rapport générer

Ça été assez long, mais le voilà !


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4741

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/10/2010 22:45:37
mbam-log-2010-10-04 (22-45-37).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 362912
Temps écoulé: 1 heure(s), 32 minute(s), 35 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 11
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 48

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020search) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://www.cherche.us/keyword/) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Le*****\Mes documents\Téléchargements\MMFin 2010.v15.0\patch_finale_2010_v15.0.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Documents and Settings\Le*****\Mes documents\Téléchargements\Dossier Abandonware\Keygen.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\ErrorLog.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.

Télécharge Ad-Remover sur ton bureau:
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe

Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Scanner".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.

Je lance ça demain matin, là je vais me coucher ! Je m'en occupe demain matin, première heure !

merci encore !

ok

a demain

======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 16/09/10 à 13:30
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 08:48:08 le 05/10/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Lemoine@SN045539320204 ( )

============== RECHERCHE ==============


0,Fichier trouvé: C:\Documents and Settings\Le*****\Application Data\Mozilla\FireFox\Profiles\ypw9quzt.default\searchplugins\cherche.xml
0,Fichier trouvé: C:\Documents and Settings\Le*****\scriptjava.html
0,Dossier trouvé: C:\Documents and Settings\All Users\Application Data\Trymedia
0,Dossier trouvé: C:\Documents and Settings\All Users\Application Data\Viewpoint
0,Dossier trouvé: C:\Program Files\Viewpoint

-- Fichier ouvert: C:\Documents and Settings\Le*****\Application Data\Mozilla\FireFox\Profiles\ypw9quzt.default\Prefs.js --
Ligne trouvée: user_pref("keyword.URL", "hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpj...
-- Fichier Fermé --


1,Clé trouvée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
1,Clé trouvée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
1,Clé trouvée: HKLM\Software\Classes\Interface\{457C59FC-4C15-4545-8811-1E9427014ACC}
1,Clé trouvée: HKLM\Software\Classes\Interface\{D6094FC6-821F-474C-8D73-C13066CD178D}
0,Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
0,Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
0,Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
0,Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
0,Clé trouvée: HKLM\Software\MetaStream
0,Clé trouvée: HKLM\Software\Trymedia Systems
0,Clé trouvée: HKLM\Software\Viewpoint
0,Clé trouvée: HKCU\Software\Dynamic Toolbar
0,Clé trouvée: HKCU\Software\Grand Virtual
0,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
0,Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
0,Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.10 (fr)] **

-- C:\Documents and Settings\Le*****\Application Data\Mozilla\FireFox\Profiles\ypw9quzt.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\Le****\\Mes documents\\Mes images
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.10
keyword.URL, hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A0000...

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.google.com
Default_Search_URL: hxxp://www.google.com
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://www.google.com
Search Page: hxxp://www.google.com
Show_ToolBar: yes
Start Page: hxxp://www.google.fr/

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.google.com
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.google.com
Start Page: hxxp://www.google.com

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 04/10/2010 (433 Octet(s))
C:\Ad-Report-SCAN[2].txt - 05/10/2010 (1121 Octet(s))

Fin à: 08:53:00, 05/10/2010

============== E.O.F ==============

salut

Nettoyage:

/!\ Ferme toutes tes applications ouvertes. /!\

Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Nettoyer".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.

======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 16/09/10 à 13:30
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 09:41:08 le 05/10/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Lemoine@SN045539320204 ( )

============== ACTION(S) ==============


0,Fichier supprimé: C:\Documents and Settings\Le*****\Application Data\Mozilla\FireFox\Profiles\ypw9quzt.default\searchplugins\cherche.xml
0,Fichier supprimé: C:\Documents and Settings\Le*****\scriptjava.html
0,Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Trymedia
0,Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Viewpoint
0,Dossier supprimé: C:\Program Files\Viewpoint

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\L*****Application Data\Mozilla\FireFox\Profiles\ypw9quzt.default\Prefs.js --
Ligne supprimée: user_pref("keyword.URL", "hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpj...
-- Fichier Fermé --


1,Clé supprimée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
1,Clé supprimée: HKLM\Software\Classes\Interface\{457C59FC-4C15-4545-8811-1E9427014ACC}
1,Clé supprimée: HKLM\Software\Classes\Interface\{D6094FC6-821F-474C-8D73-C13066CD178D}
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
0,Clé supprimée: HKLM\Software\MetaStream
0,Clé supprimée: HKLM\Software\Trymedia Systems
0,Clé supprimée: HKLM\Software\Viewpoint
0,Clé supprimée: HKCU\Software\Dynamic Toolbar
0,Clé supprimée: HKCU\Software\Grand Virtual
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
0,Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
0,Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.10 (fr)] **

-- C:\Documents and Settings\L******\Application Data\Mozilla\FireFox\Profiles\ypw9quzt.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\Lemoine\\Mes documents\\Mes images
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.10

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 61 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 05/10/2010 (2934 Octet(s))
C:\Ad-Report-SCAN[1].txt - 04/10/2010 (433 Octet(s))
C:\Ad-Report-SCAN[2].txt - 05/10/2010 (4173 Octet(s))

Fin à: 09:45:43, 05/10/2010

============== E.O.F ==============

Télécharge UsbFix de C_XX & Chiquitine29

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe


(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

* Double clic sur "UsbFix.exe" présent sur ton bureau ( clic droit "exécuter en tant qu'administrateur" pour Vista & 7 )

* Choisis l'option F pour français et tape sur [entrée] .

* Choisis l'option 1 ( Recherche ) et tape sur [entrée] .

* Laisse travailler l'outil.

* Ensuite poste le rapport UsbFix.txt qui apparaitra.

* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Je fais ça de suite.

Mon DD n'a jamais été branché depuis ou avant ce virus.
Par contre, une de mes clés USB, si.

C'est parti !

############################## | UsbFix 7.027 | [Recherche]

Utilisateur: Le***** (Administrateur) # SN045539320204 [ ]
Mis à jour le 28/09/10 par El Desaparecido / C_XX
Lancé à 19:43:18 | 05/10/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Désactivé /!\
Antivirus: avast! Internet Security 5.0.83886757 [Enabled | Updated]
Firewall: avast! Internet Security 5.0.83886757 [Enabled]
RAM -> 1535 Mo
C:\ (%systemdrive%) -> Disque fixe # 227 Go (73 Go libre(s) - 32%) [HDD] # NTFS
D:\ -> CD-ROM
I:\ -> CD-ROM
J:\ -> CD-ROM
K:\ -> Disque amovible # 247 Mo (217 Mo libre(s) - 88%) [] # FAT32
L:\ -> Disque fixe # 298 Go (32 Go libre(s) - 11%) [My Passport] # FAT32

################## | Éléments infectieux |


Présent! C:\log.txt

################## | Registre |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{1f226282-215b-11de-ba45-001e2ac820ca}
Shell\AutoRun\Command = L:\WDSetup.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cfb7dae6-75ab-11dc-a9a7-00038a000015}
Shell\AutoRun\Command = I:\LaunchU3.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{daa4820e-772e-11dc-a9aa-00038a000015}
Shell\AutoRun\Command = I:\start.exe
Shell\iledefrance\Command = I:\start.exe


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |

Suppression

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe......) susceptibles d'avoir été infectés sans les ouvrir

(1) Double clic sur le raccourci UsbFix présent sur ton bureau

(2) Choisi l option 2 ( Suppression )

Ton bureau disparaitra et le pc redémarrera .

Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

############################## | UsbFix 7.027 | [Suppression]

Utilisateur: Le***** (Administrateur) # SN045539320204 [ ]
Mis à jour le 28/09/10 par El Desaparecido / C_XX
Lancé à 22:26:19 | 05/10/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Désactivé /!\
Antivirus: avast! Internet Security 5.0.83886757 [Enabled | Updated]
Firewall: avast! Internet Security 5.0.83886757 [Enabled]
RAM -> 1535 Mo
C:\ (%systemdrive%) -> Disque fixe # 227 Go (73 Go libre(s) - 32%) [HDD] # NTFS
D:\ -> CD-ROM
I:\ -> CD-ROM
J:\ -> CD-ROM
K:\ -> Disque amovible # 247 Mo (217 Mo libre(s) - 88%) [] # FAT32
L:\ -> Disque fixe # 298 Go (32 Go libre(s) - 11%) [My Passport] # FAT32

################## | Éléments infectieux |


Supprimé! C:\log.txt

################## | Registre |


################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{cfb7dae6-75ab-11dc-a9a7-00038a000015}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{daa4820e-772e-11dc-a9aa-00038a000015}

################## | Listing |

[05/10/2010 - 09:45:44 | A | 4384] C:\Ad-Report-CLEAN[1].txt
[04/10/2010 - 23:14:34 | A | 433] C:\Ad-Report-SCAN[1].txt
[05/10/2010 - 08:53:00 | A | 4173] C:\Ad-Report-SCAN[2].txt
[08/10/2008 - 15:38:12 | A | 0] C:\AILog.txt
[28/04/2005 - 16:39:57 | D ] C:\APPS
[29/01/2008 - 20:40:39 | A | 95] C:\AUTOEXEC.BAT
[28/04/2005 - 16:24:48 | RASH | 215] C:\BOOT.BAK
[30/08/2008 - 21:55:27 | RASH | 297] C:\BOOT.INI
[05/08/2004 - 14:00:00 | RASH | 4952] C:\Bootfont.bin
[07/01/2010 - 10:17:45 | A | 74993] C:\checkrun.txt
[28/04/2005 - 16:28:41 | RSHD ] C:\cmdcons
[05/08/2004 - 14:00:00 | RASH | 263488] C:\cmldr
[04/10/2010 - 12:04:28 | SHD ] C:\Config.Msi
[21/12/2008 - 14:26:29 | A | 445676] C:\debug.log
[03/10/2007 - 23:37:29 | A | 474] C:\debugInstaller.txt
[28/04/2005 - 16:30:03 | HD ] C:\DIVTOOLS
[04/11/2007 - 11:29:36 | D ] C:\Documents and Settings
[25/10/2007 - 23:25:39 | D ] C:\Downloads
[25/07/2005 - 13:29:57 | SHD ] C:\DRIVERS
[28/07/2010 - 13:24:48 | A | 0] C:\DUMMY.OUT
[23/06/2009 - 20:25:00 | D ] C:\DVDVideoSoft
[28/04/2005 - 16:10:40 | A | 5980] C:\DWNLOG.TXT
[08/08/2009 - 02:33:24 | D ] C:\f536c669e2eaab7154f0844339db
[12/02/2010 - 15:38:07 | A | 0] C:\FileIn.Cns
[12/02/2010 - 15:38:07 | A | 0] C:\FileOut.Cns
[28/07/2010 - 13:25:49 | D ] C:\GP2
[17/02/2010 - 17:21:09 | D ] C:\GTL
[05/10/2010 - 09:47:43 | ASH | 1610010624] C:\hiberfil.sys
[16/01/2006 - 21:46:48 | A | 1120] C:\INSTALL.LOG
[28/04/2005 - 16:28:34 | RASH | 0] C:\IO.SYS
[30/01/2007 - 19:30:39 | AH | 1039] C:\IPH.PH
[24/07/2010 - 18:55:39 | D ] C:\jeuxdos
[04/10/2010 - 10:01:50 | D ] C:\Kill'em
[04/10/2010 - 10:50:13 | A | 52946] C:\List'em.txt
[10/08/2007 - 20:54:41 | A | 93549] C:\MDACSET.log
[28/12/2006 - 12:02:42 | A | 214162] C:\MSDELog.log
[28/04/2005 - 16:28:34 | RASH | 0] C:\MSDOS.SYS
[28/04/2005 - 16:37:59 | RHD ] C:\MSOCache
[28/04/2005 - 16:29:49 | D ] C:\My Music
[28/04/2005 - 16:30:35 | D ] C:\mysql
[05/08/2004 - 14:00:00 | A | 47564] C:\NTDETECT.COM
[01/02/2009 - 18:36:52 | A | 252240] C:\NTLDR
[09/09/2009 - 19:40:54 | D ] C:\NVIDIA
[30/03/2010 - 13:52:34 | D ] C:\OEMSettings
[05/10/2010 - 09:47:37 | ASH | 1609940992] C:\pagefile.sys
[26/12/2009 - 13:25:26 | A | 13200] C:\pcwdbg.log
[28/04/2005 - 16:10:10 | HD ] C:\PNP
[05/10/2010 - 09:45:28 | RD ] C:\Program Files
[08/11/2007 - 22:09:44 | D ] C:\programme
[20/03/2010 - 14:40:25 | D ] C:\Psfonts
[25/07/2010 - 01:56:19 | D ] C:\rc
[24/07/2005 - 01:25:30 | SHD ] C:\RECYCLER
[28/04/2005 - 14:17:24 | A | 1125] C:\SAUDIT.TXT
[04/10/2009 - 18:40:41 | D ] C:\SIERRA
[21/06/2007 - 12:28:37 | D ] C:\Softpepper files
[23/09/2010 - 08:21:15 | SHD ] C:\System Volume Information
[07/09/2010 - 16:33:35 | D ] C:\Team17
[13/02/2010 - 12:08:30 | D ] C:\TGiant
[24/05/2001 - 13:59:30 | A | 162304] C:\UNWISE.EXE
[05/10/2010 - 22:27:14 | D ] C:\UsbFix
[05/10/2010 - 22:27:16 | A | 992] C:\UsbFix.txt
[04/10/2010 - 11:50:43 | D ] C:\WINDOWS

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_SN045539320204.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Merci de votre contribution.

################## | E.O.F |

toujours des alertes ?