Virus mysecurity shielder
ing.paul
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
je viens de réparer manuellement mon pc qui était infecté par un virus (my security shielder).mais j pense que le virus n'est pas totalement supprimé:le navigateur firefox ne s'ouvre plus malgrés que j l'ai reinstalé.mon antivirus est toujours bloqué (lorsque j l'ouvre un mesage d'erreur s'affiche:"cette opération a été annulée en raison de restrictions en vigeur cet ordinateur .Contacter votre administrateur système
je viens de réparer manuellement mon pc qui était infecté par un virus (my security shielder).mais j pense que le virus n'est pas totalement supprimé:le navigateur firefox ne s'ouvre plus malgrés que j l'ai reinstalé.mon antivirus est toujours bloqué (lorsque j l'ouvre un mesage d'erreur s'affiche:"cette opération a été annulée en raison de restrictions en vigeur cet ordinateur .Contacter votre administrateur système
A voir également:
- Virus mysecurity shielder
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
3 réponses
slt télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
salut. j'ai essayé combofix.mais firefox ne démare pas encore(de meme pour opera)!
ComboFix 10-10-07.01 - hp 07/10/2010 19:02:28.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.447.120 [GMT 1:00]
Lancé depuis: c:\documents and settings\hp\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\hp\Application Data\My Security Shield
c:\documents and settings\hp\Application Data\My Security Shield\cookies.sqlite
c:\documents and settings\hp\Application Data\My Security Shield\Instructions.ini
c:\documents and settings\hp\Application Data\PriceGong
c:\documents and settings\hp\Application Data\PriceGong\Data\1.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\a.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\b.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\c.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\d.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\e.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\f.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\g.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\h.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\i.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\J.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\k.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\l.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\m.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\n.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\o.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\p.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\q.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\r.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\s.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\t.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\u.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\v.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\w.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\x.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\y.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\z.xml
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-07 au 2010-10-07 ))))))))))))))))))))))))))))))))))))
.
2010-10-07 08:26 . 2010-10-07 17:33 -------- d--h--w- c:\windows\$hf_mig$
2010-10-06 21:25 . 2010-10-06 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\211E4
2010-10-06 19:22 . 2010-10-06 19:23 -------- d-----w- c:\documents and settings\hp\Application Data\bearsharemediabartb
2010-10-06 19:20 . 2010-10-06 21:26 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\BearShare
2010-10-06 19:19 . 2010-09-14 13:26 3532970 -c--a-w- c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}\BearShare_V9_fr_Setup.exe
2010-10-06 19:16 . 2010-10-06 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\BearShare
2010-10-06 19:16 . 2010-10-06 19:21 -------- d-----w- c:\program files\BearShare Applications
2010-10-06 19:13 . 2010-10-06 19:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}
2010-10-06 19:08 . 2010-10-06 19:08 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\PackageAware
2010-10-06 19:08 . 2010-07-09 23:02 101888 -c--a-w- c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
2010-10-06 19:08 . 2010-07-09 23:02 438272 -c--a-w- c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}\OFFLINE\mMSI.dll\mMSIExec.dll
2010-10-06 19:08 . 2010-07-09 23:01 508416 -c--a-w- c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}\OFFLINE\mDown.dll\mDownExec.dll
2010-10-06 18:49 . 2010-10-06 18:49 271712 ----a-w- c:\documents and settings\hp\Application Data\IDM\idmmzcc3\components2\idmmzcc.dll
2010-10-06 18:49 . 2010-10-06 18:49 271712 ----a-w- c:\documents and settings\hp\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-10-06 18:48 . 2010-10-06 19:17 -------- d-----w- c:\documents and settings\hp\Application Data\IDM
2010-10-06 18:48 . 2010-10-06 19:29 -------- d-----w- c:\documents and settings\hp\Application Data\DMCache
2010-10-06 18:46 . 2010-10-06 18:47 -------- d-----w- c:\program files\Internet Download Manager
2010-10-04 18:50 . 2010-10-04 18:50 -------- d-----w- c:\documents and settings\NetworkService\Bureau
2010-10-04 18:21 . 2010-10-04 18:21 -------- d-----w- c:\program files\Anti-Hacks 2010 Evaluation
2010-10-04 18:06 . 2010-10-04 18:13 -------- d-----w- c:\windows\system32\NtmsData
2010-10-04 17:52 . 2010-10-04 17:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software
2010-10-04 17:47 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-04 17:47 . 2010-10-04 17:47 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-10-04 17:34 . 2010-10-04 17:35 -------- d-----w- c:\documents and settings\hp\Application Data\MSNInstaller
2010-10-03 16:30 . 2010-10-03 16:30 -------- d-----w- c:\documents and settings\hp\Application Data\SUPERAntiSpyware.com
2010-10-03 16:30 . 2010-10-03 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-02 20:23 . 2010-08-27 14:25 2565448 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-10-01 23:01 . 2010-10-01 23:01 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Ashampoo
2010-10-01 22:57 . 2010-10-01 22:58 -------- d-----w- c:\documents and settings\hp\Application Data\geany
2010-10-01 22:57 . 2010-10-01 22:57 -------- d-----w- c:\program files\Geany
2010-10-01 22:49 . 2010-10-04 17:00 -------- d-----w- c:\program files\Ashampoo
2010-10-01 22:37 . 2010-10-01 22:37 -------- d-----w- c:\program files\VS Revo Group
2010-10-01 20:24 . 2010-10-01 20:24 -------- d-----w- C:\$AVG
2010-10-01 19:59 . 2010-10-01 19:59 -------- d-----w- c:\documents and settings\hp\Application Data\AVG10
2010-10-01 19:55 . 2010-10-01 19:55 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-01 19:54 . 2010-10-06 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-10-01 19:53 . 2010-10-06 17:46 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-01 19:53 . 2010-10-01 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-01 19:51 . 2010-10-01 19:51 -------- d-----w- c:\program files\AVG
2010-10-01 19:48 . 2010-10-01 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-09-30 22:09 . 2010-09-30 22:10 -------- d-----w- c:\program files\Opera
2010-09-30 21:45 . 2010-09-30 21:45 -------- d-----w- c:\program files\Visual CertExam Suite
2010-09-30 20:11 . 2010-09-30 20:12 -------- d-----w- c:\documents and settings\hp\Application Data\Apple Computer
2010-09-30 20:11 . 2010-09-30 20:11 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Apple Computer
2010-09-30 20:10 . 2010-09-30 20:10 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-09-30 20:10 . 2010-09-30 20:10 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Apple
2010-09-30 20:09 . 2010-09-30 20:09 -------- d-----w- c:\program files\Apple Software Update
2010-09-30 20:09 . 2010-09-30 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-29 18:56 . 2010-09-29 18:31 210272 ----a-w- c:\windows\system32\idmmbc.dll
2010-09-27 22:57 . 2010-09-27 22:57 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Threat Expert
2010-09-27 22:42 . 2010-09-27 22:42 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-27 22:42 . 2010-09-27 22:42 -------- d-----w- c:\documents and settings\hp\Application Data\GetRightToGo
2010-09-27 22:42 . 2010-09-27 22:42 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-09-27 22:42 . 2010-09-27 22:42 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-09-27 22:42 . 2010-09-27 22:42 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSWWGVIZS
2010-09-27 22:41 . 2010-09-27 22:41 -------- d-----w- c:\program files\Fichiers communs\xing shared
2010-09-27 21:47 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport(2)(2).dll
2010-09-27 21:28 . 2010-09-30 20:06 -------- d-----w- C:\## aswSnx private storage
2010-09-26 22:48 . 2010-09-30 18:12 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2010-09-26 11:58 . 2010-09-26 11:58 -------- d-----w- c:\documents and settings\hp\Application Data\FMZilla
2010-09-26 11:57 . 2010-09-26 11:59 12343104 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_61FE101ACAF84C309769238197103D16\p1v1_AFIRegistryReviver_w.exe
2010-09-26 11:57 . 2010-09-26 11:57 349296 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_61FE101ACAF84C309769238197103D16\DLMgr_3_1.6.87.exe
2010-09-25 21:36 . 2010-09-25 21:36 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-09-25 21:36 . 2010-09-25 21:36 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-09-25 21:36 . 2010-09-25 21:36 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-09-25 21:36 . 2010-09-25 21:36 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-09-25 21:36 . 2010-09-25 21:36 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-09-25 21:36 . 2010-09-25 21:36 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-09-25 21:36 . 2010-09-25 21:36 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-09-25 21:36 . 2010-09-25 21:36 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-09-25 16:24 . 2010-09-25 17:56 -------- d-----w- C:\My E-Books
2010-09-25 16:24 . 2010-09-25 18:45 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Martview
2010-09-25 16:24 . 2010-09-25 16:24 -------- d-----w- c:\program files\MartView
2010-09-24 21:53 . 2010-09-25 06:52 -------- d-----w- c:\documents and settings\hp\.netbeans-derby
2010-09-24 21:51 . 2010-09-24 21:51 -------- d-----w- c:\documents and settings\hp\.netbeans
2010-09-24 21:30 . 2010-09-24 21:30 -------- d-----w- c:\documents and settings\hp\.netbeans-registration
2010-09-24 21:22 . 2010-10-04 17:04 -------- d-----w- c:\program files\NetBeans 6.0.1
2010-09-24 21:15 . 2010-09-24 21:15 -------- d-----w- c:\program files\Sun
2010-09-24 18:16 . 2010-09-26 12:12 -------- d-----w- c:\documents and settings\hp\Application Data\vlc
2010-09-24 18:15 . 2010-09-24 18:15 -------- d-----w- c:\program files\VideoLAN
2010-09-23 18:56 . 2010-09-07 14:54 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-09-23 18:55 . 2010-09-07 14:53 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-09-22 22:03 . 2008-03-20 10:55 126976 ----a-w- c:\documents and settings\hp\Application Data\GRETECH\GomEncoder\GrLauncher.exe
2010-09-22 21:51 . 2010-09-22 22:55 -------- d-----w- c:\program files\Thomas Wright Consulting
2010-09-22 21:32 . 2010-09-22 22:57 -------- d-----w- C:\soft24s
2010-09-22 21:32 . 2010-09-22 21:32 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Downloaded Installations
2010-09-22 21:11 . 2010-09-22 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2010-09-22 21:10 . 2010-09-22 21:10 -------- d-----w- c:\program files\CoreAAC
2010-09-22 21:05 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\hp\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2010-09-22 17:46 . 2010-10-04 17:05 -------- d-----w- c:\documents and settings\hp\.nbi
2010-09-20 19:38 . 2010-09-25 21:28 497160 ----a-w- c:\documents and settings\hp\Application Data\Real\RealPlayer\setup\AU_setup20100730.exe
2010-09-19 18:43 . 2010-09-19 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft
2010-09-19 18:31 . 2010-09-19 18:31 -------- d-----w- c:\documents and settings\hp\Application Data\ProgSense
2010-09-19 18:31 . 2010-09-19 18:31 -------- d-----w- C:\downloads
2010-09-19 18:31 . 2010-09-19 18:31 -------- d-----w- c:\documents and settings\hp\Application Data\GrabPro
2010-09-19 18:31 . 2010-09-19 18:40 12343104 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_139678F73D6B4025A33838ED613D4DEC\p1v1_AFIRegistryReviver_w.exe
2010-09-19 18:31 . 2010-09-27 22:42 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\OpenCandy
2010-09-19 18:31 . 2010-09-27 22:41 -------- d-----w- c:\documents and settings\hp\Application Data\OpenCandy
2010-09-19 18:31 . 2010-09-19 18:31 349296 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_139678F73D6B4025A33838ED613D4DEC\DLMgr_3_1.6.87.exe
2010-09-19 18:30 . 2010-09-20 19:20 -------- d-----w- c:\documents and settings\hp\Application Data\Orbit
2010-09-19 10:21 . 2010-09-19 10:21 -------- d-----w- c:\documents and settings\hp\Application Data\FireShot
2010-09-18 18:18 . 2010-09-18 18:18 -------- d-sh--w- c:\documents and settings\All Users\Application Data\System Restore
2010-09-17 21:08 . 2010-09-25 21:36 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-09-17 21:06 . 2010-09-27 22:41 -------- d-----w- c:\program files\Fichiers communs\Real
2010-09-17 21:06 . 2010-09-27 22:41 -------- d-----w- c:\program files\Real
2010-09-17 20:44 . 2010-09-17 20:44 -------- d-----w- c:\program files\Fichiers communs\Java
2010-09-17 20:42 . 2010-09-25 20:41 -------- d-----w- c:\program files\Java
2010-09-17 20:15 . 2010-09-17 20:15 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-17 17:50 . 2010-09-17 17:50 28672 ----a-w- c:\windows\system32\maplec.dll
2010-09-17 17:49 . 2010-09-17 17:50 -------- d-----w- c:\program files\Maple 9
2010-09-17 17:27 . 2010-09-23 16:18 -------- d-----w- c:\documents and settings\hp\.deploytool
2010-09-17 17:14 . 2010-09-17 17:14 -------- d-----w- C:\Sun
2010-09-16 21:15 . 2010-09-16 21:15 -------- d-----w- c:\windows\Sun
2010-09-16 19:01 . 2010-09-16 19:01 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Yahoo
2010-09-16 19:00 . 2010-09-26 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-09-16 12:36 . 2010-09-16 12:36 503808 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f755508-n\msvcp71.dll
2010-09-16 12:36 . 2010-09-16 12:36 499712 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f755508-n\jmc.dll
2010-09-16 12:36 . 2010-09-16 12:36 348160 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f755508-n\msvcr71.dll
2010-09-16 12:36 . 2010-09-16 12:36 12800 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7242868d-n\decora-d3d.dll
2010-09-16 12:36 . 2010-09-16 12:36 61440 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7242868d-n\decora-sse.dll
2010-09-15 21:10 . 2010-10-04 17:47 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-09-15 21:10 . 2010-09-15 21:10 -------- d-----w- c:\documents and settings\hp\Application Data\TuneUp Software
2010-09-15 21:10 . 2010-09-17 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-09-15 21:10 . 2010-10-04 17:47 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-09-15 21:09 . 2010-09-15 21:09 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 18:13 . 2010-09-06 11:51 -------- d-----w- c:\program files\SuperCopier2
2010-10-07 17:35 . 2010-09-06 12:34 85072 ----a-w- c:\documents and settings\hp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-10-07 06:39 . 2010-09-06 12:31 -------- d-----w- c:\documents and settings\hp\Application Data\Skype
2010-10-04 17:23 . 2010-09-06 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-30 22:45 . 2010-09-06 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-27 07:33 . 2010-09-06 12:28 -------- d-----w- c:\documents and settings\hp\Application Data\AIMP
2010-09-22 22:55 . 2010-09-06 12:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-09-22 21:51 . 2010-09-06 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-22 21:10 . 2010-09-06 12:28 -------- d-----w- c:\program files\GRETECH
2010-09-20 22:57 . 2010-06-23 02:47 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-09-16 18:47 . 2010-09-15 19:57 -------- d-----w- c:\documents and settings\hp\Application Data\LimeWire
2010-09-14 21:22 . 2001-09-28 12:00 49734 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-14 21:22 . 2001-09-28 12:00 370832 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-10 09:59 . 2010-09-09 19:50 -------- d-----w- c:\program files\Canon
2010-09-07 02:49 . 2010-09-07 02:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 02:48 . 2010-09-07 02:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-06 12:30 . 2010-09-06 12:30 -------- d-----w- c:\program files\Skype
2010-09-06 12:30 . 2010-09-06 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-09-06 12:30 . 2010-09-06 12:30 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-09-06 12:27 . 2010-09-06 12:27 -------- d-----w- c:\program files\AIMP2
2010-09-06 12:26 . 2010-09-06 12:26 -------- d-----w- c:\program files\microsoft frontpage
2010-09-06 12:24 . 2010-09-06 12:24 -------- d-----w- c:\program files\Services en ligne
2010-09-06 12:23 . 2010-09-06 12:22 -------- d-----w- c:\program files\Ahead
2010-09-06 12:23 . 2010-09-06 12:23 -------- d-----w- c:\program files\Fichiers communs\Ahead
2010-09-06 12:22 . 2010-09-06 12:22 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-06 12:20 . 2010-09-06 12:20 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-09-06 12:18 . 2010-09-06 12:18 -------- d-----w- c:\program files\SigmaTel
2010-09-06 12:16 . 2010-09-06 12:16 -------- d-----w- c:\program files\Alwil Software
2010-09-06 12:13 . 2010-09-06 12:13 -------- d-----w- c:\documents and settings\hp\Application Data\Creative
2010-09-06 12:08 . 2010-09-06 12:08 -------- d-----w- c:\program files\Realtek
2010-09-06 12:00 . 2010-09-06 12:00 -------- d-----w- c:\program files\ATI Technologies
2010-09-06 11:59 . 2010-09-06 12:25 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-06 11:54 . 2010-09-06 11:54 -------- d-----w- c:\program files\ma-config.com
2010-09-06 11:54 . 2010-09-06 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-09-06 11:51 . 2010-09-06 11:51 0 ----a-w- c:\windows\nsreg.dat
2010-09-06 11:51 . 2010-09-06 11:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-31 11:11 . 2010-08-31 11:11 3401880 ----a-w- c:\documents and settings\hp\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 10:55 . 2010-08-31 10:55 275096 ----a-w- c:\documents and settings\hp\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 10:39 . 2010-08-31 10:39 3734536 ----a-w- c:\documents and settings\hp\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-20 23:16 . 2010-08-20 23:16 12284672 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_61FE101ACAF84C309769238197103D16\AFIRegistryReviverSetup.exe
2010-08-20 23:16 . 2010-08-20 23:16 12284672 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_139678F73D6B4025A33838ED613D4DEC\AFIRegistryReviverSetup.exe
2010-08-19 20:42 . 2010-08-19 20:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 20:42 . 2010-08-19 20:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 20:42 . 2010-08-19 20:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-09-14 12:52 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-08-27 14:25 2565448 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2003-06-20 49152]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-08-26 1779512]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"Google Update"="c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-09 136176]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3245408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\READREG" [X]
"AsioReg"="CTASIO.DLL" [2003-11-13 126976]
"CTHelper"="CTHELPER.EXE" [2003-11-13 24576]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2010-9-8 1560576]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ralink\\Common\\ApUI.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Sun\\AppServer\\jdk\\bin\\java.exe"=
"c:\\Program Files\\Maple 9\\bin.win\\mserver.exe"=
"c:\\Program Files\\Maple 9\\jre\\bin\\java.exe"=
"c:\\Sun\\AppServer\\jdk\\jre\\bin\\java.exe"=
"c:\\Sun\\AppServer\\lib\\appserv.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.7.0\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.7.0\\jre\\bin\\java.exe"=
"c:\\Program Files\\MartView\\IeEmbed.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Documents and Settings\\hp\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2140:UDP"= 2140:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"2141:UDP"= 2141:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"2142:UDP"= 2142:UDP:Windows Media Format SDK (IEXPLORE.EXE)
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [23/09/2010 19:55 190416]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 26064]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [23/09/2010 19:56 99792]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 298448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [03/09/2010 10:35 6104144]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/09/2010 01:45 265400]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [07/09/2010 23:24 19072]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 26192]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\hp\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\hp\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\hp\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\hp\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/09/2010 18:41 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [01/10/2010 20:54 488776]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [13/08/2010 13:43 259440]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-11 17:41]
2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-11 17:41]
2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-682003330-725345543-1003Core.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-09 20:05]
2010-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-682003330-725345543-1003UA.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-09 20:05]
2010-10-07 c:\windows\Tasks\Maintenance automatique.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:00]
2010-10-07 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:00]
2010-10-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-682003330-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-10-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-682003330-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.bearshare.com/
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\hp\LOCALS~1\Temp\mc25.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(428)
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Heure de fin: 2010-10-07 19:21:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-07 18:21
Avant-CF: 59 908 214 784 octets libres
Après-CF: 59 917 533 184 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
- - End Of File - - FB39D73287E3A961F51BAC098ED602B6
ComboFix 10-10-07.01 - hp 07/10/2010 19:02:28.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.447.120 [GMT 1:00]
Lancé depuis: c:\documents and settings\hp\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\hp\Application Data\My Security Shield
c:\documents and settings\hp\Application Data\My Security Shield\cookies.sqlite
c:\documents and settings\hp\Application Data\My Security Shield\Instructions.ini
c:\documents and settings\hp\Application Data\PriceGong
c:\documents and settings\hp\Application Data\PriceGong\Data\1.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\a.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\b.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\c.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\d.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\e.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\f.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\g.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\h.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\i.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\J.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\k.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\l.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\m.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\n.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\o.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\p.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\q.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\r.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\s.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\t.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\u.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\v.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\w.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\x.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\y.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\z.xml
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-07 au 2010-10-07 ))))))))))))))))))))))))))))))))))))
.
2010-10-07 08:26 . 2010-10-07 17:33 -------- d--h--w- c:\windows\$hf_mig$
2010-10-06 21:25 . 2010-10-06 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\211E4
2010-10-06 19:22 . 2010-10-06 19:23 -------- d-----w- c:\documents and settings\hp\Application Data\bearsharemediabartb
2010-10-06 19:20 . 2010-10-06 21:26 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\BearShare
2010-10-06 19:19 . 2010-09-14 13:26 3532970 -c--a-w- c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}\BearShare_V9_fr_Setup.exe
2010-10-06 19:16 . 2010-10-06 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\BearShare
2010-10-06 19:16 . 2010-10-06 19:21 -------- d-----w- c:\program files\BearShare Applications
2010-10-06 19:13 . 2010-10-06 19:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}
2010-10-06 19:08 . 2010-10-06 19:08 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\PackageAware
2010-10-06 19:08 . 2010-07-09 23:02 101888 -c--a-w- c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
2010-10-06 19:08 . 2010-07-09 23:02 438272 -c--a-w- c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}\OFFLINE\mMSI.dll\mMSIExec.dll
2010-10-06 19:08 . 2010-07-09 23:01 508416 -c--a-w- c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}\OFFLINE\mDown.dll\mDownExec.dll
2010-10-06 18:49 . 2010-10-06 18:49 271712 ----a-w- c:\documents and settings\hp\Application Data\IDM\idmmzcc3\components2\idmmzcc.dll
2010-10-06 18:49 . 2010-10-06 18:49 271712 ----a-w- c:\documents and settings\hp\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-10-06 18:48 . 2010-10-06 19:17 -------- d-----w- c:\documents and settings\hp\Application Data\IDM
2010-10-06 18:48 . 2010-10-06 19:29 -------- d-----w- c:\documents and settings\hp\Application Data\DMCache
2010-10-06 18:46 . 2010-10-06 18:47 -------- d-----w- c:\program files\Internet Download Manager
2010-10-04 18:50 . 2010-10-04 18:50 -------- d-----w- c:\documents and settings\NetworkService\Bureau
2010-10-04 18:21 . 2010-10-04 18:21 -------- d-----w- c:\program files\Anti-Hacks 2010 Evaluation
2010-10-04 18:06 . 2010-10-04 18:13 -------- d-----w- c:\windows\system32\NtmsData
2010-10-04 17:52 . 2010-10-04 17:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software
2010-10-04 17:47 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-04 17:47 . 2010-10-04 17:47 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-10-04 17:34 . 2010-10-04 17:35 -------- d-----w- c:\documents and settings\hp\Application Data\MSNInstaller
2010-10-03 16:30 . 2010-10-03 16:30 -------- d-----w- c:\documents and settings\hp\Application Data\SUPERAntiSpyware.com
2010-10-03 16:30 . 2010-10-03 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-02 20:23 . 2010-08-27 14:25 2565448 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-10-01 23:01 . 2010-10-01 23:01 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Ashampoo
2010-10-01 22:57 . 2010-10-01 22:58 -------- d-----w- c:\documents and settings\hp\Application Data\geany
2010-10-01 22:57 . 2010-10-01 22:57 -------- d-----w- c:\program files\Geany
2010-10-01 22:49 . 2010-10-04 17:00 -------- d-----w- c:\program files\Ashampoo
2010-10-01 22:37 . 2010-10-01 22:37 -------- d-----w- c:\program files\VS Revo Group
2010-10-01 20:24 . 2010-10-01 20:24 -------- d-----w- C:\$AVG
2010-10-01 19:59 . 2010-10-01 19:59 -------- d-----w- c:\documents and settings\hp\Application Data\AVG10
2010-10-01 19:55 . 2010-10-01 19:55 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-01 19:54 . 2010-10-06 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-10-01 19:53 . 2010-10-06 17:46 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-01 19:53 . 2010-10-01 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-01 19:51 . 2010-10-01 19:51 -------- d-----w- c:\program files\AVG
2010-10-01 19:48 . 2010-10-01 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-09-30 22:09 . 2010-09-30 22:10 -------- d-----w- c:\program files\Opera
2010-09-30 21:45 . 2010-09-30 21:45 -------- d-----w- c:\program files\Visual CertExam Suite
2010-09-30 20:11 . 2010-09-30 20:12 -------- d-----w- c:\documents and settings\hp\Application Data\Apple Computer
2010-09-30 20:11 . 2010-09-30 20:11 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Apple Computer
2010-09-30 20:10 . 2010-09-30 20:10 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-09-30 20:10 . 2010-09-30 20:10 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Apple
2010-09-30 20:09 . 2010-09-30 20:09 -------- d-----w- c:\program files\Apple Software Update
2010-09-30 20:09 . 2010-09-30 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-29 18:56 . 2010-09-29 18:31 210272 ----a-w- c:\windows\system32\idmmbc.dll
2010-09-27 22:57 . 2010-09-27 22:57 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Threat Expert
2010-09-27 22:42 . 2010-09-27 22:42 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-27 22:42 . 2010-09-27 22:42 -------- d-----w- c:\documents and settings\hp\Application Data\GetRightToGo
2010-09-27 22:42 . 2010-09-27 22:42 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-09-27 22:42 . 2010-09-27 22:42 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-09-27 22:42 . 2010-09-27 22:42 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSWWGVIZS
2010-09-27 22:41 . 2010-09-27 22:41 -------- d-----w- c:\program files\Fichiers communs\xing shared
2010-09-27 21:47 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport(2)(2).dll
2010-09-27 21:28 . 2010-09-30 20:06 -------- d-----w- C:\## aswSnx private storage
2010-09-26 22:48 . 2010-09-30 18:12 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2010-09-26 11:58 . 2010-09-26 11:58 -------- d-----w- c:\documents and settings\hp\Application Data\FMZilla
2010-09-26 11:57 . 2010-09-26 11:59 12343104 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_61FE101ACAF84C309769238197103D16\p1v1_AFIRegistryReviver_w.exe
2010-09-26 11:57 . 2010-09-26 11:57 349296 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_61FE101ACAF84C309769238197103D16\DLMgr_3_1.6.87.exe
2010-09-25 21:36 . 2010-09-25 21:36 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-09-25 21:36 . 2010-09-25 21:36 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-09-25 21:36 . 2010-09-25 21:36 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-09-25 21:36 . 2010-09-25 21:36 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-09-25 21:36 . 2010-09-25 21:36 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-09-25 21:36 . 2010-09-25 21:36 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-09-25 21:36 . 2010-09-25 21:36 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-09-25 21:36 . 2010-09-25 21:36 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-09-25 16:24 . 2010-09-25 17:56 -------- d-----w- C:\My E-Books
2010-09-25 16:24 . 2010-09-25 18:45 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Martview
2010-09-25 16:24 . 2010-09-25 16:24 -------- d-----w- c:\program files\MartView
2010-09-24 21:53 . 2010-09-25 06:52 -------- d-----w- c:\documents and settings\hp\.netbeans-derby
2010-09-24 21:51 . 2010-09-24 21:51 -------- d-----w- c:\documents and settings\hp\.netbeans
2010-09-24 21:30 . 2010-09-24 21:30 -------- d-----w- c:\documents and settings\hp\.netbeans-registration
2010-09-24 21:22 . 2010-10-04 17:04 -------- d-----w- c:\program files\NetBeans 6.0.1
2010-09-24 21:15 . 2010-09-24 21:15 -------- d-----w- c:\program files\Sun
2010-09-24 18:16 . 2010-09-26 12:12 -------- d-----w- c:\documents and settings\hp\Application Data\vlc
2010-09-24 18:15 . 2010-09-24 18:15 -------- d-----w- c:\program files\VideoLAN
2010-09-23 18:56 . 2010-09-07 14:54 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-09-23 18:55 . 2010-09-07 14:53 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-09-22 22:03 . 2008-03-20 10:55 126976 ----a-w- c:\documents and settings\hp\Application Data\GRETECH\GomEncoder\GrLauncher.exe
2010-09-22 21:51 . 2010-09-22 22:55 -------- d-----w- c:\program files\Thomas Wright Consulting
2010-09-22 21:32 . 2010-09-22 22:57 -------- d-----w- C:\soft24s
2010-09-22 21:32 . 2010-09-22 21:32 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Downloaded Installations
2010-09-22 21:11 . 2010-09-22 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2010-09-22 21:10 . 2010-09-22 21:10 -------- d-----w- c:\program files\CoreAAC
2010-09-22 21:05 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\hp\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2010-09-22 17:46 . 2010-10-04 17:05 -------- d-----w- c:\documents and settings\hp\.nbi
2010-09-20 19:38 . 2010-09-25 21:28 497160 ----a-w- c:\documents and settings\hp\Application Data\Real\RealPlayer\setup\AU_setup20100730.exe
2010-09-19 18:43 . 2010-09-19 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft
2010-09-19 18:31 . 2010-09-19 18:31 -------- d-----w- c:\documents and settings\hp\Application Data\ProgSense
2010-09-19 18:31 . 2010-09-19 18:31 -------- d-----w- C:\downloads
2010-09-19 18:31 . 2010-09-19 18:31 -------- d-----w- c:\documents and settings\hp\Application Data\GrabPro
2010-09-19 18:31 . 2010-09-19 18:40 12343104 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_139678F73D6B4025A33838ED613D4DEC\p1v1_AFIRegistryReviver_w.exe
2010-09-19 18:31 . 2010-09-27 22:42 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\OpenCandy
2010-09-19 18:31 . 2010-09-27 22:41 -------- d-----w- c:\documents and settings\hp\Application Data\OpenCandy
2010-09-19 18:31 . 2010-09-19 18:31 349296 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_139678F73D6B4025A33838ED613D4DEC\DLMgr_3_1.6.87.exe
2010-09-19 18:30 . 2010-09-20 19:20 -------- d-----w- c:\documents and settings\hp\Application Data\Orbit
2010-09-19 10:21 . 2010-09-19 10:21 -------- d-----w- c:\documents and settings\hp\Application Data\FireShot
2010-09-18 18:18 . 2010-09-18 18:18 -------- d-sh--w- c:\documents and settings\All Users\Application Data\System Restore
2010-09-17 21:08 . 2010-09-25 21:36 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-09-17 21:06 . 2010-09-27 22:41 -------- d-----w- c:\program files\Fichiers communs\Real
2010-09-17 21:06 . 2010-09-27 22:41 -------- d-----w- c:\program files\Real
2010-09-17 20:44 . 2010-09-17 20:44 -------- d-----w- c:\program files\Fichiers communs\Java
2010-09-17 20:42 . 2010-09-25 20:41 -------- d-----w- c:\program files\Java
2010-09-17 20:15 . 2010-09-17 20:15 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-17 17:50 . 2010-09-17 17:50 28672 ----a-w- c:\windows\system32\maplec.dll
2010-09-17 17:49 . 2010-09-17 17:50 -------- d-----w- c:\program files\Maple 9
2010-09-17 17:27 . 2010-09-23 16:18 -------- d-----w- c:\documents and settings\hp\.deploytool
2010-09-17 17:14 . 2010-09-17 17:14 -------- d-----w- C:\Sun
2010-09-16 21:15 . 2010-09-16 21:15 -------- d-----w- c:\windows\Sun
2010-09-16 19:01 . 2010-09-16 19:01 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Yahoo
2010-09-16 19:00 . 2010-09-26 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-09-16 12:36 . 2010-09-16 12:36 503808 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f755508-n\msvcp71.dll
2010-09-16 12:36 . 2010-09-16 12:36 499712 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f755508-n\jmc.dll
2010-09-16 12:36 . 2010-09-16 12:36 348160 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f755508-n\msvcr71.dll
2010-09-16 12:36 . 2010-09-16 12:36 12800 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7242868d-n\decora-d3d.dll
2010-09-16 12:36 . 2010-09-16 12:36 61440 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7242868d-n\decora-sse.dll
2010-09-15 21:10 . 2010-10-04 17:47 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-09-15 21:10 . 2010-09-15 21:10 -------- d-----w- c:\documents and settings\hp\Application Data\TuneUp Software
2010-09-15 21:10 . 2010-09-17 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-09-15 21:10 . 2010-10-04 17:47 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-09-15 21:09 . 2010-09-15 21:09 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 18:13 . 2010-09-06 11:51 -------- d-----w- c:\program files\SuperCopier2
2010-10-07 17:35 . 2010-09-06 12:34 85072 ----a-w- c:\documents and settings\hp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-10-07 06:39 . 2010-09-06 12:31 -------- d-----w- c:\documents and settings\hp\Application Data\Skype
2010-10-04 17:23 . 2010-09-06 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-30 22:45 . 2010-09-06 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-27 07:33 . 2010-09-06 12:28 -------- d-----w- c:\documents and settings\hp\Application Data\AIMP
2010-09-22 22:55 . 2010-09-06 12:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-09-22 21:51 . 2010-09-06 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-22 21:10 . 2010-09-06 12:28 -------- d-----w- c:\program files\GRETECH
2010-09-20 22:57 . 2010-06-23 02:47 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-09-16 18:47 . 2010-09-15 19:57 -------- d-----w- c:\documents and settings\hp\Application Data\LimeWire
2010-09-14 21:22 . 2001-09-28 12:00 49734 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-14 21:22 . 2001-09-28 12:00 370832 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-10 09:59 . 2010-09-09 19:50 -------- d-----w- c:\program files\Canon
2010-09-07 02:49 . 2010-09-07 02:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 02:48 . 2010-09-07 02:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-06 12:30 . 2010-09-06 12:30 -------- d-----w- c:\program files\Skype
2010-09-06 12:30 . 2010-09-06 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-09-06 12:30 . 2010-09-06 12:30 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-09-06 12:27 . 2010-09-06 12:27 -------- d-----w- c:\program files\AIMP2
2010-09-06 12:26 . 2010-09-06 12:26 -------- d-----w- c:\program files\microsoft frontpage
2010-09-06 12:24 . 2010-09-06 12:24 -------- d-----w- c:\program files\Services en ligne
2010-09-06 12:23 . 2010-09-06 12:22 -------- d-----w- c:\program files\Ahead
2010-09-06 12:23 . 2010-09-06 12:23 -------- d-----w- c:\program files\Fichiers communs\Ahead
2010-09-06 12:22 . 2010-09-06 12:22 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-06 12:20 . 2010-09-06 12:20 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-09-06 12:18 . 2010-09-06 12:18 -------- d-----w- c:\program files\SigmaTel
2010-09-06 12:16 . 2010-09-06 12:16 -------- d-----w- c:\program files\Alwil Software
2010-09-06 12:13 . 2010-09-06 12:13 -------- d-----w- c:\documents and settings\hp\Application Data\Creative
2010-09-06 12:08 . 2010-09-06 12:08 -------- d-----w- c:\program files\Realtek
2010-09-06 12:00 . 2010-09-06 12:00 -------- d-----w- c:\program files\ATI Technologies
2010-09-06 11:59 . 2010-09-06 12:25 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-06 11:54 . 2010-09-06 11:54 -------- d-----w- c:\program files\ma-config.com
2010-09-06 11:54 . 2010-09-06 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-09-06 11:51 . 2010-09-06 11:51 0 ----a-w- c:\windows\nsreg.dat
2010-09-06 11:51 . 2010-09-06 11:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-31 11:11 . 2010-08-31 11:11 3401880 ----a-w- c:\documents and settings\hp\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 10:55 . 2010-08-31 10:55 275096 ----a-w- c:\documents and settings\hp\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 10:39 . 2010-08-31 10:39 3734536 ----a-w- c:\documents and settings\hp\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-20 23:16 . 2010-08-20 23:16 12284672 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_61FE101ACAF84C309769238197103D16\AFIRegistryReviverSetup.exe
2010-08-20 23:16 . 2010-08-20 23:16 12284672 ----a-w- c:\documents and settings\hp\Application Data\OpenCandy\OpenCandy_139678F73D6B4025A33838ED613D4DEC\AFIRegistryReviverSetup.exe
2010-08-19 20:42 . 2010-08-19 20:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 20:42 . 2010-08-19 20:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 20:42 . 2010-08-19 20:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-09-14 12:52 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-08-27 14:25 2565448 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2003-06-20 49152]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-08-26 1779512]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"Google Update"="c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-09 136176]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3245408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\READREG" [X]
"AsioReg"="CTASIO.DLL" [2003-11-13 126976]
"CTHelper"="CTHELPER.EXE" [2003-11-13 24576]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2010-9-8 1560576]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ralink\\Common\\ApUI.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Sun\\AppServer\\jdk\\bin\\java.exe"=
"c:\\Program Files\\Maple 9\\bin.win\\mserver.exe"=
"c:\\Program Files\\Maple 9\\jre\\bin\\java.exe"=
"c:\\Sun\\AppServer\\jdk\\jre\\bin\\java.exe"=
"c:\\Sun\\AppServer\\lib\\appserv.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.7.0\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.7.0\\jre\\bin\\java.exe"=
"c:\\Program Files\\MartView\\IeEmbed.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Documents and Settings\\hp\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2140:UDP"= 2140:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"2141:UDP"= 2141:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"2142:UDP"= 2142:UDP:Windows Media Format SDK (IEXPLORE.EXE)
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [23/09/2010 19:55 190416]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 26064]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [23/09/2010 19:56 99792]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 298448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [03/09/2010 10:35 6104144]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/09/2010 01:45 265400]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [07/09/2010 23:24 19072]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 26192]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\hp\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\hp\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\hp\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\hp\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/09/2010 18:41 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [01/10/2010 20:54 488776]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [13/08/2010 13:43 259440]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-11 17:41]
2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-11 17:41]
2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-682003330-725345543-1003Core.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-09 20:05]
2010-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-682003330-725345543-1003UA.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-09 20:05]
2010-10-07 c:\windows\Tasks\Maintenance automatique.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:00]
2010-10-07 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:00]
2010-10-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-682003330-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-10-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-682003330-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.bearshare.com/
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\hp\LOCALS~1\Temp\mc25.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(428)
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Heure de fin: 2010-10-07 19:21:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-07 18:21
Avant-CF: 59 908 214 784 octets libres
Après-CF: 59 917 533 184 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
- - End Of File - - FB39D73287E3A961F51BAC098ED602B6
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Driver::
esgiguard
File::
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys
c:\progra~1\BEARSH~1
c:\documents and settings\hp\Application Data\bearsharemediabartb
c:\documents and settings\hp\Local Settings\Application Data\BearShare
c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}\BearShare_V9_fr_Setup.exe
c:\documents and settings\All Users\Application Data\BearShare
c:\program files\BearShare Applications
c:\windows\system32\wbem\Repository
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Driver::
esgiguard
File::
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys
c:\progra~1\BEARSH~1
c:\documents and settings\hp\Application Data\bearsharemediabartb
c:\documents and settings\hp\Local Settings\Application Data\BearShare
c:\documents and settings\All Users\Application Data\{DC8963D0-F3FA-4620-B4B1-CA715F2D1956}\BearShare_V9_fr_Setup.exe
c:\documents and settings\All Users\Application Data\BearShare
c:\program files\BearShare Applications
c:\windows\system32\wbem\Repository
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
