Roaming\OpenCandy

[jack63]

ComboFix 12-09-16.01 - marine 17/09/2012 18:03:20.1.2 - x64

Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3818.2649 [GMT 2:00]

Lancé depuis: c:\users\marine\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\SysWow64\3cc978e1.exe

.

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_HOSTS Anti-PUPs

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-08-17 au 2012-09-17 ))))))))))))))))))))))))))))))))))))

.

.

2012-09-17 16:15 . 2012-09-17 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-17 13:01 . 2012-09-17 13:01 -------- d-----w- C:\_OTM

2012-09-17 11:56 . 2012-09-17 11:56 -------- d-----w- c:\program files (x86)\SEAF

2012-09-17 11:12 . 2012-09-17 11:12 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-17 11:12 . 2012-09-17 11:12 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-17 06:36 . 2012-09-17 06:36 -------- d-----w- c:\programdata\Sophos

2012-09-17 06:36 . 2012-09-17 06:36 73728 ----a-r- c:\users\marine\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-09-17 06:36 . 2012-09-17 06:36 73728 ----a-r- c:\users\marine\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-09-17 06:36 . 2012-09-17 06:36 73728 ----a-r- c:\users\marine\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-09-17 06:36 . 2012-09-17 06:36 -------- d-----w- c:\program files (x86)\Sophos

2012-09-17 05:56 . 2012-09-17 05:56 -------- d-----w- c:\program files\ma-config.com

2012-09-17 05:56 . 2012-09-17 05:56 -------- d-----w- c:\programdata\ma-config.com

2012-09-16 11:00 . 2012-09-16 11:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-16 11:00 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-16 10:27 . 2012-09-16 10:27 -------- d-----w- c:\programdata\Kaspersky Lab

2012-09-16 08:02 . 2012-09-16 08:02 -------- d-----w- c:\windows\SysWow64\Liste Spéciale

2012-09-16 07:51 . 2012-09-16 08:25 -------- d-----w- c:\program files (x86)\ZHPDiag

2012-09-16 07:34 . 2012-09-16 07:34 -------- d-----w- C:\_OTL

2012-09-15 08:49 . 2012-09-15 08:51 -------- d-----w- c:\users\Administrateur

2012-09-14 11:56 . 2012-09-14 12:13 -------- d-----w- c:\program files (x86)\Unlocker

2012-09-14 09:36 . 2012-09-17 15:11 -------- d-----w- c:\program files (x86)\Steam

2012-09-14 05:41 . 2012-09-14 05:41 -------- d-----w- c:\program files (x86)\Ad-Remover

2012-09-13 12:47 . 2012-09-16 08:32 -------- d-----w- C:\ZHP

2012-09-13 12:45 . 1999-11-12 03:11 183808 ----a-w- c:\windows\SysWow64\BDEADMIN.CPL

2012-09-13 12:45 . 1999-01-20 03:01 210032 ----a-w- c:\windows\SysWow64\DBCLIENT.DLL

2012-09-13 12:45 . 2012-09-13 12:45 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared

2012-09-13 12:44 . 2012-09-14 12:12 -------- d-----w- c:\program files (x86)\ZebHelpProcess

2012-09-13 10:19 . 2012-09-13 10:19 -------- d-----w- c:\program files (x86)\ToniArts

2012-09-13 10:18 . 2004-07-15 22:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll

2012-09-13 10:18 . 2004-07-15 22:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll

2012-09-13 10:18 . 2004-07-15 22:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll

2012-09-13 10:18 . 2004-07-15 22:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll

2012-09-13 10:18 . 2004-07-15 22:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe

2012-09-13 10:18 . 2012-09-13 10:18 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll

2012-09-13 10:18 . 2012-09-13 10:18 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll

2012-09-13 10:08 . 2012-09-13 10:09 -------- d---a-w- C:\Navilog1

2012-09-13 10:08 . 2012-09-13 10:08 -------- d-----w- c:\program files (x86)\Navilog1

2012-09-13 09:31 . 2012-09-16 08:56 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs

2012-09-12 15:39 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 15:39 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 15:39 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 15:39 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 15:39 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 15:39 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 15:39 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-12 11:53 . 2012-09-12 11:53 22 --sha-w- c:\windows\90C7D912BE2316.sys

2012-09-12 11:53 . 2012-09-12 11:53 22 --sha-w- c:\users\marine\AppData\Roaming\Windows1569_SettingsRepository.bin

2012-09-12 11:53 . 2012-09-12 11:53 0 ----a-w- c:\users\marine\AppData\Local\jv16PT_temp.tmp

2012-09-12 11:52 . 2012-09-14 08:28 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2012

2012-09-12 07:58 . 2012-09-14 12:13 -------- d-----w- c:\program files (x86)\TweakNow RegCleaner

2012-09-12 07:58 . 2012-09-14 12:13 -------- d-----w- c:\users\marine\AppData\Roaming\TweakNow RegCleaner

2012-09-11 16:23 . 2012-09-12 05:38 -------- d-----w- c:\program files (x86)\BabasChess

2012-09-10 19:37 . 2012-06-27 08:37 18944 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys

2012-09-10 19:37 . 2012-06-27 08:37 161280 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys

2012-09-10 19:37 . 2012-06-27 08:37 15872 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys

2012-09-10 19:37 . 2012-06-27 08:37 128000 ----a-w- c:\windows\system32\drivers\ss_bserd.sys

2012-09-10 19:37 . 2012-06-27 08:37 15360 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys

2012-09-10 19:37 . 2012-06-27 08:37 127488 ----a-w- c:\windows\system32\drivers\ss_bbus.sys

2012-09-10 18:58 . 2012-09-10 18:58 -------- d-----w- C:\Temp

2012-09-10 18:56 . 2012-09-10 18:56 -------- d-----w- c:\users\marine\AppData\Local\Samsung

2012-09-10 18:56 . 2012-09-10 18:56 -------- d-----w- c:\users\marine\AppData\Roaming\Samsung

2012-09-10 18:50 . 2012-08-28 08:05 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-09-10 18:49 . 2012-09-10 18:49 -------- d-----w- c:\program files (x86)\MarkAny

2012-09-10 18:49 . 2012-08-28 08:04 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-09-10 18:46 . 2012-09-10 18:51 -------- d-----w- c:\program files (x86)\Samsung

2012-09-10 18:46 . 2012-09-10 18:51 -------- d-----w- c:\programdata\Samsung

2012-09-10 18:13 . 2012-09-10 18:28 -------- d-----w- c:\users\marine\AppData\Local\Downloaded Installations

2012-09-10 04:04 . 2010-02-04 08:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll

2012-09-10 04:04 . 2010-02-04 08:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll

2012-09-10 04:04 . 2010-02-04 08:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2012-09-10 04:04 . 2010-02-04 08:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll

2012-09-09 17:12 . 2012-09-09 17:12 -------- d-----w- c:\users\marine\AppData\Local\CRE

2012-09-09 17:10 . 2012-09-13 10:12 -------- d-----w- c:\users\marine\AppData\Roaming\uTorrent

2012-09-03 19:12 . 2012-09-14 12:04 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-09-03 19:06 . 2007-10-02 07:56 444776 ----a-w- c:\windows\SysWow64\d3dx10_36.dll

2012-08-29 11:11 . 2012-09-09 12:25 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-25 12:16 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-08-25 12:16 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-08-19 07:16 . 2012-06-29 00:08 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-17 11:20 . 2012-04-18 15:30 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-17 11:20 . 2011-11-03 13:06 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-17 11:11 . 2012-07-29 07:15 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-17 11:11 . 2012-02-27 08:17 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-12 17:33 . 2012-02-27 08:54 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-07-18 18:15 . 2012-08-18 16:29 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-04 22:16 . 2012-08-18 16:29 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-18 16:30 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-18 16:30 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-18 16:29 41984 ----a-w- c:\windows\SysWow64\browcli.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]

"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2012-09-16 302961]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWinKeys"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 136176]

R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2012-09-02 427976]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2012-06-27 127488]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2012-06-27 18944]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2012-06-27 161280]

R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2012-06-27 128000]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-25 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-11-03 22648]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-11-03 20520]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-11-03 62776]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]

S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-24 9359872]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-24 309760]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]

.

.

Contenu du dossier 'Tâches planifiées'

.

2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 07:23]

.

2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 07:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-28 2723624]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]

"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]

"combofix"="c:\combofix\CF5419.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Examen supplémentaire -------

.

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\marine\AppData\Roaming\Mozilla\Firefox\Profiles\9bl97hux.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHELINS SUPPRIMES - - - -

.

URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)

Toolbar-Locked - (no file)

Toolbar-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file)

Toolbar-Locked - (no file)

AddRemove-3cc978e1 - c:\windows\system32\3cc978e1.exe

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Autres processus actifs ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Launch Manager\LMutilps32.exe

.

**************************************************************************

.

Heure de fin: 2012-09-17 20:14:14 - La machine a redémarré

ComboFix-quarantined-files.txt 2012-09-17 18:14

.

Avant-CF: 232 571 756 544 octets libres

Après-CF: 231 785 316 352 octets libres

.

- - End Of File - - F9506C5449B3C214E082AEE3B57A16D2

[pear]

Ok.

 

mais aucune trace d'Opencandy.

 

Le revoyez vous ?

[jack63]

Nom plus de trace d'OPenCandy

 

merci beaucoup pour votre aide

[pear]

Très bien!

 

Téléchargez TFC par OldTimer sur votre Bureau pour supprimer vos fichiers temporaires

Faites un double clic sur TFC.exe pour le lancer.

Sous Vista, faites un clic droit sur le fichier et choisissez Exécuter en tant qu'Administrateur

L'outil va fermer tous les programmes lors de son exécution, donc vérifiez que vous avez sauvegardé tout votre travail en cours auparavant.

Cliquez sur le bouton Start pour lancer le processus.

Selon la fréquence à laquelle vous supprimez vos fichiers temporaires, cela peut durer de quelques secondes à une minute ou deux.

Laissez le programme s'exécuter sans l'interrompre.

Lorsqu'il aura terminé, l'outil devrait faire redémarrer votre systèmepour parachever le nettoyage..

S'il ne le faisait pas,faites redémarrer manuellement le PC

 

 

Ce logiciel peut désinstaller les outils utilisés pour la désinfection:

Télécharger DelFix de Xplode

Lancez-le.

Cliquez [Recherche]

puis [suppression]

 

Un rapport va s'ouvrir à la fin, à coller dans la réponse

 

Enfin cliquer [Désinstallation]

[jack63]

DelFix[s1].txt

 

Supprimé : C:\Ad-Report-CLEAN[1].txt

Supprimé : C:\Ad-Report-CLEAN[2].txt

Supprimé : C:\Ad-Report-SCAN[1].txt

Supprimé : C:\Ad-Report-SCAN[2].txt

Supprimé : C:\Ad-Report-SCAN[3].txt

Supprimé : C:\Ad-Report-SCAN[4].txt

Supprimé : C:\AdwCleaner[R1].txt

Supprimé : C:\AdwCleaner[R2].txt

Supprimé : C:\AdwCleaner[R3].txt

Supprimé : C:\AdwCleaner[R4].txt

Supprimé : C:\AdwCleaner[R5].txt

Supprimé : C:\AdwCleaner[R6].txt

Supprimé : C:\AdwCleaner[R7].txt

Supprimé : C:\AdwCleaner[s2].txt

Supprimé : C:\AdwCleaner[s3].txt

Supprimé : C:\AdwCleaner[s4].txt

Supprimé : C:\AdwCleaner[s5].txt

Supprimé : C:\AdwCleaner[s6].txt

Supprimé : C:\cleannavi.txt

Supprimé : C:\ComboFix.txt

Supprimé : C:\SeafLog.txt

Supprimé : C:\Users\marine\Desktop\adwcleaner.exe

Supprimé : C:\Users\marine\Desktop\adwcleaner_1.txt

Supprimé : C:\Users\marine\Desktop\adwcleaner_2.txt

Supprimé : C:\Users\marine\Desktop\ComboFix.exe

Supprimé : C:\Users\marine\Desktop\combofix_log.txt

Supprimé : C:\Users\marine\Desktop\OTM.exe

Supprimé : C:\Users\marine\Desktop\SEAF.exe

Supprimé : C:\Users\marine\Desktop\SeafLog.txt

Supprimé : C:\Users\marine\Desktop\TFC.exe

Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk

Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk

Supprimé : C:\Windows\grep.exe

Supprimé : C:\Windows\PEV.exe

Supprimé : C:\Windows\NIRCMD.exe

Supprimé : C:\Windows\MBR.exe

Supprimé : C:\Windows\SED.exe

Supprimé : C:\Windows\SWREG.exe

Supprimé : C:\Windows\SWSC.exe

Supprimé : C:\Windows\SWXCACLS.exe

Supprimé : C:\Windows\Zip.exe

 

~~~~~~ Registre ~~~~~~

 

Clé Supprimée : HKCU\Software\Ad-Remover

Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools

Clé Supprimée : HKLM\SOFTWARE\AdwCleaner

Clé Supprimée : HKLM\SOFTWARE\Swearware

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEAF

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

 

~~~~~~ Autres ~~~~~~

 

-> Prefetch Vidé

 

*************************

 

DelFix[R1].txt - [2911 octets] - [18/09/2012 10:03:00]

DelFix[s1].txt - [2925 octets] - [18/09/2012 10:04:24]

 

########## EOF - C:\DelFix[s1].txt - [3049 octets] ##########