ComboFix 15-10-21.01 - mumu 21/10/2015 18:37:10.1.2 - x86 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.2814.1947 [GMT 2:00] Lancé depuis: c:\users\mumu\Desktop\ComboFix.exe AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . [i] ADS - Windows: deleted 192 bytes in 1 streams. [/i] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\ma-config.com c:\program files\ma-config.com\config.xml c:\program files\ma-config.com\CPUID\cpuidsdk.dll c:\program files\ma-config.com\Drivers\ma-config.inf c:\program files\ma-config.com\Drivers\ma-config_amd64.cat c:\program files\ma-config.com\Drivers\ma-config_amd64.sys c:\program files\ma-config.com\Drivers\ma-config_x86.cat c:\program files\ma-config.com\Drivers\ma-config_x86.sys c:\program files\ma-config.com\Langues\LangueMC.ar.resx c:\program files\ma-config.com\Langues\LangueMC.de.resx c:\program files\ma-config.com\Langues\LangueMC.en.resx c:\program files\ma-config.com\Langues\LangueMC.es.resx c:\program files\ma-config.com\Langues\LangueMC.fr.resx c:\program files\ma-config.com\Langues\LangueMC.pt.resx c:\program files\ma-config.com\Langues\LangueMC.ru.resx c:\program files\ma-config.com\ma-config.html c:\program files\ma-config.com\MaConfigAgent.exe c:\program files\ma-config.com\MCBCL.dll c:\program files\ma-config.com\MCDetection.exe c:\program files\ma-config.com\MCNoyau.dll c:\program files\ma-config.com\MCrypt.dll c:\program files\ma-config.com\MCSettings.exe c:\program files\ma-config.com\MCStubUser.exe c:\program files\ma-config.com\sqlite3.dll c:\programdata\ma-config.com c:\programdata\ma-config.com\Logs\activex.txt c:\programdata\ma-config.com\Logs\maconfservice.txt c:\programdata\ma-config.com\Logs\mcdetection.txt c:\programdata\ma-config.com\Logs\mcstubuser.txt c:\programdata\ma-config.com\Logs\websocketpp.log c:\programdata\ma-config.com\mcbase.db c:\programdata\ma-config.com\server.pem c:\users\mumu\AppData\Local\Tempdivxb463.exe c:\windows\msdownld.tmp c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF -------\Service_ma-config_x86 -------\Service_MaConfigAgent -------\Service_ma-config_x86 -------\Service_MaConfigAgent . . ((((((((((((((((((((((((((((( Fichiers créés du 2015-09-21 au 2015-10-21 )))))))))))))))))))))))))))))))))))) . . 2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe 2015-10-21 16:47 . 2015-10-21 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-10-20 17:11 . 2015-10-20 17:12 -------- d-----w- c:\program files\ZHPFix 2015-10-19 16:29 . 2015-10-20 17:13 -------- d-----w- c:\users\mumu\AppData\Roaming\ZHP 2015-10-15 07:05 . 2015-09-18 17:47 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-10-15 07:05 . 2015-09-18 17:44 587776 ----a-w- c:\windows\system32\invagent.dll 2015-10-15 07:05 . 2015-09-18 17:44 615936 ----a-w- c:\windows\system32\generaltel.dll 2015-10-15 07:05 . 2015-09-18 17:44 423936 ----a-w- c:\windows\system32\devinv.dll 2015-10-15 07:05 . 2015-09-18 17:44 1120768 ----a-w- c:\windows\system32\appraiser.dll 2015-10-15 07:05 . 2015-09-18 17:44 62976 ----a-w- c:\windows\system32\acmigration.dll 2015-10-15 07:05 . 2015-09-18 17:35 999936 ----a-w- c:\windows\system32\aeinv.dll 2015-10-14 06:52 . 2015-09-01 17:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll 2015-10-14 06:52 . 2015-09-01 17:52 104448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll 2015-10-14 06:52 . 2015-09-01 17:52 348672 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll 2015-10-14 06:52 . 2015-09-01 17:52 181760 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe 2015-10-14 06:52 . 2015-09-01 17:50 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll 2015-10-14 06:52 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\system32\ExplorerFrame.dll 2015-10-14 06:50 . 2015-09-18 18:58 818264 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2015-10-02 14:40 . 2015-10-02 14:40 17314496 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL 2015-09-29 11:20 . 2015-09-29 11:20 -------- d-----w- c:\users\mumu\AppData\Local\Topaz Labs 2015-09-29 11:19 . 2015-09-29 11:20 -------- d-----w- c:\program files\Topaz Labs 2015-09-29 11:19 . 2015-09-29 11:19 -------- d-----w- c:\program files\Common Files\Topaz Labs . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2015-10-21 16:08 . 2015-05-26 15:27 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-10-17 20:16 . 2012-03-31 16:44 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-10-17 20:16 . 2012-03-31 16:44 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-10-05 07:50 . 2015-05-26 15:27 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-10-05 07:50 . 2015-05-26 15:27 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-10-05 07:50 . 2015-05-26 15:27 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-09-02 02:48 . 2015-09-09 07:12 26624 ----a-w- c:\windows\system32\lpk.dll 2015-09-02 02:48 . 2015-09-09 07:12 70656 ----a-w- c:\windows\system32\fontsub.dll 2015-09-02 02:48 . 2015-09-09 07:12 10240 ----a-w- c:\windows\system32\dciman32.dll 2015-09-02 02:48 . 2015-09-09 07:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2015-09-02 01:36 . 2015-09-09 07:12 2384896 ----a-w- c:\windows\system32\win32k.sys 2015-09-02 01:33 . 2015-09-09 07:12 299520 ----a-w- c:\windows\system32\atmfd.dll 2015-09-01 13:09 . 2015-05-19 08:53 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys 2015-09-01 13:09 . 2015-05-19 08:53 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2015-08-27 17:58 . 2015-09-09 07:12 1391104 ----a-w- c:\windows\system32\msxml6.dll 2015-08-27 17:58 . 2015-09-09 07:12 1241088 ----a-w- c:\windows\system32\msxml3.dll 2015-08-27 17:51 . 2015-09-09 07:12 2048 ----a-w- c:\windows\system32\msxml6r.dll 2015-08-27 17:51 . 2015-09-09 07:12 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-08-05 17:41 . 2015-09-09 07:12 751104 ----a-w- c:\windows\system32\schedsvc.dll 2015-08-05 17:40 . 2015-09-09 07:12 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll 2015-08-05 17:40 . 2015-09-09 07:12 216064 ----a-w- c:\windows\system32\InkEd.dll 2015-08-05 17:40 . 2015-09-09 07:12 19968 ----a-w- c:\windows\system32\jnwmon.dll 2015-07-30 17:57 . 2015-08-12 06:54 909824 ----a-w- c:\windows\system32\FntCache.dll 2015-07-30 17:57 . 2015-08-12 06:54 1251328 ----a-w- c:\windows\system32\DWrite.dll 2015-07-30 17:57 . 2015-08-12 06:54 1987584 ----a-w- c:\windows\system32\d3d10warp.dll 2015-07-30 13:13 . 2015-08-12 06:54 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256] "NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104] "ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-07-25 1126480] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-05-09 12021464] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-09-01 782008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896] "Silverlight for Internet Explorer"="c:\program files\Silverlight\ie\bin\Silverlight.exe" [2015-08-01 414208] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Assistant de configuration NETGEAR WNA3100.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2012-3-31 4577760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLUA"= 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget\P0000000000000000] 2011-11-02 14:02 246368 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIIME.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacrokeyManager] 2010-12-24 15:31 7134952 ----a-w- c:\windows\System32\WTMKM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2014-12-11 09:20 30877280 ----a-r- c:\program files\Skype\Phone\Skype.exe . R2 AntiVirMailService;Avira Protection e-mail;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2015-09-01 887128] R2 AntiVirWebService;Avira Protection Web;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2015-09-01 1213072] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496] R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2014-04-09 26032] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2009-11-06 699896] R3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-10-21 170200] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-01 1343400] R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2011-11-02 167520] R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2011-11-02 142432] R4 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-11 122000] R4 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136] R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-06-25 63488] R4 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152] R4 WTService;WTService;c:\windows\system32\atwtusb.exe [2011-01-26 870120] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-05-20 37896] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-22 242240] S2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2015-09-01 461672] S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-05-19 37896] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416] S2 mi-raysat_3dsmax2013_32;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 32-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe [2011-09-14 86016] S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 17536800] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 19232] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-06-17 718552] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] utcsvc REG_MULTI_SZ DiagTrack . Contenu du dossier 'Tâches planifiées' . 2015-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:16] . 2015-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-34896904-1898965610-2012109929-1000Core.job - c:\users\mumu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-30 18:53] . 2015-10-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-34896904-1898965610-2012109929-1000UA.job - c:\users\mumu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-30 18:53] . . ------- Examen supplémentaire ------- . uStart Page = https://www.google.fr/?gws_rd=ssl mStart Page = www.google.com IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - c:\users\mumu\AppData\Roaming\Mozilla\Firefox\Profiles\vx060fgv.default-1380540336468\ FF - prefs.js: browser.startup.homepage - about:home . - - - - ORPHELINS SUPPRIMES - - - - . AddRemove-photoFXlab - c:\program files\Topaz Labs\Applications\32Bit\uninst.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'Explorer.exe'(1564) c:\program files\FileZilla FTP Client\libstdc++-6.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\DAEMON Tools Pro\DTShellHlp.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\GWX\GWX.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Common Files\Java\Java Update\jucheck.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Heure de fin: 2015-10-21 18:57:13 - La machine a redémarré ComboFix-quarantined-files.txt 2015-10-21 16:57 . Avant-CF: 247 848 394 752 octets libres Après-CF: 247 437 103 104 octets libres . - - End Of File - - 2F2BA047E8559729A173DE06A148413A A36C5E4F47E84449FF07ED3517B43A31