ComboFix 16-03-07.01 - villa 07/03/2016 10:49:10.1.1 - x86 NETWORK Microsoft Windows 7 Édition Starter N 6.1.7600.0.1252.33.1036.18.3070.2126 [GMT 1:00] Lancé depuis: c:\users\villa\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\ma-config.com c:\program files\ma-config.com\config.xml c:\program files\ma-config.com\CPUID\cpuidsdk.dll c:\program files\ma-config.com\Drivers\driverhardwarev2.sys c:\program files\ma-config.com\Drivers\driverhardwarev2ia64.sys c:\program files\ma-config.com\Drivers\driverhardwarev2x64.cat c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys c:\program files\ma-config.com\Drivers\matos9x.vxd c:\program files\ma-config.com\Langues\LangueMC_de.xml c:\program files\ma-config.com\Langues\LangueMC_en.xml c:\program files\ma-config.com\Langues\LangueMC_es.xml c:\program files\ma-config.com\Langues\LangueMC_fr.xml c:\program files\ma-config.com\Langues\LangueMC_pt.xml c:\program files\ma-config.com\ma-config.html c:\program files\ma-config.com\maconfservice.exe c:\program files\ma-config.com\MCATLActiveX.dll c:\program files\ma-config.com\MCBCL.dll c:\program files\ma-config.com\MCNoyau.dll c:\program files\ma-config.com\MCrypt.dll c:\program files\ma-config.com\MCSettings.exe c:\program files\ma-config.com\nphardwaredetection.dll c:\program files\ma-config.com\sqlite3.dll c:\programdata\ma-config.com c:\programdata\ma-config.com\Logs\activex.txt c:\programdata\ma-config.com\Logs\maconfservice.txt c:\programdata\ma-config.com\Logs\mcsettings.txt c:\programdata\ma-config.com\mcbase.db c:\users\villa\Core.dll c:\users\villa\dbg.dll c:\users\villa\DemoPlayer.dll c:\users\villa\FileSystem_Steam.dll c:\users\villa\hl.exe c:\users\villa\hw.dll c:\users\villa\hw_orig.dll c:\users\villa\hwpatcher.dll c:\users\villa\revSrvBrowser.dll c:\users\villa\steamclient.dll c:\users\villa\sw.dll c:\users\villa\swds.dll c:\users\villa\Uninstal.exe c:\users\villa\upatch.dll c:\users\villa\vgui.dll c:\users\villa\vgui2.dll c:\users\villa\voice_miles.dll c:\users\villa\voice_mp3.asi c:\users\villa\voice_mp3.dll c:\users\villa\voice_speex.dll . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_driverhardwarev2 -------\Legacy_driverhardwarev2 -------\Service_driverhardwarev2 -------\Service_maconfservice -------\Service_driverhardwarev2 -------\Service_maconfservice . . ((((((((((((((((((((((((((((( Fichiers créés du 2016-02-07 au 2016-03-07 )))))))))))))))))))))))))))))))))))) . . 2016-03-07 09:32 . 2016-03-07 09:42 -------- d-----w- c:\users\villa\AppData\Roaming\ZHP 2016-03-05 02:00 . 2016-03-05 02:00 -------- d-----w- c:\programdata\Vitalwerks 2016-03-04 16:40 . 2016-03-04 16:40 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2016-03-03 04:55 . 2016-03-03 04:55 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42A6A918-433E-4D43-91D3-62FF3118B925}\offreg.1252.dll 2016-03-02 21:53 . 2016-03-02 21:53 -------- d-----w- c:\users\villa\valve 2016-03-02 21:53 . 2016-03-02 21:53 -------- d-----w- c:\users\villa\config 2016-03-02 21:53 . 2016-03-02 21:53 -------- d-----w- c:\users\villa\reslists 2016-03-02 21:53 . 2016-03-02 21:53 -------- d-----w- c:\users\villa\platform 2016-03-02 21:53 . 2016-03-02 21:53 -------- d-----w- c:\users\villa\logs 2016-03-02 21:53 . 2016-03-02 21:53 -------- d-----w- c:\users\villa\gldrv 2016-03-02 21:52 . 2016-03-07 01:50 -------- d-----w- c:\users\villa\cstrike 2016-03-02 21:34 . 2016-03-02 21:35 -------- d-----w- c:\program files\Counter-Strike 1.6 2016-03-02 15:33 . 2016-03-02 15:33 5896 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2016-03-02 00:39 . 2016-03-02 00:39 -------- d-----w- c:\users\villa\AppData\Local\Vitalwerks 2016-03-02 00:39 . 2016-03-02 00:39 -------- d-----w- c:\program files\No-IP 2016-03-02 00:09 . 2016-03-02 00:09 -------- d-----w- c:\program files\Valve 2016-02-26 03:23 . 2016-02-26 11:39 -------- d-----w- c:\users\villa\AppData\Local\Mozilla 2016-02-26 03:23 . 2016-02-26 03:23 -------- d-----w- c:\program files\Mozilla Maintenance Service 2016-02-26 02:39 . 2009-07-07 07:53 7680 ----a-w- c:\windows\system32\drivers\FwLnk.sys 2016-02-26 02:39 . 2006-03-23 12:44 9728 ----a-w- c:\windows\system32\TCMSVR.dll 2016-02-26 02:39 . 2004-03-09 15:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx 2016-02-26 02:39 . 2004-03-09 15:00 1081616 ----a-w- c:\windows\system32\mscomctl.ocx 2016-02-26 02:39 . 2009-08-07 04:17 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys 2016-02-26 02:38 . 2016-02-26 02:38 -------- d-----w- c:\programdata\Toshiba 2016-02-26 02:37 . 2016-02-26 02:37 -------- d-----w- c:\program files\ltmoh 2016-02-26 02:37 . 2009-07-21 15:24 58888 ------w- c:\windows\system32\agrsmdel.exe 2016-02-26 02:37 . 2016-02-26 02:37 -------- d-----w- c:\program files\LSI SoftModem 2016-02-26 02:37 . 2016-02-26 02:37 -------- d-----w- c:\windows\Options 2016-02-26 02:24 . 2016-02-26 02:24 -------- d-----w- c:\users\villa\AppData\Roaming\toshiba 2016-02-26 02:21 . 1999-10-12 18:47 24576 ----a-w- c:\windows\system32\TSCI.dll 2016-02-26 02:21 . 1999-10-12 18:45 24576 ----a-w- c:\windows\system32\THCI.dll 2016-02-26 02:16 . 2016-02-26 02:42 -------- d-----w- C:\Temp 2016-02-26 02:11 . 2016-02-26 02:42 -------- d--h--w- c:\program files\InstallShield Installation Information 2016-02-26 02:11 . 2016-02-26 02:38 -------- d-----w- c:\program files\TOSHIBA 2016-02-26 02:11 . 2016-02-26 02:11 -------- d-----w- c:\program files\Common Files\Toshiba Shared 2016-02-26 02:11 . 2016-02-26 02:11 -------- d-----w- c:\users\villa\AppData\Roaming\InstallShield 2016-02-26 02:10 . 2016-02-26 02:40 -------- d-----w- c:\program files\Intel 2016-02-26 02:10 . 2009-07-08 15:34 53248 ----a-w- c:\windows\system32\CSVer.dll 2016-02-26 02:10 . 2016-02-26 02:10 -------- d-----w- c:\users\villa\AppData\Roaming\WinBatch 2016-02-26 01:23 . 2016-02-26 01:23 -------- d-----w- c:\program files\Intel Corporation 2016-02-26 01:18 . 2016-02-26 01:18 -------- d-----w- c:\programdata\Intel 2016-02-26 01:18 . 2016-02-26 01:18 -------- d-----w- c:\users\villa\AppData\Local\Intel 2016-02-26 01:17 . 2016-02-26 01:17 -------- d-----w- c:\program files\Intel Driver Update Utility 2016-02-25 23:56 . 2016-02-27 13:07 -------- d-----w- c:\users\villa\AppData\Roaming\SimpleTV V03 2016-02-25 23:54 . 2016-02-25 23:54 -------- d-----w- c:\program files\SimpleTV 2016-02-24 23:47 . 2016-03-04 17:36 -------- d-----w- c:\users\villa\AppData\Roaming\vlc 2016-02-24 23:47 . 2016-02-24 23:47 -------- d-----w- c:\program files\VideoLAN 2016-02-23 18:56 . 2016-02-26 01:03 -------- d-----w- c:\programdata\DriversCloud.com 2016-02-23 18:56 . 2016-02-26 01:03 -------- d-----w- c:\program files\DriversCloud.com 2016-02-23 17:28 . 2016-02-23 17:28 -------- d-----w- c:\users\villa\AppData\Roaming\Easeware 2016-02-23 17:28 . 2016-02-23 17:28 -------- d-----w- c:\program files\Easeware 2016-02-22 00:47 . 2016-02-22 00:47 -------- d-----w- c:\program files\WinHTTrack 2016-02-22 00:47 . 2016-02-22 00:47 -------- d-----w- c:\users\villa\AppData\Local\Programs 2016-02-20 20:26 . 2016-02-20 20:26 -------- d-----w- c:\program files\AMX Mod X 2016-02-20 20:23 . 2016-02-20 20:23 -------- d-----w- c:\users\villa\AppData\Local\TeamViewer 2016-02-20 20:21 . 2016-03-01 17:14 -------- d-----w- c:\users\villa\AppData\Roaming\TeamViewer 2016-02-20 20:21 . 2016-02-20 20:22 -------- d-----w- c:\program files\TeamViewer 2016-02-20 17:58 . 2016-02-26 01:29 -------- d-----w- c:\users\villa\AppData\Local\CrashDumps 2016-02-20 17:48 . 2016-03-01 16:55 -------- d-----w- c:\users\villa\AppData\Local\Downloaded Installations 2016-02-20 17:44 . 2016-02-20 17:44 -------- d-----w- c:\program files\Microsoft.NET 2016-02-20 17:43 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2016-02-20 17:43 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2016-02-20 17:43 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2016-02-20 17:43 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2016-02-20 17:43 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2016-02-20 17:42 . 2016-02-20 17:42 -------- d-----w- C:\e83dccb57aeb8cfe34 2016-02-20 15:08 . 2016-02-20 15:08 -------- d-----w- C:\c3b147d2a2f1dd8d895fa845 2016-02-20 14:34 . 2016-02-26 01:05 -------- d-----w- c:\programdata\Package Cache 2016-02-20 03:11 . 2016-02-20 03:24 -------- d-----w- c:\users\villa\AppData\Roaming\Notepad++ 2016-02-20 03:05 . 2016-02-20 03:05 -------- d-----w- c:\program files\Notepad++ 2016-02-20 02:58 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2016-02-20 02:55 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll 2016-02-20 02:55 . 2015-03-19 02:57 3908024 ----a-w- c:\windows\system32\ntoskrnl.exe 2016-02-20 02:55 . 2015-03-19 02:57 3963320 ----a-w- c:\windows\system32\ntkrnlpa.exe 2016-02-20 02:55 . 2013-03-19 04:54 38912 ----a-w- c:\windows\system32\csrsrv.dll 2016-02-20 02:55 . 2013-03-19 02:50 69632 ----a-w- c:\windows\system32\smss.exe 2016-02-20 02:50 . 2016-03-03 17:49 -------- d-----w- c:\users\villa\AppData\Roaming\FileZilla 2016-02-20 02:49 . 2016-02-20 02:49 -------- d-----w- c:\program files\FileZilla FTP Client 2016-02-20 02:43 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2016-02-20 02:43 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2016-02-20 02:43 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2016-02-20 02:43 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2016-02-20 02:43 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2016-02-20 02:43 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2016-02-20 02:43 . 2016-02-20 02:43 -------- d-----w- c:\users\villa\AppData\Roaming\ATI 2016-02-20 02:43 . 2016-02-20 02:43 -------- d-----w- c:\users\villa\AppData\Local\ATI 2016-02-20 02:43 . 2016-02-20 02:43 -------- d-----w- c:\programdata\ATI 2016-02-20 02:42 . 2016-02-20 02:42 -------- d-----w- c:\programdata\AMD 2016-02-20 02:42 . 2016-02-20 02:42 -------- d-----w- c:\program files\Common Files\ATI Technologies 2016-02-20 02:42 . 2016-02-20 02:42 -------- d-----w- c:\program files\AMD AVT 2016-02-20 02:42 . 2016-02-20 02:42 -------- d-----w- c:\program files\AMD APP 2016-02-20 02:40 . 2016-02-26 02:24 -------- d-sh--w- c:\windows\Installer 2016-02-20 00:48 . 2016-02-20 00:48 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2016-02-20 00:48 . 2016-02-20 00:48 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2016-02-20 00:48 . 2016-02-20 00:48 -------- d-----w- c:\windows\system32\Macromed 2016-02-20 00:34 . 2016-02-20 02:42 -------- d-----w- c:\program files\ATI Technologies 2016-02-20 00:34 . 2016-02-20 00:34 -------- d-----w- c:\program files\ATI 2016-02-20 00:34 . 2016-02-20 00:34 -------- d-----w- C:\AMD 2016-02-20 00:33 . 2015-12-16 09:15 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42A6A918-433E-4D43-91D3-62FF3118B925}\mpengine.dll 2016-02-20 00:19 . 2016-02-20 01:54 -------- d-----w- c:\users\villa\AppData\Local\Google 2016-02-20 00:16 . 2016-02-20 00:19 -------- d-----w- c:\program files\Google 2016-02-20 00:16 . 2016-02-20 00:16 -------- d-----w- c:\users\villa\AppData\Local\Apps 2016-02-20 00:16 . 2016-02-20 00:16 -------- d-----w- c:\users\villa\AppData\Local\Deployment 2016-02-20 00:07 . 2016-02-27 11:47 -------- d-----w- c:\users\villa\AppData\Local\ElevatedDiagnostics . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2015-12-09 12:18 . 2015-12-09 12:19 722593 ----a-w- c:\users\villa\unins000.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304] "HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2009-08-03 832856] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-11-10 738616] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-11 1298816] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Launcher.lnk - c:\program files\InternetEverywhere\InternetEverywhere_Launcher.exe [2016-2-29 506824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088] R2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files\InternetEverywhere\InternetEverywhere_Service.exe [2011-02-28 334792] R2 NoIPDUCService4;NO-IP DUC v4.1.1;c:\program files\No-IP\ducservice.exe [2015-07-20 12288] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2016-02-29 102784] R3 netr73;Pilote de carte LAN sans fil USB RT73 pour Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792] R3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2015-12-09 55144] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2016-02-20 00:19 1088664 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe . Contenu du dossier 'Tâches planifiées' . 2016-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-20 00:48] . 2016-02-23 c:\windows\Tasks\DriverEasy Scheduled Scan.job - c:\program files\Easeware\DriverEasy\DriverEasy.exe [2016-02-23 19:19] . 2016-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2016-02-20 00:16] . 2016-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d16b73ff1734c0.job - c:\program files\Google\Update\GoogleUpdate.exe [2016-02-20 00:16] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = 82.134.67.175:8080 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\villa\AppData\Roaming\Mozilla\Firefox\Profiles\31zr0jlm.default\ . - - - - ORPHELINS SUPPRIMES - - - - . AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel AddRemove-Counter-Strike 1.6 - c:\users\villa\Uninstal.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\conhost.exe . ************************************************************************** . Heure de fin: 2016-03-07 10:58:45 - La machine a redémarré ComboFix-quarantined-files.txt 2016-03-07 09:58 . Avant-CF: 208 641 400 832 octets libres Après-CF: 208 587 735 040 octets libres . - - End Of File - - FB58EDFAB3E6CFE5412696D0B572537A A36C5E4F47E84449FF07ED3517B43A31