Problème ntdll.dll

freshjj2 · le 16 mai 2012

la rapport de combofix :

ComboFix 12-05-14.03 - Owner 05/15/2012 0:40.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1662 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\users\Owner\Documents\~WRL2476.tmp

c:\windows\SysWow64\SET9B26.tmp

c:\windows\SysWow64\SETA7B4.tmp

c:\windows\UA000011.DLL

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_npf

.

((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))

.

2012-05-15 05:59 . 2012-05-15 05:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-14 08:04 . 2012-05-14 08:04 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-14 08:04 . 2012-05-14 08:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-14 00:43 . 2012-05-14 00:43 -------- d-----w- c:\users\Owner\AppData\Roaming\PeerNetworking

2012-05-13 19:17 . 2012-05-13 19:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-13 19:17 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-13 03:43 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-13 03:43 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-13 03:43 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-13 03:43 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-13 03:43 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-13 03:42 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-13 03:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-13 02:52 . 2012-05-13 02:52 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes

2012-05-13 02:51 . 2012-05-13 02:51 -------- d-----w- c:\programdata\Malwarebytes

2012-05-13 02:33 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-13 02:33 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-13 02:33 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-13 02:33 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-13 02:33 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-13 02:33 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-08 04:28 . 2012-05-08 04:28 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-08 04:16 . 2012-05-08 04:16 116016 ----a-w- c:\windows\system32\drivers\87617208.sys

2012-05-04 00:45 . 2012-05-08 05:11 -------- d-----w- c:\program files (x86)\1ClickDownload

2012-05-03 21:03 . 2012-05-03 21:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-04-24 16:03 . 2012-04-24 16:03 512 ----a-w- C:\PhysicalMBR.bin

2012-04-24 03:34 . 2012-04-24 03:34 -------- d-----w- C:\found.000

2012-04-21 20:42 . 2012-04-21 20:42 -------- d-----w- c:\windows\en

2012-04-21 20:37 . 2012-03-08 23:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-04-21 20:30 . 2012-04-21 20:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\922e4ef81cd1ffd02\MeshBetaRemover.exe

2012-04-21 20:30 . 2012-04-21 20:30 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\DXSETUP.exe

2012-04-21 20:30 . 2012-04-21 20:30 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\DSETUP.dll

2012-04-21 20:30 . 2012-04-21 20:30 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\dsetup32.dll

2012-04-17 00:35 . 2012-04-30 22:01 -------- d-----w- C:\ZHP

2012-04-17 00:32 . 2012-04-30 22:01 -------- d-----w- c:\program files (x86)\ZHPDiag

2012-04-17 00:06 . 2012-04-24 07:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype

2012-04-16 22:27 . 2012-04-16 22:27 -------- d-----w- c:\program files (x86)\VS Revo Group

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-03 21:04 . 2012-05-03 21:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A01FFE5-F898-4A0F-B6B6-3B84BFEEB9E1}\gapaengine.dll

2012-04-13 08:46 . 2012-05-15 02:49 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D80D9C4C-AA47-4B6B-8656-E70ED5428AF8}\mpengine.dll

2012-04-13 08:46 . 2012-05-13 22:05 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-01 06:46 . 2012-04-12 23:41 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-12 23:41 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-12 23:41 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-12 23:41 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-12 23:41 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-12 23:41 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-12 23:41 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-12 23:46 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-12 23:46 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-12 23:46 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-12 23:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-12 23:46 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-12 23:46 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 23:46 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-12 23:46 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-17 06:38 . 2012-03-19 22:44 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-19 22:44 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-19 22:44 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-19 22:44 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]

2010-06-11 03:41 2515552 ----a-w- c:\program files (x86)\Soft-Search\tbSof1.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{33727f97-486d-4d19-97c3-23f432ef93fc}]

2010-09-27 17:11 2735200 ----a-w- c:\program files (x86)\mywebsites.pro-FR\tbmyw0.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]

2011-10-20 03:05 2660016 ----a-w- c:\program files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{33727f97-486d-4d19-97c3-23f432ef93fc}"= "c:\program files (x86)\mywebsites.pro-FR\tbmyw0.dll" [2010-09-27 2735200]

"{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}"= "c:\program files (x86)\Soft-Search\tbSof1.dll" [2010-06-11 2515552]

.

[HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}]

.

[HKEY_CLASSES_ROOT\clsid\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"Facebook Update"="c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-07 137536]

"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"UIExec"="c:\program files (x86)\NATCOM 3G\UIExec.exe" [2011-11-18 153424]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-4-4 3450608]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 135664]

R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 ew_mbbusbdev;MBB USB PNP Device;c:\windows\system32\DRIVERS\ew_mbbusbdev.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 135664]

R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [x]

R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [x]

R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [x]

R3 HSPADataCardusbvoice;HSPADataCard VoUSB Port;c:\windows\system32\DRIVERS\HSPADataCardusbvoice.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 mbbdatacard;MBB DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [x]

R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [x]

R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [x]

R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys [x]

R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111026.030\IDSvia64.sys [2011-08-23 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]

S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\NATCOM 3G\AssistantServices.exe [2011-11-18 270672]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]

S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]

S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]

S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001Core.job

- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 02:45]

.

2012-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001UA.job

- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 02:45]

.

2012-05-14 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-13 01:20]

.

2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 05:06]

.

2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 05:06]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"combofix"="c:\combofix\CF5378.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.fr

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe

SafeBoot-42060062.sys

Toolbar-Locked - (no file)

WebBrowser-{33727F97-486D-4D19-97C3-23F432EF93FC} - (no file)

WebBrowser-{09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

.

**************************************************************************

.

Completion time: 2012-05-15 01:24:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-15 06:24

.

Pre-Run: 16,463,269,888 bytes free

Post-Run: 16,629,927,936 bytes free

.

- - End Of File - - 77B1C32B51F0D8E440A7E9CD254B3929

Toujours le meme message avec zhpdiag,,,: vilation d'acces a l'adresse 77D490D6 dans le module NTDll.DLL etc... :-(

freshjj2 · le 16 mai 2012

hi... combofix message: