win32 TRATBHO sous Wndows VISTA avec AVAST
Dernière réponse : dans Le monde de Windows
onjour,
Bonjour à tous,
Je suis infecté par win32TRATBHO. Je suis sous Windows VISTA avec Avast antivirus.
Je n'arrive pas à enlever ce virus.
J'ai lancé ComboFix qui a généré le rapport suivant.
Que dois-je faire? Help! Merci pour votre aide.
ComboFix 08-04-29.3 - stefflouis 2008-04-30 6:50:42.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.929 [GMT 2:00]
Endroit: C:\Users\stefflouis\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Tuner\Liteon\Resources\_desktop.ini
C:\DRV\Tuner\Yuan\Resources\_desktop.ini
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Conditions générales.url
C:\Program Files\webmediaplayer\Confidentialité.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Conditions générales.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Confidentialité.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.lnk
C:\Users\Public\Desktop\webmediaplayer.lnk
c:\Users\stefflouis\AppData\Local\nbtjnng.dat
c:\Users\stefflouis\AppData\Local\nbtjnng_nav.dat
c:\Users\stefflouis\AppData\Local\nbtjnng_navps.dat
C:\Windows\system32\ACER.exe
C:\Windows\system32\nvs2.inf
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))))))))
.
2008-04-27 22:39 . 2008-04-27 22:39 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-26 17:39 . 2008-04-26 17:39 <REP> d-------- C:\Program Files\MagicISO
2008-04-26 17:39 . 2008-04-26 17:39 37,888 --a------ C:\Windows\System32\awtuuSKD.dll
2008-04-17 17:50 . 2008-04-17 17:50 <REP> d-------- C:\Program Files\ffdshow
2008-04-17 17:50 . 2008-01-01 01:00 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-04-17 17:50 . 2008-04-10 17:50 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-04-17 17:50 . 2008-01-01 01:00 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-04-09 16:09 . 2008-02-15 01:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 16:09 . 2008-02-19 07:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 16:09 . 2008-02-29 08:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 16:09 . 2008-02-29 08:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 16:09 . 2008-02-29 08:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 16:09 . 2008-02-29 08:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 16:09 . 2008-02-29 08:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 16:09 . 2008-02-29 08:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 16:09 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 16:06 . 2008-02-29 06:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-09 16:06 . 2008-02-21 06:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 16:06 . 2008-03-08 04:14 148,992 --a------ C:\Windows\System32\drivers\ks.sys
2008-04-09 16:06 . 2007-12-16 13:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-09 16:06 . 2007-12-16 13:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-08 21:21 . 2008-04-08 21:21 1,048,576 --ahs---- C:\Users\stefflouis\ntuser.dat{9068d9ff-00d9-11dd-a77c-b493b95affcb}.TxR.2.regtrans-ms
2008-04-08 21:21 . 2008-04-08 21:21 1,048,576 --ahs---- C:\Users\stefflouis\ntuser.dat{9068d9ff-00d9-11dd-a77c-b493b95affcb}.TxR.1.regtrans-ms
2008-04-08 21:21 . 2008-04-08 21:21 1,048,576 --ahs---- C:\Users\stefflouis\ntuser.dat{9068d9ff-00d9-11dd-a77c-b493b95affcb}.TxR.0.regtrans-ms
2008-04-08 21:21 . 2008-04-08 21:21 65,536 --ahs---- C:\Users\stefflouis\ntuser.dat{9068d9ff-00d9-11dd-a77c-b493b95affcb}.TxR.blf
2008-04-02 19:24 . 2008-04-02 19:24 524,288 --ahs---- C:\Users\stefflouis\ntuser.dat{9068da00-00d9-11dd-a77c-b493b95affcb}.TMContainer00000000000000000002.regtrans-ms
2008-04-02 19:24 . 2008-04-02 19:24 524,288 --ahs---- C:\Users\stefflouis\ntuser.dat{9068da00-00d9-11dd-a77c-b493b95affcb}.TMContainer00000000000000000001.regtrans-ms
2008-04-02 19:24 . 2008-04-02 19:24 65,536 --ahs---- C:\Users\stefflouis\ntuser.dat{9068da00-00d9-11dd-a77c-b493b95affcb}.TM.blf
2008-03-22 11:20 . 2008-03-22 11:20 <REP> d-------- C:\Program Files\FLV Player
2008-03-17 15:34 . 2008-04-29 23:13 <REP> d-------- C:\Users\stefflouis\dwhelper
2008-03-12 08:42 . 2008-03-12 08:42 <REP> d-------- C:\Program Files\OneStopSoft.com
2008-03-12 08:42 . 2005-08-27 03:38 1,435,272 --a------ C:\Windows\System32\Flash.ocx
2008-03-12 08:42 . 2002-03-04 13:27 1,140,472 --a------ C:\Windows\System32\IGUltraGrid20.ocx
2008-03-12 08:42 . 2000-12-06 00:00 109,248 --a------ C:\Windows\System32\MSWINSCK.OCX
2008-03-12 08:42 . 2000-07-15 06:00 101,888 --a------ C:\Windows\System32\VB6STKIT.DLL
2008-03-12 08:42 . 2001-04-20 02:28 28,672 --a------ C:\Windows\System32\SysTray.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 04:44 --------- d-----w C:\Users\stefflouis\AppData\Roaming\OpenOffice.org2
2008-04-29 08:40 --------- d-----w C:\ProgramData\Google Updater
2008-04-23 12:31 --------- d-----w C:\Program Files\Picasa2
2008-04-10 01:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-25 19:29 --------- d-----w C:\Users\stefflouis\AppData\Roaming\Skype
2008-03-25 19:28 --------- d-----w C:\Users\stefflouis\AppData\Roaming\skypePM
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 12:51 0 ----a-w C:\Users\stefflouis\AppData\Roaming\wklnhst.dat
2008-02-14 02:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:05 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:05 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:05 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-09 17:18 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 18:27 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-08 18:27 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-02 16:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-02 16:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-02 16:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-02 16:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-02 16:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-02 16:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2008-01-02 16:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-01-02 16:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-02 15:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
2008-01-02 15:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
2008-01-02 15:47 104,636 ----a-w C:\Windows\System32\igmedcompkrn.dll
2008-01-02 15:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll
2008-01-02 15:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll
2008-01-02 15:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
2008-01-02 15:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
2008-01-02 15:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-01-02 15:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-01-02 15:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-01-02 15:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-01-02 15:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-01-02 15:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-01-02 15:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
2008-01-02 15:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-01-02 15:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:18 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-05 14:56 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-11-21 04:12 3297280]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-10 08:58 1006264]
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"Acer Tour"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 13:38 206952]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 15:54 1286144]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"adiras"="adiras.exe" [2007-02-13 17:19 194128 C:\Windows\adiras.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-05 14:56 1836544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 18:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 18:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 18:07 133656]
"MSServer"="C:\Windows\system32\awtuuSKD.dll" [2008-04-26 17:39 37888]
C:\Users\stefflouis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 09:29:07 535336]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-05 14:56:13 126136]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 16:30:54 250368]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-30 12:10:00 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe![:D]( ":D")
V Wizard
"{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25219AE5-C395-490A-927D-5917C456B162}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2A8BDAB2-CCA2-4EAD-B514-1566D0075293}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe![:D]( ":D")
VDivine
"{D2F70D68-4805-47FA-A7D7-0E2158DCD507}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe![:p]( ":p")
lay Movie
"{48CC942B-80FF-4F0A-8CEE-7A06E3A73C68}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe![:p]( ":p")
lay Movie Resident Program
"{29099390-6576-458F-AC53-AA1FEFA0ACC3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F25F50C-5082-4D38-AD39-5555218055B2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E36D1F50-E360-4FCA-8140-9D9E3CF7F5C5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTun
"{D218FBE7-9240-4484-943E-54BB2E3E467F}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{589EAC9C-0440-43D6-A83B-621264AAEA03}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{58E37EB5-3340-45A9-82AC-7F897CC75CF8}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{95004779-075B-4C34-BF38-3858A5B82652}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{117A3158-2A79-4CA9-ADB9-2B27391D4F8A}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{6B2F1DDC-9B86-432C-8A0E-DC8F7D19FF8A}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{E00C7E2E-9429-4615-8CA5-9DF01D37175E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C3C34D6E-C8C1-40B2-B6D1-782B0CA5B8E8}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{6EADD5BC-BCD9-49D7-9BDB-AE07F7B3B801}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"UDP Query User{8D3E953C-7D5B-4BC4-A6C5-3443B33F3EE1}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"{CC89ECBB-E179-490F-A52A-F067BFA767E9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C9AF7059-8AB4-4FEF-8B8B-18C08F5B9AF8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\0/u00.fcl [2006-11-02 16:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 12:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]
S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\Windows\system32\Drivers\adildr.sys [2007-02-07 17:50]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cf7823c-c08b-11dc-9ad3-9d1851bb1322}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 06:54:04
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-30 6:55:08
ComboFix-quarantined-files.txt 2008-04-30 04:54:55
Pre-Run: 30,321,979,392 octets libres
Post-Run: 30,558,552,064 octets libres
259 --- E O F --- 2008-04-24 16:23:29
Bonjour à tous,
Je suis infecté par win32TRATBHO. Je suis sous Windows VISTA avec Avast antivirus.
Je n'arrive pas à enlever ce virus.
J'ai lancé ComboFix qui a généré le rapport suivant.
Que dois-je faire? Help! Merci pour votre aide.
ComboFix 08-04-29.3 - stefflouis 2008-04-30 6:50:42.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.929 [GMT 2:00]
Endroit: C:\Users\stefflouis\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Tuner\Liteon\Resources\_desktop.ini
C:\DRV\Tuner\Yuan\Resources\_desktop.ini
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Conditions générales.url
C:\Program Files\webmediaplayer\Confidentialité.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Conditions générales.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Confidentialité.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.lnk
C:\Users\Public\Desktop\webmediaplayer.lnk
c:\Users\stefflouis\AppData\Local\nbtjnng.dat
c:\Users\stefflouis\AppData\Local\nbtjnng_nav.dat
c:\Users\stefflouis\AppData\Local\nbtjnng_navps.dat
C:\Windows\system32\ACER.exe
C:\Windows\system32\nvs2.inf
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))))))))
.
2008-04-27 22:39 . 2008-04-27 22:39 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-26 17:39 . 2008-04-26 17:39 <REP> d-------- C:\Program Files\MagicISO
2008-04-26 17:39 . 2008-04-26 17:39 37,888 --a------ C:\Windows\System32\awtuuSKD.dll
2008-04-17 17:50 . 2008-04-17 17:50 <REP> d-------- C:\Program Files\ffdshow
2008-04-17 17:50 . 2008-01-01 01:00 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-04-17 17:50 . 2008-04-10 17:50 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-04-17 17:50 . 2008-01-01 01:00 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-04-09 16:09 . 2008-02-15 01:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 16:09 . 2008-02-19 07:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 16:09 . 2008-02-29 08:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 16:09 . 2008-02-29 08:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 16:09 . 2008-02-29 08:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 16:09 . 2008-02-29 08:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 16:09 . 2008-02-29 08:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 16:09 . 2008-02-29 08:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 16:09 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 16:06 . 2008-02-29 06:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-09 16:06 . 2008-02-21 06:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 16:06 . 2008-03-08 04:14 148,992 --a------ C:\Windows\System32\drivers\ks.sys
2008-04-09 16:06 . 2007-12-16 13:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-09 16:06 . 2007-12-16 13:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-08 21:21 . 2008-04-08 21:21 1,048,576 --ahs---- C:\Users\stefflouis\ntuser.dat{9068d9ff-00d9-11dd-a77c-b493b95affcb}.TxR.2.regtrans-ms
2008-04-08 21:21 . 2008-04-08 21:21 1,048,576 --ahs---- C:\Users\stefflouis\ntuser.dat{9068d9ff-00d9-11dd-a77c-b493b95affcb}.TxR.1.regtrans-ms
2008-04-08 21:21 . 2008-04-08 21:21 1,048,576 --ahs---- C:\Users\stefflouis\ntuser.dat{9068d9ff-00d9-11dd-a77c-b493b95affcb}.TxR.0.regtrans-ms
2008-04-08 21:21 . 2008-04-08 21:21 65,536 --ahs---- C:\Users\stefflouis\ntuser.dat{9068d9ff-00d9-11dd-a77c-b493b95affcb}.TxR.blf
2008-04-02 19:24 . 2008-04-02 19:24 524,288 --ahs---- C:\Users\stefflouis\ntuser.dat{9068da00-00d9-11dd-a77c-b493b95affcb}.TMContainer00000000000000000002.regtrans-ms
2008-04-02 19:24 . 2008-04-02 19:24 524,288 --ahs---- C:\Users\stefflouis\ntuser.dat{9068da00-00d9-11dd-a77c-b493b95affcb}.TMContainer00000000000000000001.regtrans-ms
2008-04-02 19:24 . 2008-04-02 19:24 65,536 --ahs---- C:\Users\stefflouis\ntuser.dat{9068da00-00d9-11dd-a77c-b493b95affcb}.TM.blf
2008-03-22 11:20 . 2008-03-22 11:20 <REP> d-------- C:\Program Files\FLV Player
2008-03-17 15:34 . 2008-04-29 23:13 <REP> d-------- C:\Users\stefflouis\dwhelper
2008-03-12 08:42 . 2008-03-12 08:42 <REP> d-------- C:\Program Files\OneStopSoft.com
2008-03-12 08:42 . 2005-08-27 03:38 1,435,272 --a------ C:\Windows\System32\Flash.ocx
2008-03-12 08:42 . 2002-03-04 13:27 1,140,472 --a------ C:\Windows\System32\IGUltraGrid20.ocx
2008-03-12 08:42 . 2000-12-06 00:00 109,248 --a------ C:\Windows\System32\MSWINSCK.OCX
2008-03-12 08:42 . 2000-07-15 06:00 101,888 --a------ C:\Windows\System32\VB6STKIT.DLL
2008-03-12 08:42 . 2001-04-20 02:28 28,672 --a------ C:\Windows\System32\SysTray.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 04:44 --------- d-----w C:\Users\stefflouis\AppData\Roaming\OpenOffice.org2
2008-04-29 08:40 --------- d-----w C:\ProgramData\Google Updater
2008-04-23 12:31 --------- d-----w C:\Program Files\Picasa2
2008-04-10 01:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-25 19:29 --------- d-----w C:\Users\stefflouis\AppData\Roaming\Skype
2008-03-25 19:28 --------- d-----w C:\Users\stefflouis\AppData\Roaming\skypePM
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 12:51 0 ----a-w C:\Users\stefflouis\AppData\Roaming\wklnhst.dat
2008-02-14 02:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:05 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:05 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:05 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-09 17:18 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 18:27 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-08 18:27 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-02 16:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-02 16:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-02 16:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-02 16:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-02 16:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-02 16:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2008-01-02 16:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-01-02 16:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-02 15:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
2008-01-02 15:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
2008-01-02 15:47 104,636 ----a-w C:\Windows\System32\igmedcompkrn.dll
2008-01-02 15:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll
2008-01-02 15:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll
2008-01-02 15:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
2008-01-02 15:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
2008-01-02 15:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-01-02 15:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-01-02 15:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-01-02 15:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-01-02 15:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-01-02 15:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-01-02 15:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
2008-01-02 15:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-01-02 15:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:18 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-05 14:56 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-11-21 04:12 3297280]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-10 08:58 1006264]
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"Acer Tour"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 13:38 206952]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 15:54 1286144]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"adiras"="adiras.exe" [2007-02-13 17:19 194128 C:\Windows\adiras.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-05 14:56 1836544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 18:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 18:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 18:07 133656]
"MSServer"="C:\Windows\system32\awtuuSKD.dll" [2008-04-26 17:39 37888]
C:\Users\stefflouis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 09:29:07 535336]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-05 14:56:13 126136]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 16:30:54 250368]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-30 12:10:00 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe
V Wizard"{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25219AE5-C395-490A-927D-5917C456B162}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2A8BDAB2-CCA2-4EAD-B514-1566D0075293}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe
VDivine"{D2F70D68-4805-47FA-A7D7-0E2158DCD507}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe
lay Movie"{48CC942B-80FF-4F0A-8CEE-7A06E3A73C68}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
lay Movie Resident Program"{29099390-6576-458F-AC53-AA1FEFA0ACC3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F25F50C-5082-4D38-AD39-5555218055B2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E36D1F50-E360-4FCA-8140-9D9E3CF7F5C5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTun
"{D218FBE7-9240-4484-943E-54BB2E3E467F}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{589EAC9C-0440-43D6-A83B-621264AAEA03}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{58E37EB5-3340-45A9-82AC-7F897CC75CF8}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{95004779-075B-4C34-BF38-3858A5B82652}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{117A3158-2A79-4CA9-ADB9-2B27391D4F8A}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{6B2F1DDC-9B86-432C-8A0E-DC8F7D19FF8A}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{E00C7E2E-9429-4615-8CA5-9DF01D37175E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C3C34D6E-C8C1-40B2-B6D1-782B0CA5B8E8}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{6EADD5BC-BCD9-49D7-9BDB-AE07F7B3B801}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"UDP Query User{8D3E953C-7D5B-4BC4-A6C5-3443B33F3EE1}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"{CC89ECBB-E179-490F-A52A-F067BFA767E9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C9AF7059-8AB4-4FEF-8B8B-18C08F5B9AF8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\0/u00.fcl [2006-11-02 16:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 12:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]
S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\Windows\system32\Drivers\adildr.sys [2007-02-07 17:50]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cf7823c-c08b-11dc-9ad3-9d1851bb1322}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 06:54:04
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-30 6:55:08
ComboFix-quarantined-files.txt 2008-04-30 04:54:55
Pre-Run: 30,321,979,392 octets libres
Post-Run: 30,558,552,064 octets libres
259 --- E O F --- 2008-04-24 16:23:29
Autres pages sur : win32 tratbho wndows vista avast
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Lassé par la pub ? Créez un compte
