Sujet Précédent Sujet Suivant

Pubs qui s'ouvrent toutes seules...

Fermé
crevette - 3 mars 2008 à 13:24
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 3 mars 2008 à 13:57
Bonjour,

je viens de lire une partie des questions posées à propos de ces poubs plutot casse pied qui s'ouvrent toutes seules.
J'ai donc lancé comme décrit "combofix" et voici le compte rendu.

que dois-je faire après?

ComboFix 08-03-03.6 - Carole Brugger 2008-03-03 13:11:51.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1125 [GMT 1:00]
Endroit: C:\Users\Carole Brugger\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Conditions générales.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Confidentialité.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Website.lnk
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Conditions générales.url
C:\Program Files\webmediaplayer\Confidentialité.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\Website.url
C:\ProgramData\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\CnsMin.zip
c:\Users\Carole Brugger\AppData\Local\xtiupf.dat
c:\users\carole brugger\appdata\local\xtiupf.exe
C:\Users\Carole Brugger\AppData\Local\xtiupf_nav.dat
c:\Users\Carole Brugger\AppData\Local\xtiupf_navps.dat
C:\Windows\system32\nvs2.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 12:11 2,621,440 --sha-w C:\Users\Stéphane\NTUSER.DAT
2008-03-03 12:11 2,621,440 --sha-w C:\Users\Stéphane\NTUSER.DAT
2008-03-03 11:59 --------- dc----w C:\Users\Carole Brugger\AppData\Roaming\BitTorrent
2008-03-03 08:22 --------- dc----w C:\Program Files\Navilog1
2008-02-29 12:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 12:23 --------- dc----w C:\PROGRA~2\WLInstaller
2008-02-27 09:35 --------- dc----w C:\Program Files\iTunes
2008-02-27 09:34 --------- dc----w C:\Program Files\iPod
2008-02-27 09:32 --------- dc----w C:\Program Files\QuickTime
2008-02-16 13:43 28,190 -c--a-w C:\Users\Carole Brugger\AppData\Roaming\nvModes.dat
2008-02-16 11:21 --------- dc----w C:\Program Files\Common Files\Adobe
2008-02-14 09:52 --------- dc----w C:\Users\Carole Brugger\AppData\Roaming\U3
2008-02-14 08:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 08:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 08:47 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 08:47 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 08:47 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 08:47 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-14 08:47 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 08:47 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 08:47 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 08:47 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 08:46 --------- dc----w C:\PROGRA~2\Microsoft Help
2008-02-14 08:45 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 08:45 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 08:45 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 08:45 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 08:45 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 08:44 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 08:44 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 08:44 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 08:44 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 08:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 08:44 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 08:39 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 08:39 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 08:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 08:39 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 10:21 --------- dc----w C:\Program Files\Digital Photo Navigator 1.5
2008-02-04 18:34 --------- dc----w C:\Program Files\Messenger Plus! Live
2008-02-01 17:10 --------- dc----w C:\Program Files\MediaInfo
2008-02-01 16:40 --------- dc----w C:\Program Files\coolpro2
2008-01-29 20:02 --------- dc----w C:\Program Files\Wanadoo
2008-01-28 20:56 --------- dc----w C:\Users\Stéphane\AppData\Roaming\Real
2008-01-25 18:44 --------- dc----w C:\Program Files\Common Files\xing shared
2008-01-25 18:44 --------- dc----w C:\Program Files\Common Files\Real
2008-01-25 18:43 --------- dc----w C:\Program Files\Real
2008-01-25 11:31 --------- dc----w C:\Users\Stéphane\AppData\Roaming\Adobe
2008-01-20 20:15 --------- dc----w C:\Program Files\Neuf
2008-01-16 15:23 --------- dc----w C:\Program Files\DisplayFusion
2008-01-14 22:26 --------- dc----w C:\Program Files\PDFCreator
2008-01-14 22:25 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_8401.exe
2008-01-14 22:25 --------- dc----w C:\Program Files\PDFCreator Toolbar
2008-01-13 18:50 --------- dc----w C:\PROGRA~2\4D
2008-01-11 14:04 --------- dc----w C:\Users\Carole Brugger\AppData\Roaming\AdobeAUM
2008-01-11 13:58 --------- dc----w C:\Program Files\Windows Mail
2008-01-10 05:50 1,244,672 -c--a-w C:\Windows\System32\mcmde.dll
2008-01-09 07:49 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 07:49 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 07:49 --------- dc----w C:\Program Files\Windows Sidebar
2008-01-09 07:48 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-03 17:59 27,620 -c--a-w C:\Users\Stéphane\AppData\Roaming\nvModes.dat
2007-12-13 08:54 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 08:54 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 08:54 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-11 18:53 442,368 ----a-w C:\Windows\System32\vp6vfw.dll
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-09-09 19:00 174 --sha-w C:\Program Files\desktop.ini
2007-09-06 21:02 99,648 -c--a-w C:\Users\Carole Brugger\AppData\Roaming\GDIPFONTCACHEV1.DAT
2004-08-09 22:30 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-23 14:47 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 16:57 1025264]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-12 14:09 167368]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-11-21 03:12 3297280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-24 08:39 1006264]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\Windows\System32\HdAShCut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-10-16 18:07 24576]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 13:35 176128]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 04:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 04:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 04:28 81920]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-11 09:00 1840128]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-25 19:43 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-01-14 23:24:50 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\system32\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\MSN Messenger\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\MSN Messenger\msncall.exe"= C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\Program Files\MSN Messenger\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\msncall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"%windir%\Network Diagnostic\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\Network Diagnostic\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\Program Files\MSN Messenger\msnmsgr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Messenger\msmsgs.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\Program Files\Messenger\msmsgs.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\Program Files\LimeWire\LimeWire.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"C:\Program Files\LimeWire\LimeWire.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"C:\Program Files\iTunes\iTunes.exe-UDP-Standard"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\Program Files\iTunes\iTunes.exe-TCP-Standard"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"%windir%\Network Diagnostic\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\Network Diagnostic\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"{29D42303-2243-42CA-B76B-D376840EC3B2}"= UDP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{D83E22D0-DF05-455A-B132-2C2CE16E64C6}"= TCP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{820F3776-ED34-4890-BBAE-F44436CFCBFE}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"{0EDCBF87-1CE8-4F3D-BFF5-C8978B30AA75}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"TCP Query User{57AAFD14-34AB-42CA-BB59-0FC8AEDD7C97}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"UDP Query User{AFBC3F96-4EAE-437E-B559-94FC5D1D8920}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"TCP Query User{E25F3595-E737-48D1-84EB-DF6B390D28B7}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"UDP Query User{51E71A72-A692-485F-9A28-83DC882CB59C}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"TCP Query User{C2EEEECA-248A-4596-A82D-0456A010988F}C:\program files\bittornado\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui|Desc=btdownloadgui
"UDP Query User{CEC79EC7-10D4-4594-9CF0-2D568A5BEA6D}C:\program files\bittornado\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui|Desc=btdownloadgui
"TCP Query User{B9F937AE-653B-4DEC-A9B4-D03F1A57FF57}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{3548A2FF-8100-4C16-B56D-DE3001FF0E08}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{033A87D1-FF1E-4365-9988-D7005F51CFED}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"UDP Query User{C9804A2C-B002-464D-8731-85DEF18C4055}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"{AFC296AB-5B6E-4D84-AE3D-260B10AE636A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{09F3DA93-5ECA-420D-BF0E-55E43C0111C4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{78B4CF7B-CCDA-4D2C-8F17-B74B877BDF3F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{163A78E5-933B-4AE5-BA14-27652F9D5480}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0DF78E17-C376-4CD4-A70B-333E2CB99929}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{330F3CCB-0E5D-4037-9943-A42D030BE252}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"UDP Query User{6ED25178-6A23-4D13-9B8E-95712496A339}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"{AB15B6B4-D225-479B-854E-5E5A01C4425F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{6080BAEB-0CD4-4B11-A7F1-8668B9EC24ED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{2A947A07-9849-4725-B586-BD18F2E5A891}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{095DF4BE-27F3-4F55-A5A3-9A2B66464423}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{582F993C-65F4-499F-A5EC-85FE4F5F9F4A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{C29440A2-9FCE-4A06-96CE-E3E276F0CF60}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{06898437-90EB-4593-A5D4-9CCF26018439}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{4416AC6E-1F50-4A33-A49D-09EEDB92BA13}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{5E4A818A-5D0F-448E-9CD1-6DAC68BC3AB4}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{201F1F75-0ADA-4B27-BFC6-845C8F598B8A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{5B3AD517-D2B6-417B-8ECA-E4726B92991C}"= UDP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{3EDF9655-6A7B-40B8-BA3E-AEFAC0DB1E43}"= TCP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"TCP Query User{A630269C-34B6-4826-B25C-E333C16378B7}C:\program files\neuf\media center\httpd\httpd.exe"= UDP:C:\program files\neuf\media center\httpd\httpd.exe:Apache HTTP Server|Desc=Apache HTTP Server
"UDP Query User{AE6831F1-ACE9-42B8-A36E-B3B122D1E2BF}C:\program files\neuf\media center\httpd\httpd.exe"= TCP:C:\program files\neuf\media center\httpd\httpd.exe:Apache HTTP Server|Desc=Apache HTTP Server
"{55F27A4B-467C-4E95-A9E9-0B93832FC5E4}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{50FA38F1-A764-47F3-8BF8-E74D20DFD084}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{10A6D431-D544-4694-B5CB-E7A71F3D17AE}C:\users\carole brugger\desktop\upgradest.exe"= UDP:C:\users\carole brugger\desktop\upgradest.exe:upgradest.exe|Desc=upgradest.exe
"UDP Query User{75790875-9FCD-4856-8210-7A9F5E120523}C:\users\carole brugger\desktop\upgradest.exe"= TCP:C:\users\carole brugger\desktop\upgradest.exe:upgradest.exe|Desc=upgradest.exe
"TCP Query User{8FEDD60B-1BC8-4C4E-BF58-DA46E4E9CA24}C:\program files\real\realplayer\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
"UDP Query User{70D0696E-E33F-471F-A88C-DE6DB5EA9307}C:\program files\real\realplayer\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
"{5CDD4AD8-6F95-4294-8A9D-19C701939D94}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2958B382-37B7-4683-8C51-3B62FA8CD345}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F17586EB-6181-413C-A0B7-60E896F9BD3B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\system32\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\iTunes\iTunes.exe"= C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\Program Files\LimeWire\LimeWire.exe"= C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Messenger\msmsgs.exe"= C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\Program Files\MSN Messenger\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\MSN Messenger\msncall.exe"= C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\Yahoo!\Messenger\YPager.exe"= C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe"= C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbccoms.exe [2007-03-16 00:24]
R3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]
R3 RTL8169;Pilote Realtek 8169 NT;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 08:30]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-11 09:00]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_MULTI_SZ WUDFSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bea2bc5-aa44-11dc-ad73-00030d5024ea}]
\shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2383a3b7-a8b2-11dc-9ceb-00030d5024ea}]
\shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8464b54a-a956-11dc-a256-00030d5024ea}]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcc970df-dad6-11dc-881d-00030d5024ea}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 13:17:00
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
.
Temps d'accomplissement: 2008-03-03 13:18:37
ComboFix-quarantined-files.txt 2008-03-03 12:18:32
.
2008-02-29 12:30:53 --- E O F ---

2 réponses

Réponse 1 / 2
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
3 mars 2008 à 13:31
bonjour creuvette,

qui t´as dit ou est ce que tu as lu qu´il falait utiliser combofix?!
c´est un outil dangereux!
web media player a ete supprimé...
tu as d´autres soucis?
@+
1
crevette
3 mars 2008 à 13:47
oups... je savais pas que c'était dangereux!!! je l'ai lu dans une des réponses d'une question type "publicités qui s'ouvrent toutes seules", je sais plus lequel... J'espère que j'ai rien abimé... qu'est ce" que je risque? est ce qu'il faut que je le vire?
sinon, apparement, plus de pubs de casino en vue... pourvu que ça dure

Merci beaucoups en tout cas
0
Réponse 2 / 2
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
3 mars 2008 à 13:57
Re,

non tu n´as rien du abimer, puis c´que tu es la a m´ecrire ;-)

ne le supprime pas encore

post un rapport hijack this stp

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

@+
0

Discussions similaires

Virus Android page internet qui s'ouvre
Maxibaer -
Gars sympa -

3 réponses
Publicité s'ouvre toute seule ! ?
RRD91 -
crisgoss -

51 réponses
Acteur pub Skoda
Dj1900 -
Claudie -

15 réponses
Applications qui s'installent toute seule
KiwiPimpernel -
Toto -

7 réponses
pirate+souris qui bouge tout seule
math -
mon ordi piraté -

18 réponses