Aller au contenu

Fantomas48

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    9

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Fantomas48

  1. Fantomas48
    ok MBAM s'est lancé, j'ai effectué la procedure, voici le rapport : Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2596 Windows 6.0.6002 Service Pack 2 11/08/2009 12:15:41 mbam-log-2009-08-11 (12-15-41).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 297781 Temps écoulé: 1 hour(s), 20 minute(s), 31 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\System32\ESQULzcounter (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\System32\ESQULlpibujvqjwsrdnckwxtmjvxwrplbxrsx.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\ESQULrxpbwhexpqeqofikdqvxpvhvfvujgdad.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  2. Fantomas48
    j'ai testé, plus de main.exoclick pour le moment... tu es vraiment un maître en la matière ! chapeau bas vraiment ! j'ai passé un BTS informatique ya 10 ans mais toi tu es 100 fois au dessus... bravo et merci encore (bon retablissement j'espère que c pas grave)
  3. Fantomas48
    desole pour l'attente, c'etait un peu long, voici le rapport (si tu veux aller dormir tu le dis on continuera demain) : ComboFix 09-08-10.01 - Fantomas 10/08/2009 23:17.1.4 - NTFSx86 Microsoft® Windows Vista™ Professionnel 6.0.6002.2.1252.33.1036.18.3070.2247 [GMT 2:00] Running from: c:\users\Fantomas\Desktop\Fantomas48.exe AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . ? c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ESQULserv.sys -------\Legacy_ESQULserv.sys -------\Service_ESQULserv.sys ((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 ))))))))))))))))))))))))))))))) . 2009-08-10 20:42 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-10 20:42 . 2009-08-10 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-10 20:42 . 2009-08-10 20:42 -------- d-----w- c:\progra~2\Malwarebytes 2009-08-10 20:42 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-10 20:10 . 2009-06-02 09:17 75776 ----a-w- c:\windows\system32\WS2Fix.exe 2009-08-10 20:10 . 2008-12-11 23:57 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe 2009-08-10 20:10 . 2008-11-29 16:58 82944 ----a-w- c:\windows\system32\IEDFix.C.exe 2009-08-10 20:10 . 2008-10-01 13:51 87552 ----a-w- c:\windows\system32\VACFix.exe 2009-08-10 20:10 . 2008-09-20 10:45 80384 ----a-w- c:\windows\system32\o4Patch.exe 2009-08-10 20:10 . 2008-08-18 10:19 82432 ----a-w- c:\windows\system32\404Fix.exe 2009-08-10 20:10 . 2008-05-18 19:40 82944 ----a-w- c:\windows\system32\IEDFix.exe 2009-08-10 20:10 . 2007-09-05 22:22 289144 ----a-w- c:\windows\system32\VCCLSID.exe 2009-08-10 20:10 . 2006-04-27 15:49 288417 ----a-w- c:\windows\system32\SrchSTS.exe 2009-08-10 20:10 . 2004-07-31 16:50 51200 ----a-w- c:\windows\system32\dumphive.exe 2009-08-10 20:10 . 2003-06-05 19:13 53248 ----a-w- c:\windows\system32\Process.exe 2009-08-09 19:38 . 2006-03-03 08:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll 2009-08-09 19:38 . 2009-08-09 19:44 -------- d-----w- c:\program files\AVS4YOU 2009-08-09 19:16 . 2009-08-09 19:16 -------- d-----w- c:\users\Fantomas\AppData\Local\Apple 2009-08-09 18:46 . 2009-08-09 18:46 -------- d-----w- c:\users\Fantomas\AppData\Local\Apple Computer 2009-08-09 13:53 . 2008-03-30 17:55 1213784 ----a-w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6\vsapi32.dll 2009-08-09 13:53 . 2006-11-22 15:48 91744 ----a-w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6\BPMNT.dll 2009-08-09 13:52 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-09 13:52 . 2007-12-24 15:37 138384 ----a-w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6\tmcomm.sys 2009-08-09 13:52 . 2006-07-07 14:29 1197584 ----a-w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6\ssapi32.dll 2009-08-09 13:52 . 2009-03-27 15:38 366344 ----a-w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6\tsc.exe 2009-08-09 13:51 . 2009-08-10 03:05 -------- d-----w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6 2009-08-09 13:51 . 2009-08-09 13:51 -------- d-----w- c:\windows\system32\HouseCall 6.6 2009-08-09 12:03 . 2009-08-10 20:16 4136 ----a-w- c:\windows\system32\tmp.reg 2009-08-09 10:49 . 2009-08-09 11:38 -------- d-----w- C:\ToolBar SD 2009-08-07 11:08 . 2009-08-07 11:08 -------- d-----w- c:\program files\Orange 2009-07-31 19:11 . 2009-07-31 19:11 -------- d-----w- c:\program files\CCleaner 2009-07-31 17:54 . 2009-07-31 17:54 43008 ----a-w- c:\windows\system32\ESQULlpibujvqjwsrdnckwxtmjvxwrplbxrsx.dll 2009-07-31 17:54 . 2009-07-31 17:54 12288 ----a-w- c:\windows\system32\ESQULrxpbwhexpqeqofikdqvxpvhvfvujgdad.dll 2009-07-27 15:34 . 2009-07-27 15:34 -------- d-----w- c:\program files\1C Publishing EU 2009-07-22 19:04 . 2009-07-22 19:04 -------- d-----w- c:\users\Fantomas\AppData\Roaming\teamspeak2 2009-07-22 18:56 . 2009-07-22 19:04 -------- d-----w- c:\program files\Teamspeak2_RC2 2009-07-17 11:41 . 2009-07-17 11:47 -------- d-----w- c:\progra~2\Google Updater 2009-07-17 11:41 . 2009-07-17 11:43 -------- d-----w- c:\program files\Google 2009-07-15 08:41 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-15 08:41 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll 2009-07-15 08:41 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-15 08:41 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-15 08:41 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-10 21:33 . 2009-03-14 16:29 81984 ----a-w- c:\windows\system32\bdod.bin 2009-08-10 21:21 . 2006-11-02 15:47 669328 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-10 21:21 . 2006-11-02 15:47 123350 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-10 20:21 . 2009-03-14 15:25 -------- d-----w- c:\users\Fantomas\AppData\Roaming\uTorrent 2009-08-10 17:49 . 2009-03-14 14:36 -------- d-----w- c:\program files\Steam 2009-08-09 19:44 . 2009-06-08 12:28 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-08-09 19:39 . 2009-06-08 12:29 -------- d-----w- c:\users\Fantomas\AppData\Roaming\AVS4YOU 2009-08-09 19:22 . 2009-03-14 20:02 -------- d-----w- c:\program files\Free Easy Burner 2009-08-07 11:08 . 2009-03-14 18:14 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-01 21:36 . 2009-05-19 17:54 -------- d-----w- c:\program files\Windows Live Safety Center 2009-08-01 13:49 . 2009-03-14 13:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-07-28 19:46 . 2009-06-11 11:42 -------- d-----w- c:\progra~2\Messenger Plus! 2009-07-21 21:52 . 2009-07-29 07:16 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 07:16 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 07:16 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 07:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-16 15:13 . 2009-06-11 10:59 -------- d-----w- c:\program files\Messenger Plus! Live 2009-07-15 11:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-07 11:12 . 2009-07-06 17:29 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-07 11:12 . 2009-03-29 20:27 22328 ----a-w- c:\users\Fantomas\AppData\Roaming\PnkBstrK.sys 2009-07-07 11:12 . 2009-03-29 20:27 22328 ----a-w- c:\users\Fantomas\AppData\Roaming\PnkBstrK.sys 2009-07-07 11:12 . 2009-03-29 20:27 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-07 11:12 . 2009-07-06 17:29 2337865 ----a-w- c:\windows\system32\pbsvc.exe 2009-07-07 10:55 . 2009-07-07 10:55 -------- d-----w- c:\program files\Ubisoft 2009-07-06 17:43 . 2009-06-02 15:43 -------- d-----w- c:\program files\Bonjour 2009-07-06 17:29 . 2009-03-29 20:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-07-06 17:17 . 2009-03-14 12:57 1356 ----a-w- c:\users\Fantomas\AppData\Local\d3d9caps.dat 2009-07-04 17:36 . 2009-03-29 12:14 -------- d-----w- c:\program files\THQ 2009-07-03 16:36 . 2009-03-14 14:47 -------- d-----w- c:\program files\Common Files\Steam 2009-07-03 11:23 . 2009-07-01 22:48 -------- d-----w- c:\program files\ASUS 2009-07-02 16:23 . 2009-03-14 13:07 409600 ----a-w- c:\windows\system32\wrap_oal.dll 2009-07-02 16:23 . 2009-03-14 13:07 114688 ----a-w- c:\windows\system32\OpenAL32.dll 2009-07-02 16:14 . 2009-07-02 16:14 -------- d-----w- c:\progra~2\ATI 2009-07-02 16:14 . 2009-07-01 22:56 -------- d-----w- c:\program files\ATI 2009-07-01 23:08 . 2009-03-14 18:14 -------- d-----w- c:\program files\Logitech 2009-07-01 23:08 . 2009-03-14 18:18 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-07-01 23:08 . 2009-03-14 18:18 -------- d-----w- c:\progra~2\Logitech 2009-07-01 23:02 . 2009-06-28 10:46 -------- d-----w- c:\program files\ATI Technologies 2009-07-01 22:56 . 2009-07-01 22:56 10134 ----a-r- c:\users\Fantomas\AppData\Roaming\Microsoft\Installer\{7113847B-EC8E-C244-66B0-C8C98A855525}\ARPPRODUCTICON.exe 2009-07-01 22:40 . 2009-04-25 15:47 -------- d-----w- c:\program files\Electronic Arts 2009-07-01 18:46 . 2009-06-02 15:41 -------- d-----w- c:\program files\Common Files\Apple 2009-06-27 11:48 . 2009-03-14 13:49 -------- d-----w- c:\program files\Bohemia Interactive 2009-06-20 15:47 . 2009-06-20 15:47 -------- d-----w- c:\progra~2\Ubisoft 2009-06-13 19:15 . 2009-06-13 19:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-06-11 11:14 . 2009-06-11 11:14 462672 ----a-w- C:\gen_announce_fr.exe 2009-06-10 14:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-06-10 14:32 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont 2009-06-07 20:57 . 2009-06-07 20:57 3674 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2009-05-30 13:01 . 2009-05-30 13:01 15360 ----a-r- c:\users\Fantomas\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe 2009-05-30 13:01 . 2009-05-30 13:01 11264 ----a-r- c:\users\Fantomas\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe 2009-05-16 04:01 . 2009-05-16 04:01 4933632 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2009-05-16 03:24 . 2009-05-16 03:24 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-05-16 03:24 . 2009-05-16 03:24 335872 ----a-w- c:\windows\system32\atieclxx.exe 2009-05-16 03:23 . 2009-05-16 03:23 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2009-05-16 03:22 . 2008-07-09 02:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2009-05-16 03:22 . 2008-07-09 02:09 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2009-05-16 03:22 . 2009-05-16 03:22 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2009-05-16 03:22 . 2009-05-16 03:22 11776 ----a-w- c:\windows\system32\atimuixx.dll 2009-05-16 03:22 . 2008-07-09 02:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2009-05-16 03:19 . 2009-05-16 03:19 2411008 ----a-w- c:\windows\system32\atidxx32.dll 2009-05-16 03:08 . 2009-02-04 04:43 3064832 ----a-w- c:\windows\system32\atiumdag.dll 2009-05-16 02:53 . 2009-02-04 04:22 2847744 ----a-w- c:\windows\system32\atiumdva.dll 2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\atimpc32.dll 2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\amdpcom32.dll 2009-05-16 02:41 . 2009-05-16 02:41 172032 ----a-w- c:\windows\system32\atiadlxx.dll 2009-05-16 02:40 . 2009-05-16 02:40 11376640 ----a-w- c:\windows\system32\atioglxx.dll 2009-05-16 02:27 . 2009-05-16 02:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalrt.dll 2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalcl.dll 2009-05-16 01:59 . 2009-05-16 01:59 3174400 ----a-w- c:\windows\system32\aticaldd.dll 2009-05-15 16:51 . 2009-05-15 16:50 143360 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 2009-05-15 16:51 . 2009-05-15 16:50 132096 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Live Search\Suppression-Live-Search.exe 2009-05-15 16:51 . 2009-05-15 16:50 125440 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 2009-05-15 16:51 . 2009-05-15 16:50 86576 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2009-05-15 16:51 . 2009-05-15 16:50 132672 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2009-05-15 16:51 . 2009-05-15 16:50 392728 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440] "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-04 368640] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] c:\users\Fantomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de notification Live Search.lnk - c:\users\Fantomas\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2009-5-15 143360] c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ D‚marrage d'Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-29 51984] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-3-20 91440] Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-29 111376] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "VistaSp2"=hex(b):3e,ab,2a,ac,d9,e9,c9,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2602240095-3596903612-1769238275-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{89015D21-7C52-4781-A321-0D77021F5125}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{916A7BEE-3646-49AE-A704-757A53E2053A}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{6CBFEE3C-381C-4A97-ADAB-2530DB2DDFD1}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent "UDP Query User{97E539F9-CA94-4668-8B80-B51B089F5695}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent "{FB1BFA9A-4601-4048-9709-84DD6FF6BDBF}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{3C02A66C-A714-4F37-979C-726C1BCCFEF5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{6B5B4285-758C-4A06-A8A9-9B25D23F0B74}c:\\program files\\steam\\steamapps\\le_magistrat_fantomas\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\le_magistrat_fantomas\day of defeat source\hl2.exe:hl2 "UDP Query User{6DD99E6D-7AB6-476E-93C2-55A41BEAB037}c:\\program files\\steam\\steamapps\\le_magistrat_fantomas\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\le_magistrat_fantomas\day of defeat source\hl2.exe:hl2 "TCP Query User{8C59172B-8D46-433D-BF14-48CE4E491388}c:\\program files\\steam\\steamapps\\common\\dawn of war 2\\dow2.exe"= UDP:c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe:DOW2 "UDP Query User{99E2DC76-75C5-4CFD-A49E-33C7C2DF23C2}c:\\program files\\steam\\steamapps\\common\\dawn of war 2\\dow2.exe"= TCP:c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe:DOW2 "TCP Query User{6E47D620-B3F0-4993-BBCC-C9CD2E0E0883}c:\\program files\\steam\\steamapps\\le_magistrat_fantomas\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\le_magistrat_fantomas\team fortress 2\hl2.exe:hl2 "UDP Query User{33410EC2-DD94-4DD5-A877-59118F3B80C6}c:\\program files\\steam\\steamapps\\le_magistrat_fantomas\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\le_magistrat_fantomas\team fortress 2\hl2.exe:hl2 "TCP Query User{6B5E6CB0-F5B7-4CE3-AAAA-6D84C081DB85}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH "UDP Query User{59F9B733-2429-4707-9576-5652F06A0F5B}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH "TCP Query User{214B13E5-CB2A-489F-B3E3-C9D5D6D9BC0E}c:\\windows.old\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\windows.old\program files\thq\company of heroes\reliccoh.exe:RelicCOH "UDP Query User{FDE042A2-B855-4AA5-B005-B75700758041}c:\\windows.old\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\windows.old\program files\thq\company of heroes\reliccoh.exe:RelicCOH "TCP Query User{F1A71128-C59B-4702-B03F-274830AAE1DB}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger "UDP Query User{8BFBC50E-8E76-4895-A631-F3F2696736AD}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger "TCP Query User{9F5DAEB3-A5F9-4CC1-99AB-17B1095B253F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{5EE28751-36A0-45F2-A6EB-FD40FF39A57E}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{4989E143-DD60-47A6-8A2B-5DCCD3C6EB2D}c:\\jeux\\warcraft iii(2)\\war3.exe"= UDP:c:\jeux\warcraft iii(2)\war3.exe:Warcraft III "UDP Query User{B93F5BCC-3555-4D7D-A05C-4093AD104CC2}c:\\jeux\\warcraft iii(2)\\war3.exe"= TCP:c:\jeux\warcraft iii(2)\war3.exe:Warcraft III "{280DA56A-0D92-44D8-9E39-0A93F615587A}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{BE035408-8687-4B3D-82E8-B0CDDA11BFE1}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{5969F6E8-3565-4059-8266-37D52A8464A2}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{DDA0C85D-F1DE-4189-A657-C138312D9BD3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "TCP Query User{14C3ABCA-B98B-4DCE-8F3F-BC708B0447AB}c:\\jeux\\warcraft iii(2)\\war3.exe"= UDP:c:\jeux\warcraft iii(2)\war3.exe:Warcraft III "UDP Query User{1D89B64F-BB2D-45B8-8F77-BB56BFEC4991}c:\\jeux\\warcraft iii(2)\\war3.exe"= TCP:c:\jeux\warcraft iii(2)\war3.exe:Warcraft III "TCP Query User{2FB4A138-56B3-419B-B188-884A2C1E66FF}c:\\program files\\bohemia interactive\\arma\\arma.exe"= UDP:c:\program files\bohemia interactive\arma\arma.exe:ArmA "UDP Query User{23502E66-EF8B-46CA-A0E1-B7462F81F6EF}c:\\program files\\bohemia interactive\\arma\\arma.exe"= TCP:c:\program files\bohemia interactive\arma\arma.exe:ArmA "TCP Query User{C52FB5D8-8C36-464B-9A09-2AC07E83F459}c:\\program files\\steam\\steamapps\\common\\dawn of war 2\\dow2.exe"= UDP:c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe:DOW2 "UDP Query User{2011D528-832E-42EA-945F-55E6E12CE1DD}c:\\program files\\steam\\steamapps\\common\\dawn of war 2\\dow2.exe"= TCP:c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe:DOW2 "TCP Query User{8220BE4E-0C14-430F-871F-03631D8E2A2F}c:\\program files\\bohemia interactive\\arma\\arma.exe"= UDP:c:\program files\bohemia interactive\arma\arma.exe:ArmA "UDP Query User{F140E639-21E9-43B8-BC01-3287D0E927D8}c:\\program files\\bohemia interactive\\arma\\arma.exe"= TCP:c:\program files\bohemia interactive\arma\arma.exe:ArmA "{ED8D254B-16AF-4A0F-8D81-8A57836C7A63}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{8FE11DFE-5D58-4C6F-9F3D-D3438CF55E9C}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{940C2564-8BF1-4333-B88F-5E7DE3491B58}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{E0D467F2-A3AF-4E46-94BD-BE8A33A625BE}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{FEBB46A0-E372-41DC-836F-B9A1ACC7ABBC}c:\\program files\\thq\\company of heroes\\relicdownloader\\relicdownloader.exe"= UDP:c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager "UDP Query User{ECE3055E-52A7-4BAF-9D59-839CA8424C8E}c:\\program files\\thq\\company of heroes\\relicdownloader\\relicdownloader.exe"= TCP:c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager "{6643E6CD-E957-4DFF-B4B8-55BCCFB26613}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{8D3FC7DF-43AC-4CE5-90AC-EE81A0C94AE6}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{0389518C-39EF-4887-9523-E72EAC512E72}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes "{1B310561-9EC1-4972-80C5-A48DFE8E683D}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes "{848BA1A1-2EB2-4D45-B90A-B459441029E8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{F159CE49-7F3A-49F1-874A-5C0730EB0310}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{CD4A7B12-457E-44CD-BFCD-51856DBF1289}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{98A3AA6C-C36E-46FF-B66E-92A7D2B8BF33}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{2A1A5F6E-F4B9-4CAF-BB08-4888DC1DF102}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade "UDP Query User{C2284A10-8ABF-4000-AA3A-6A1337F890F9}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade "TCP Query User{F29A7DD1-81F6-490E-9DBA-D6361ED42F19}c:\\jeux\\dow\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\jeux\dow\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade "UDP Query User{2BC8A1D1-05AD-478B-86B8-B6734F1C2802}c:\\jeux\\dow\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\jeux\dow\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade "{375C0A21-C89D-4689-83C0-856BAB73EA21}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{B82440B4-AAEA-49FE-9C4C-84A5DCED087F}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{60EA919B-269A-4A3F-8EB4-A7165481DA2B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{EBB76CA1-E21A-4C9D-950C-D72ACD626154}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{54BC8A1C-2ED2-4541-9E95-B9C2635F550E}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{12603F4B-5543-49F6-AB87-4DFC9CD872C0}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{EBC52A0B-136D-4E61-ADED-DC4F5E19F9B7}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{92D51146-2928-42B7-A602-F5F9B3094DE3}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "TCP Query User{C1000937-2D93-46D3-97C8-03A7373D07C3}c:\\jeux\\battlestations pacific\\bsp.exe"= UDP:c:\jeux\battlestations pacific\bsp.exe:Battlestations: Pacific "UDP Query User{5B5D2DC6-56B6-4CA8-9C3E-8257F584DE03}c:\\jeux\\battlestations pacific\\bsp.exe"= TCP:c:\jeux\battlestations pacific\bsp.exe:Battlestations: Pacific "TCP Query User{B61EC39B-F7B8-411D-968B-E2A3D1AC517F}c:\\jeux\\battlestations pacific\\bsp.exe"= UDP:c:\jeux\battlestations pacific\bsp.exe:Battlestations: Pacific "UDP Query User{98769534-5ABF-4E7E-92C2-198A90D27A90}c:\\jeux\\battlestations pacific\\bsp.exe"= TCP:c:\jeux\battlestations pacific\bsp.exe:Battlestations: Pacific "{E9590A10-198A-4A5C-AF1D-32D14FFFCDDB}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{3B8D833D-55C1-4539-8093-F17EFCF3738B}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{7EBD9BA9-6871-46EA-BC42-50AA938575B6}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{A1D48E15-D53D-4196-BC48-405E054647DD}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{956C9B60-77CE-4DA7-81F5-A2BB18206368}"= UDP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader "{91224BDD-D1EF-4FC9-980B-0F8F0B2BA8B7}"= TCP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader "{0B25D5E9-A9E2-4E44-BB5A-E283607DD436}"= UDP:c:\program files\Logitech\Logitech Vid\Vid.exe:Logitech Vid "{83DD1085-E6DA-4F2F-B5B8-970DBB986B8F}"= TCP:c:\program files\Logitech\Logitech Vid\Vid.exe:Logitech Vid "TCP Query User{7A055DBE-85B7-45EC-9844-FD8BE3F373F9}c:\\jeux\\men of war\\mow.exe"= UDP:c:\jeux\men of war\mow.exe:Main executable "UDP Query User{FAB881EA-BB4C-4644-A844-728AC2473878}c:\\jeux\\men of war\\mow.exe"= TCP:c:\jeux\men of war\mow.exe:Main executable "TCP Query User{BB08B4D8-9447-4D1E-B8E6-B7A106EA9261}g:\\lecteur d\\jeux\\sierra-console\\hl.exe"= UDP:g:\lecteur d\jeux\sierra-console\hl.exe:Half-Life Launcher "UDP Query User{04819468-1B57-4848-A8CD-1C22828CB585}g:\\lecteur d\\jeux\\sierra-console\\hl.exe"= TCP:g:\lecteur d\jeux\sierra-console\hl.exe:Half-Life Launcher "{7EA3376C-7D0E-43E9-9890-71190976EFBE}"= UDP:c:\program files\Logitech\Logitech Vid\Vid.exe:Logitech Vid "{38BD8FB0-491C-40A4-8BBC-9AACAE3BCF8A}"= TCP:c:\program files\Logitech\Logitech Vid\Vid.exe:Logitech Vid [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 1 (0x1) R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [11/07/2006 09:30 42392] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16/05/2009 05:23 176128] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [24/04/2009 07:43 95544] S2 gupdate1ca06d3a2757ada;Service Google Update (gupdate1ca06d3a2757ada);c:\program files\Google\Update\GoogleUpdate.exe [17/07/2009 13:42 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bdx REG_MULTI_SZ scan [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\users\Fantomas\AppData\Roaming\Mozilla\Firefox\Profiles\ic819m17.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - www.gmx.fr FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-10 23:30 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\audiodg.exe c:\windows\System32\WUDFHost.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\System32\PnkBstrA.exe c:\windows\System32\PnkBstrB.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2008\vsserv.exe c:\windows\System32\atieclxx.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\conime.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\users\Fantomas\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2009-08-10 23:34 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-10 21:34 Pre-Run: 366 536 323 072 octets libres Post-Run: 366 332 674 048 octets libres 327 --- E O F --- 2009-07-31 01:00
  4. Fantomas48
    ok merci, voila le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:53:15, on 10/08/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\Logitech\Logitech Vid\Vid.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Users\Fantomas\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe C:\Users\Fantomas\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Fantomas\Desktop\KARCHER-HJ.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Fantomas\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O13 - Gopher Prefix: O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service Google Update (gupdate1ca06d3a2757ada) (gupdate1ca06d3a2757ada) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8339 bytes
  5. Fantomas48
    ce fichu MBAM ne se lance pas ! "arret du programme au lancement"
  6. Fantomas48
    ben je l'ai fait et refait, voila ce que ça met : SmitFraudFix v2.423 Scan done at 22:11:05,96, 10/08/2009 Run from C:\Users\Fantomas\Downloads\SmitfraudFix OS: Microsoft Windows [version 6.0.6002] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2 DNS Server Search Order: 192.168.1.1 DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: DhcpNameServer=192.168.1.1 192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2 DNS Server Search Order: 192.168.1.1 DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: DhcpNameServer=192.168.1.1 192.168.1.1
  7. Fantomas48
    merci Apollo, nouveau sujet crée : main.exoclick merci pour ta disponibilité
  8. Fantomas48
    pour Apollo : rapport de Smitfraudfix apres option 5 : SmitFraudFix v2.423 Scan done at 13:28:55,86, 10/08/2009 Run from C:\Users\Fantomas\Downloads\SmitfraudFix OS: Microsoft Windows [version 6.0.6002] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2 DNS Server Search Order: 85.255.112.148 DNS Server Search Order: 85.255.112.108 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7654D83-7650-4BA1-898A-B9E16D2F3865}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: DhcpNameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7654D83-7650-4BA1-898A-B9E16D2F3865}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: DhcpNameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS2\Services\Tcpip\..\{A7654D83-7650-4BA1-898A-B9E16D2F3865}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: DhcpNameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.112.148,85.255.112.108 »»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
  9. Fantomas48
    Bonjour, j'ai suivi votre conversation car j'ai le même problème de main.exoclick. moi je m'en suis arreté à " Si MBAM ne se lançait pas, on y reviendrait plus tard pour vérifier et le mettre à jour et on utiliserait ceci: Télécharge SmitfraudFix sur ton bureau. • •Double-clique sur smitfraudfix.exe Sous Vista --> clic droit Exécuter en temps qu'administrateur. •Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection. •Poste le rapport sur le forum dans ta prochaine réponse. Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus." effectivement MBAM ne se lance pas, donc je l'ai téléchargé et executé SmitfraudFix et voici le rapport : (merci de m'indiquer ensuite la procédure à faire) SmitFraudFix v2.423 Scan done at 14:03:21,55, 09/08/2009 Run from C:\Program Files\Mozilla Firefox\SmitfraudFix OS: Microsoft Windows [version 6.0.6002] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\System32\svchost.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\atieclxx.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\svchost.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Windows\System32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\Logitech\Logitech Vid\Vid.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Fantomas\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Users\Fantomas\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\taskeng.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\eMule\emule.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Fantomas »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Fantomas\AppData\Local\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Fantomas\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Fantomas\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, following keys are not inevitably infected!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» RK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» DNS Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2 DNS Server Search Order: 85.255.112.148 DNS Server Search Order: 85.255.112.108 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7654D83-7650-4BA1-898A-B9E16D2F3865}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: DhcpNameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7654D83-7650-4BA1-898A-B9E16D2F3865}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: DhcpNameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3A601A04-A036-4E1E-8B43-439847684086}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS2\Services\Tcpip\..\{A7654D83-7650-4BA1-898A-B9E16D2F3865}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: DhcpNameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBF0E3B9-5829-4E2F-AB69-2B0E2EB68277}: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.148,85.255.112.108 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.112.148,85.255.112.108 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
×
×
  • Créer...