[split] Main.exoclick

[Apollo]

Rien de révélé dans Hijackthis.

 

On va utiliser le missile.

 

ComboFix ne doit pas être utilisé comme un outil de diagnostic, il ne doit être employé que sur demande expresse d'un conseiller formé à cet outil et sous son contrôle. Cet outil peut être dangereux!

 

Désactiver les protections (antivirus, firewall, antispyware).

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

TUTO Officiel

 

Fais un clic droit ICI

• Dans le menu qui se déroule, choisis "Enregistrer la cible du lien sous" (si tu utilises Firefox) et "Enregistrer la cible sous" (si tu utilises Internet Explorer)
  
• Une fenêtre va s'ouvrir: dans le champs Nom du fichier (en bas ), tape ceci > Fantomas48
  
• On va enregistrer ce fichier sur le Bureau: pour cela, sur le panneau de gauche, clique sur le Bureau.
   
  
• Clique enfin sur le bouton Enregistrer en bas de page à droite.
  
• Assure toi que tous les programmes sont fermés avant de lancer le fix!
  
• Fait un double clique sur Fantomas48.exe.
  
• Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepte!
  
• Clique sur Oui au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sure: accepte!
  
• Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  
• Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

 

@++

[Fantomas48]

desole pour l'attente, c'etait un peu long, voici le rapport (si tu veux aller dormir tu le dis on continuera demain) :

 

ComboFix 09-08-10.01 - Fantomas 10/08/2009 23:17.1.4 - NTFSx86

Microsoft® Windows Vista™ Professionnel 6.0.6002.2.1252.33.1036.18.3070.2247 [GMT 2:00]

Running from: c:\users\Fantomas\Desktop\Fantomas48.exe

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

?

c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_ESQULserv.sys

-------\Legacy_ESQULserv.sys

-------\Service_ESQULserv.sys

 

 

((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))

.

 

2009-08-10 20:42 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-10 20:42 . 2009-08-10 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-10 20:42 . 2009-08-10 20:42 -------- d-----w- c:\progra~2\Malwarebytes

2009-08-10 20:42 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-10 20:10 . 2009-06-02 09:17 75776 ----a-w- c:\windows\system32\WS2Fix.exe

2009-08-10 20:10 . 2008-12-11 23:57 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe

2009-08-10 20:10 . 2008-11-29 16:58 82944 ----a-w- c:\windows\system32\IEDFix.C.exe

2009-08-10 20:10 . 2008-10-01 13:51 87552 ----a-w- c:\windows\system32\VACFix.exe

2009-08-10 20:10 . 2008-09-20 10:45 80384 ----a-w- c:\windows\system32\o4Patch.exe

2009-08-10 20:10 . 2008-08-18 10:19 82432 ----a-w- c:\windows\system32\404Fix.exe

2009-08-10 20:10 . 2008-05-18 19:40 82944 ----a-w- c:\windows\system32\IEDFix.exe

2009-08-10 20:10 . 2007-09-05 22:22 289144 ----a-w- c:\windows\system32\VCCLSID.exe

2009-08-10 20:10 . 2006-04-27 15:49 288417 ----a-w- c:\windows\system32\SrchSTS.exe

2009-08-10 20:10 . 2004-07-31 16:50 51200 ----a-w- c:\windows\system32\dumphive.exe

2009-08-10 20:10 . 2003-06-05 19:13 53248 ----a-w- c:\windows\system32\Process.exe

2009-08-09 19:38 . 2006-03-03 08:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll

2009-08-09 19:38 . 2009-08-09 19:44 -------- d-----w- c:\program files\AVS4YOU

2009-08-09 19:16 . 2009-08-09 19:16 -------- d-----w- c:\users\Fantomas\AppData\Local\Apple

2009-08-09 18:46 . 2009-08-09 18:46 -------- d-----w- c:\users\Fantomas\AppData\Local\Apple Computer

2009-08-09 13:53 . 2008-03-30 17:55 1213784 ----a-w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6\vsapi32.dll

2009-08-09 13:53 . 2006-11-22 15:48 91744 ----a-w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6\BPMNT.dll

2009-08-09 13:52 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-08-09 13:52 . 2007-12-24 15:37 138384 ----a-w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6\tmcomm.sys

2009-08-09 13:52 . 2006-07-07 14:29 1197584 ----a-w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6\ssapi32.dll

2009-08-09 13:52 . 2009-03-27 15:38 366344 ----a-w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6\tsc.exe

2009-08-09 13:51 . 2009-08-10 03:05 -------- d-----w- c:\users\Fantomas\AppData\Roaming\HouseCall 6.6

2009-08-09 13:51 . 2009-08-09 13:51 -------- d-----w- c:\windows\system32\HouseCall 6.6

2009-08-09 12:03 . 2009-08-10 20:16 4136 ----a-w- c:\windows\system32\tmp.reg

2009-08-09 10:49 . 2009-08-09 11:38 -------- d-----w- C:\ToolBar SD

2009-08-07 11:08 . 2009-08-07 11:08 -------- d-----w- c:\program files\Orange

2009-07-31 19:11 . 2009-07-31 19:11 -------- d-----w- c:\program files\CCleaner

2009-07-31 17:54 . 2009-07-31 17:54 43008 ----a-w- c:\windows\system32\ESQULlpibujvqjwsrdnckwxtmjvxwrplbxrsx.dll

2009-07-31 17:54 . 2009-07-31 17:54 12288 ----a-w- c:\windows\system32\ESQULrxpbwhexpqeqofikdqvxpvhvfvujgdad.dll

2009-07-27 15:34 . 2009-07-27 15:34 -------- d-----w- c:\program files\1C Publishing EU

2009-07-22 19:04 . 2009-07-22 19:04 -------- d-----w- c:\users\Fantomas\AppData\Roaming\teamspeak2

2009-07-22 18:56 . 2009-07-22 19:04 -------- d-----w- c:\program files\Teamspeak2_RC2

2009-07-17 11:41 . 2009-07-17 11:47 -------- d-----w- c:\progra~2\Google Updater

2009-07-17 11:41 . 2009-07-17 11:43 -------- d-----w- c:\program files\Google

2009-07-15 08:41 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-07-15 08:41 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll

2009-07-15 08:41 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-07-15 08:41 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-07-15 08:41 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-10 21:33 . 2009-03-14 16:29 81984 ----a-w- c:\windows\system32\bdod.bin

2009-08-10 21:21 . 2006-11-02 15:47 669328 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-10 21:21 . 2006-11-02 15:47 123350 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-10 20:21 . 2009-03-14 15:25 -------- d-----w- c:\users\Fantomas\AppData\Roaming\uTorrent

2009-08-10 17:49 . 2009-03-14 14:36 -------- d-----w- c:\program files\Steam

2009-08-09 19:44 . 2009-06-08 12:28 -------- d-----w- c:\program files\Common Files\AVSMedia

2009-08-09 19:39 . 2009-06-08 12:29 -------- d-----w- c:\users\Fantomas\AppData\Roaming\AVS4YOU

2009-08-09 19:22 . 2009-03-14 20:02 -------- d-----w- c:\program files\Free Easy Burner

2009-08-07 11:08 . 2009-03-14 18:14 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-01 21:36 . 2009-05-19 17:54 -------- d-----w- c:\program files\Windows Live Safety Center

2009-08-01 13:49 . 2009-03-14 13:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-07-28 19:46 . 2009-06-11 11:42 -------- d-----w- c:\progra~2\Messenger Plus!

2009-07-21 21:52 . 2009-07-29 07:16 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 07:16 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 07:16 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 07:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-16 15:13 . 2009-06-11 10:59 -------- d-----w- c:\program files\Messenger Plus! Live

2009-07-15 11:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-07-07 11:12 . 2009-07-06 17:29 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-07-07 11:12 . 2009-03-29 20:27 22328 ----a-w- c:\users\Fantomas\AppData\Roaming\PnkBstrK.sys

2009-07-07 11:12 . 2009-03-29 20:27 22328 ----a-w- c:\users\Fantomas\AppData\Roaming\PnkBstrK.sys

2009-07-07 11:12 . 2009-03-29 20:27 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-07-07 11:12 . 2009-07-06 17:29 2337865 ----a-w- c:\windows\system32\pbsvc.exe

2009-07-07 10:55 . 2009-07-07 10:55 -------- d-----w- c:\program files\Ubisoft

2009-07-06 17:43 . 2009-06-02 15:43 -------- d-----w- c:\program files\Bonjour

2009-07-06 17:29 . 2009-03-29 20:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-07-06 17:17 . 2009-03-14 12:57 1356 ----a-w- c:\users\Fantomas\AppData\Local\d3d9caps.dat

2009-07-04 17:36 . 2009-03-29 12:14 -------- d-----w- c:\program files\THQ

2009-07-03 16:36 . 2009-03-14 14:47 -------- d-----w- c:\program files\Common Files\Steam

2009-07-03 11:23 . 2009-07-01 22:48 -------- d-----w- c:\program files\ASUS

2009-07-02 16:23 . 2009-03-14 13:07 409600 ----a-w- c:\windows\system32\wrap_oal.dll

2009-07-02 16:23 . 2009-03-14 13:07 114688 ----a-w- c:\windows\system32\OpenAL32.dll

2009-07-02 16:14 . 2009-07-02 16:14 -------- d-----w- c:\progra~2\ATI

2009-07-02 16:14 . 2009-07-01 22:56 -------- d-----w- c:\program files\ATI

2009-07-01 23:08 . 2009-03-14 18:14 -------- d-----w- c:\program files\Logitech

2009-07-01 23:08 . 2009-03-14 18:18 -------- d-----w- c:\program files\Common Files\LogiShrd

2009-07-01 23:08 . 2009-03-14 18:18 -------- d-----w- c:\progra~2\Logitech

2009-07-01 23:02 . 2009-06-28 10:46 -------- d-----w- c:\program files\ATI Technologies

2009-07-01 22:56 . 2009-07-01 22:56 10134 ----a-r- c:\users\Fantomas\AppData\Roaming\Microsoft\Installer\{7113847B-EC8E-C244-66B0-C8C98A855525}\ARPPRODUCTICON.exe

2009-07-01 22:40 . 2009-04-25 15:47 -------- d-----w- c:\program files\Electronic Arts

2009-07-01 18:46 . 2009-06-02 15:41 -------- d-----w- c:\program files\Common Files\Apple

2009-06-27 11:48 . 2009-03-14 13:49 -------- d-----w- c:\program files\Bohemia Interactive

2009-06-20 15:47 . 2009-06-20 15:47 -------- d-----w- c:\progra~2\Ubisoft

2009-06-13 19:15 . 2009-06-13 19:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-06-11 11:14 . 2009-06-11 11:14 462672 ----a-w- C:\gen_announce_fr.exe

2009-06-10 14:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-06-10 14:32 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont

2009-06-07 20:57 . 2009-06-07 20:57 3674 ----a-w- c:\windows\system32\ealregsnapshot1.reg

2009-05-30 13:01 . 2009-05-30 13:01 15360 ----a-r- c:\users\Fantomas\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe

2009-05-30 13:01 . 2009-05-30 13:01 11264 ----a-r- c:\users\Fantomas\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe

2009-05-16 04:01 . 2009-05-16 04:01 4933632 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2009-05-16 03:24 . 2009-05-16 03:24 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-05-16 03:24 . 2009-05-16 03:24 335872 ----a-w- c:\windows\system32\atieclxx.exe

2009-05-16 03:23 . 2009-05-16 03:23 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2009-05-16 03:22 . 2008-07-09 02:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2009-05-16 03:22 . 2008-07-09 02:09 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2009-05-16 03:22 . 2009-05-16 03:22 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2009-05-16 03:22 . 2009-05-16 03:22 11776 ----a-w- c:\windows\system32\atimuixx.dll

2009-05-16 03:22 . 2008-07-09 02:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2009-05-16 03:19 . 2009-05-16 03:19 2411008 ----a-w- c:\windows\system32\atidxx32.dll

2009-05-16 03:08 . 2009-02-04 04:43 3064832 ----a-w- c:\windows\system32\atiumdag.dll

2009-05-16 02:53 . 2009-02-04 04:22 2847744 ----a-w- c:\windows\system32\atiumdva.dll

2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\atimpc32.dll

2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\amdpcom32.dll

2009-05-16 02:41 . 2009-05-16 02:41 172032 ----a-w- c:\windows\system32\atiadlxx.dll

2009-05-16 02:40 . 2009-05-16 02:40 11376640 ----a-w- c:\windows\system32\atioglxx.dll

2009-05-16 02:27 . 2009-05-16 02:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalrt.dll

2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalcl.dll

2009-05-16 01:59 . 2009-05-16 01:59 3174400 ----a-w- c:\windows\system32\aticaldd.dll

2009-05-15 16:51 . 2009-05-15 16:50 143360 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

2009-05-15 16:51 . 2009-05-15 16:50 132096 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Live Search\Suppression-Live-Search.exe

2009-05-15 16:51 . 2009-05-15 16:50 125440 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

2009-05-15 16:51 . 2009-05-15 16:50 86576 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe

2009-05-15 16:51 . 2009-05-15 16:50 132672 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

2009-05-15 16:51 . 2009-05-15 16:50 392728 ----a-w- c:\users\Fantomas\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]

"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-04 368640]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602]

"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

 

c:\users\Fantomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de notification Live Search.lnk - c:\users\Fantomas\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2009-5-15 143360]

 

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

D‚marrage d'Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-29 51984]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-3-20 91440]

Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-29 111376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"VistaSp2"=hex(b):3e,ab,2a,ac,d9,e9,c9,01

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2602240095-3596903612-1769238275-1000]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{89015D21-7C52-4781-A321-0D77021F5125}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{916A7BEE-3646-49AE-A704-757A53E2053A}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{6CBFEE3C-381C-4A97-ADAB-2530DB2DDFD1}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent

"UDP Query User{97E539F9-CA94-4668-8B80-B51B089F5695}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent

"{FB1BFA9A-4601-4048-9709-84DD6FF6BDBF}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{3C02A66C-A714-4F37-979C-726C1BCCFEF5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{6B5B4285-758C-4A06-A8A9-9B25D23F0B74}c:\\program files\\steam\\steamapps\\le_magistrat_fantomas\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\le_magistrat_fantomas\day of defeat source\hl2.exe:hl2

"UDP Query User{6DD99E6D-7AB6-476E-93C2-55A41BEAB037}c:\\program files\\steam\\steamapps\\le_magistrat_fantomas\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\le_magistrat_fantomas\day of defeat source\hl2.exe:hl2

"TCP Query User{8C59172B-8D46-433D-BF14-48CE4E491388}c:\\program files\\steam\\steamapps\\common\\dawn of war 2\\dow2.exe"= UDP:c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe:DOW2

"UDP Query User{99E2DC76-75C5-4CFD-A49E-33C7C2DF23C2}c:\\program files\\steam\\steamapps\\common\\dawn of war 2\\dow2.exe"= TCP:c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe:DOW2

"TCP Query User{6E47D620-B3F0-4993-BBCC-C9CD2E0E0883}c:\\program files\\steam\\steamapps\\le_magistrat_fantomas\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\le_magistrat_fantomas\team fortress 2\hl2.exe:hl2

"UDP Query User{33410EC2-DD94-4DD5-A877-59118F3B80C6}c:\\program files\\steam\\steamapps\\le_magistrat_fantomas\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\le_magistrat_fantomas\team fortress 2\hl2.exe:hl2

"TCP Query User{6B5E6CB0-F5B7-4CE3-AAAA-6D84C081DB85}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH

"UDP Query User{59F9B733-2429-4707-9576-5652F06A0F5B}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH

"TCP Query User{214B13E5-CB2A-489F-B3E3-C9D5D6D9BC0E}c:\\windows.old\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\windows.old\program files\thq\company of heroes\reliccoh.exe:RelicCOH

"UDP Query User{FDE042A2-B855-4AA5-B005-B75700758041}c:\\windows.old\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\windows.old\program files\thq\company of heroes\reliccoh.exe:RelicCOH

"TCP Query User{F1A71128-C59B-4702-B03F-274830AAE1DB}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger

"UDP Query User{8BFBC50E-8E76-4895-A631-F3F2696736AD}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger

"TCP Query User{9F5DAEB3-A5F9-4CC1-99AB-17B1095B253F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{5EE28751-36A0-45F2-A6EB-FD40FF39A57E}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{4989E143-DD60-47A6-8A2B-5DCCD3C6EB2D}c:\\jeux\\warcraft iii(2)\\war3.exe"= UDP:c:\jeux\warcraft iii(2)\war3.exe:Warcraft III

"UDP Query User{B93F5BCC-3555-4D7D-A05C-4093AD104CC2}c:\\jeux\\warcraft iii(2)\\war3.exe"= TCP:c:\jeux\warcraft iii(2)\war3.exe:Warcraft III

"{280DA56A-0D92-44D8-9E39-0A93F615587A}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{BE035408-8687-4B3D-82E8-B0CDDA11BFE1}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{5969F6E8-3565-4059-8266-37D52A8464A2}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{DDA0C85D-F1DE-4189-A657-C138312D9BD3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"TCP Query User{14C3ABCA-B98B-4DCE-8F3F-BC708B0447AB}c:\\jeux\\warcraft iii(2)\\war3.exe"= UDP:c:\jeux\warcraft iii(2)\war3.exe:Warcraft III

"UDP Query User{1D89B64F-BB2D-45B8-8F77-BB56BFEC4991}c:\\jeux\\warcraft iii(2)\\war3.exe"= TCP:c:\jeux\warcraft iii(2)\war3.exe:Warcraft III

"TCP Query User{2FB4A138-56B3-419B-B188-884A2C1E66FF}c:\\program files\\bohemia interactive\\arma\\arma.exe"= UDP:c:\program files\bohemia interactive\arma\arma.exe:ArmA

"UDP Query User{23502E66-EF8B-46CA-A0E1-B7462F81F6EF}c:\\program files\\bohemia interactive\\arma\\arma.exe"= TCP:c:\program files\bohemia interactive\arma\arma.exe:ArmA

"TCP Query User{C52FB5D8-8C36-464B-9A09-2AC07E83F459}c:\\program files\\steam\\steamapps\\common\\dawn of war 2\\dow2.exe"= UDP:c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe:DOW2

"UDP Query User{2011D528-832E-42EA-945F-55E6E12CE1DD}c:\\program files\\steam\\steamapps\\common\\dawn of war 2\\dow2.exe"= TCP:c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe:DOW2

"TCP Query User{8220BE4E-0C14-430F-871F-03631D8E2A2F}c:\\program files\\bohemia interactive\\arma\\arma.exe"= UDP:c:\program files\bohemia interactive\arma\arma.exe:ArmA

"UDP Query User{F140E639-21E9-43B8-BC01-3287D0E927D8}c:\\program files\\bohemia interactive\\arma\\arma.exe"= TCP:c:\program files\bohemia interactive\arma\arma.exe:ArmA

"{ED8D254B-16AF-4A0F-8D81-8A57836C7A63}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{8FE11DFE-5D58-4C6F-9F3D-D3438CF55E9C}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{940C2564-8BF1-4333-B88F-5E7DE3491B58}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{E0D467F2-A3AF-4E46-94BD-BE8A33A625BE}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{FEBB46A0-E372-41DC-836F-B9A1ACC7ABBC}c:\\program files\\thq\\company of heroes\\relicdownloader\\relicdownloader.exe"= UDP:c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager

"UDP Query User{ECE3055E-52A7-4BAF-9D59-839CA8424C8E}c:\\program files\\thq\\company of heroes\\relicdownloader\\relicdownloader.exe"= TCP:c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager

"{6643E6CD-E957-4DFF-B4B8-55BCCFB26613}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{8D3FC7DF-43AC-4CE5-90AC-EE81A0C94AE6}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{0389518C-39EF-4887-9523-E72EAC512E72}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes

"{1B310561-9EC1-4972-80C5-A48DFE8E683D}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes

"{848BA1A1-2EB2-4D45-B90A-B459441029E8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{F159CE49-7F3A-49F1-874A-5C0730EB0310}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{CD4A7B12-457E-44CD-BFCD-51856DBF1289}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{98A3AA6C-C36E-46FF-B66E-92A7D2B8BF33}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{2A1A5F6E-F4B9-4CAF-BB08-4888DC1DF102}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade

"UDP Query User{C2284A10-8ABF-4000-AA3A-6A1337F890F9}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade

"TCP Query User{F29A7DD1-81F6-490E-9DBA-D6361ED42F19}c:\\jeux\\dow\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\jeux\dow\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade

"UDP Query User{2BC8A1D1-05AD-478B-86B8-B6734F1C2802}c:\\jeux\\dow\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\jeux\dow\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade

"{375C0A21-C89D-4689-83C0-856BAB73EA21}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{B82440B4-AAEA-49FE-9C4C-84A5DCED087F}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{60EA919B-269A-4A3F-8EB4-A7165481DA2B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{EBB76CA1-E21A-4C9D-950C-D72ACD626154}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{54BC8A1C-2ED2-4541-9E95-B9C2635F550E}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2

"{12603F4B-5543-49F6-AB87-4DFC9CD872C0}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2

"{EBC52A0B-136D-4E61-ADED-DC4F5E19F9B7}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update

"{92D51146-2928-42B7-A602-F5F9B3094DE3}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update

"TCP Query User{C1000937-2D93-46D3-97C8-03A7373D07C3}c:\\jeux\\battlestations pacific\\bsp.exe"= UDP:c:\jeux\battlestations pacific\bsp.exe:Battlestations: Pacific

"UDP Query User{5B5D2DC6-56B6-4CA8-9C3E-8257F584DE03}c:\\jeux\\battlestations pacific\\bsp.exe"= TCP:c:\jeux\battlestations pacific\bsp.exe:Battlestations: Pacific

"TCP Query User{B61EC39B-F7B8-411D-968B-E2A3D1AC517F}c:\\jeux\\battlestations pacific\\bsp.exe"= UDP:c:\jeux\battlestations pacific\bsp.exe:Battlestations: Pacific

"UDP Query User{98769534-5ABF-4E7E-92C2-198A90D27A90}c:\\jeux\\battlestations pacific\\bsp.exe"= TCP:c:\jeux\battlestations pacific\bsp.exe:Battlestations: Pacific

"{E9590A10-198A-4A5C-AF1D-32D14FFFCDDB}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2

"{3B8D833D-55C1-4539-8093-F17EFCF3738B}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2

"{7EBD9BA9-6871-46EA-BC42-50AA938575B6}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update

"{A1D48E15-D53D-4196-BC48-405E054647DD}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update

"{956C9B60-77CE-4DA7-81F5-A2BB18206368}"= UDP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader

"{91224BDD-D1EF-4FC9-980B-0F8F0B2BA8B7}"= TCP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader

"{0B25D5E9-A9E2-4E44-BB5A-E283607DD436}"= UDP:c:\program files\Logitech\Logitech Vid\Vid.exe:Logitech Vid

"{83DD1085-E6DA-4F2F-B5B8-970DBB986B8F}"= TCP:c:\program files\Logitech\Logitech Vid\Vid.exe:Logitech Vid

"TCP Query User{7A055DBE-85B7-45EC-9844-FD8BE3F373F9}c:\\jeux\\men of war\\mow.exe"= UDP:c:\jeux\men of war\mow.exe:Main executable

"UDP Query User{FAB881EA-BB4C-4644-A844-728AC2473878}c:\\jeux\\men of war\\mow.exe"= TCP:c:\jeux\men of war\mow.exe:Main executable

"TCP Query User{BB08B4D8-9447-4D1E-B8E6-B7A106EA9261}g:\\lecteur d\\jeux\\sierra-console\\hl.exe"= UDP:g:\lecteur d\jeux\sierra-console\hl.exe:Half-Life Launcher

"UDP Query User{04819468-1B57-4848-A8CD-1C22828CB585}g:\\lecteur d\\jeux\\sierra-console\\hl.exe"= TCP:g:\lecteur d\jeux\sierra-console\hl.exe:Half-Life Launcher

"{7EA3376C-7D0E-43E9-9890-71190976EFBE}"= UDP:c:\program files\Logitech\Logitech Vid\Vid.exe:Logitech Vid

"{38BD8FB0-491C-40A4-8BBC-9AACAE3BCF8A}"= TCP:c:\program files\Logitech\Logitech Vid\Vid.exe:Logitech Vid

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DoNotAllowExceptions"= 1 (0x1)

 

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [11/07/2006 09:30 42392]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16/05/2009 05:23 176128]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [24/04/2009 07:43 95544]

S2 gupdate1ca06d3a2757ada;Service Google Update (gupdate1ca06d3a2757ada);c:\program files\Google\Update\GoogleUpdate.exe [17/07/2009 13:42 133104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bdx REG_MULTI_SZ scan

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\users\Fantomas\AppData\Roaming\Mozilla\Firefox\Profiles\ic819m17.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - www.gmx.fr

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=

FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-10 23:30

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\audiodg.exe

c:\windows\System32\WUDFHost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\System32\PnkBstrA.exe

c:\windows\System32\PnkBstrB.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe

c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\BitDefender\BitDefender 2008\vsserv.exe

c:\windows\System32\atieclxx.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\conime.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\users\Fantomas\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Completion time: 2009-08-10 23:34 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-10 21:34

 

Pre-Run: 366 536 323 072 octets libres

Post-Run: 366 332 674 048 octets libres

 

327 --- E O F --- 2009-07-31 01:00

[Fantomas48]

j'ai testé, plus de main.exoclick pour le moment... tu es vraiment un maître en la matière ! chapeau bas vraiment ! j'ai passé un BTS informatique ya 10 ans mais toi tu es 100 fois au dessus... bravo et merci encore (bon retablissement j'espère que c pas grave)

[Apollo]

Merci mais je suis loin d'être un maître comme tu dis; je me débrouille quoi.

 

Il faudra quand-même réessayer d'installer MBAM à nouveau (après désinstall de l'autre) pour parachever le travail.

 

Il y avait un Rootkit, ce qui explique pas mal de soucis que tu as rencontrés.

 

Ca va aller, et puis l'hôpital a des bons côtés parfois, si on tombe sur une chouette infirmière

 

Bah pour une fois, c'est moi qui serais scanné Je ne resterai sans doute que deux ou trois jours, on verra.

 

Si tes soucis s'arrangent il faudra penser à désinstaller ComboFix par cette commande dans exécuter:

 

ComboFix /u et virer les dossiers qui lui appartiennent comme C:\Qoobox. (s'il existaient encore)

 

@++

[Fantomas48]

ok MBAM s'est lancé, j'ai effectué la procedure, voici le rapport :

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2596

Windows 6.0.6002 Service Pack 2

 

11/08/2009 12:15:41

mbam-log-2009-08-11 (12-15-41).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 297781

Temps écoulé: 1 hour(s), 20 minute(s), 31 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 4

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Windows\System32\ESQULzcounter (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\System32\ESQULlpibujvqjwsrdnckwxtmjvxwrplbxrsx.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\ESQULrxpbwhexpqeqofikdqvxpvhvfvujgdad.dll (Trojan.Agent) -> Quarantined and deleted successfully.