[Résolu] Infection

[Falkra]

Un "vrai" pare-feu est une nécessité, et je n'en vois pas ici, en dehors du pare-feu (basique de l'OS), je te conseille Online Armor free, qui est disponible en français, plutôt facile à prendre en main, et efficace.

 

Voici un tuto en français : http://infomars.fr/forum/index.php?showtopic=1644

 

Interdis tous les fichiers .tmp, ça réactive la bestiole.

 

Après l'installation du pare-feu, mets à jour MBAM, fais une recherche rapide, supprime ce qui est trouvé et poste le rapport stp.

[Maho]

Bonsoir,

 

J'ai suivi toutes les indications dans l'ordre. J'ai vraiment apprécié de bloquer l'accès aux Trojans, huhu.

 

EDIT : Je suis resté connecté assez longtemps ce soir et il semblerait que tout fonctionne assez bien. Cependant, malgré le pare-feu, je me fais encore attaquer par une sorte de trojan. Antivir le met en quarantaine, mais il me semble que lorsque l'antivirus me propose cette option, il est déjà trop tard. Etant donné que les interventions d'antivir sont assez rares et par acquis de conscience, j'ai refait un scan rapide à l'aide de MBAM (C'est surement prendre l'initiative mais étant donné que la dernière consigne était un scan MBAM ... ^^'). MBAM à trouvé et éradique le Trojan mais je ne sais pas comment m'en protéger ^^'. Si vous le désirez, je posterai le dernier log de MBAM demain, mais je ne l'ajoute pas à cette édit par soucis de clarté.

 

Bonne soirée.

 

Voici le log.

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2658

Windows 5.1.2600 Service Pack 3

 

19/08/2009 20:47:44

mbam-log-2009-08-19 (20-47-44).txt

 

Type de recherche: Examen rapide

Eléments examinés: 92964

Temps écoulé: 4 minute(s), 16 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 3

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 4

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

Modifié le 19 août 2009 par Maho

[Falkra]

Refais une passe combofix (en double cliquant dessus), juste après un scan MBAM (mis à jour), et poste le rapport combofix stp.

Ca va aller mieux, mais ce n'est pas tout à fait terminé.

[Maho]

Bonsoir,

 

Voici le log. Il semblerait que Combofix ait fonctionné avec le "reduced functionalities mode". Je ne l'ai pas mis à jour car ce genre de programme me dépasse totalement ^^'. S'il vous faut un nouveau log, je pense rester connecté quelques heures encore. Sinon, ce sera demain.

 

Bonne soirée.

 

 

 

ComboFix 09-08-10.06 - AntoineD 20/08/2009 21:32.4.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.1023.651 [GMT 2:00]

Running from: c:\documents and settings\AntoineD\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Pare-feu Online Armor *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- REDUCED FUNCTIONALITY MODE -

.

 

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))

.

 

2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OnlineArmor

2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor

2009-08-19 18:25 . 2009-07-11 04:04 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys

2009-08-19 18:25 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys

2009-08-19 18:25 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys

2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\program files\Tall Emu

2009-08-19 18:23 . 2009-06-25 08:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll

2009-08-19 18:23 . 2009-06-25 08:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll

2009-08-19 18:23 . 2009-06-25 08:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll

2009-08-19 18:23 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys

2009-08-17 17:52 . 2009-08-17 17:10 176640 ----a-w- c:\windows\system32\appmgmts.dll

2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\MSBuild

2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\Reference Assemblies

2009-08-15 21:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-15 21:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-15 21:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-15 21:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-15 21:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-15 21:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-15 21:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-15 21:50 . 2009-08-15 21:50 -------- d-----w- C:\0656ce9091292e9e36d34114245569

2009-08-15 21:50 . 2009-08-16 14:27 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-15 21:43 . 2009-08-15 21:43 -------- d-----r- c:\documents and settings\LocalService\Mes documents

2009-08-15 19:38 . 2009-08-15 19:38 152576 ----a-w- c:\documents and settings\AntoineD\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-15 19:29 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-15 19:25 . 2009-08-15 19:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla

2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Malwarebytes

2009-08-12 20:45 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-12 20:45 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-12 20:26 . 2009-08-12 20:26 -------- d-----w- c:\program files\Trend Micro

2009-08-12 14:43 . 2009-08-12 14:43 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 16:35 . 2008-01-02 22:45 -------- d-----w- c:\program files\Hewlett-Packard

2009-08-19 19:19 . 2008-04-22 16:44 -------- d-----w- c:\program files\DivX

2009-08-19 18:53 . 2009-05-02 14:22 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-19 18:41 . 2008-01-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-16 18:28 . 2007-12-29 15:59 63696 ----a-w- c:\documents and settings\AntoineD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-16 14:34 . 2009-07-16 17:37 -------- d-----w- c:\documents and settings\AntoineD\Application Data\vlc

2009-08-15 21:54 . 2004-08-05 12:00 657124 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-15 21:54 . 2004-08-05 12:00 156700 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-15 19:40 . 2008-01-23 16:16 -------- d-----w- c:\program files\Java

2009-08-12 14:43 . 2004-08-05 12:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-10 18:26 . 2008-01-22 18:37 1 ----a-w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2009-08-10 18:26 . 2008-01-22 18:36 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2

2009-08-10 12:00 . 2008-01-03 23:17 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-05 09:03 . 2008-08-08 17:24 -------- d-----w- c:\program files\World of Warcraft

2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 03:23 . 2009-01-15 16:36 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 15:57 . 2004-08-05 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:57 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 15:57 . 2004-08-05 12:00 17408 ------w- c:\windows\system32\corpol.dll

2009-06-28 14:44 . 2008-05-17 12:30 -------- d-----w- c:\documents and settings\AntoineD\Application Data\teamspeak2

2009-06-26 22:30 . 2009-06-26 19:06 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Ventrilo

2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Ventrilo

2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard

2009-06-25 08:26 . 2004-08-05 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:26 . 2004-08-05 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:26 . 2004-08-05 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:26 . 2004-08-05 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:26 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:26 . 2004-08-05 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-08-05 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:44 . 2004-08-05 12:00 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll

2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll

2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll

2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin

2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll

2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-06-10 16:33 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\nvudisp.exe

2009-06-10 16:33 . 2007-12-05 00:41 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-06-10 16:33 . 2007-12-05 00:41 5908608 ----a-w- c:\windows\system32\nv4_disp.dll

2009-06-10 14:14 . 2004-08-05 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2007-12-29 13:56 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll

2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll

2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll

2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-06-10 06:15 . 2004-08-05 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-04 14:39 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll

.

 

------- Sigcheck -------

 

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys

[7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys

[-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((( SnapShot_2009-08-17_18.08.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-20 18:19 . 2009-08-20 18:19 16384 c:\windows\Temp\Perflib_Perfdata_594.dat

+ 2008-05-29 15:00 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll

- 2008-05-29 15:00 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll

+ 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll

- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll

+ 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll

+ 2009-04-17 10:30 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [19/08/2009 20:25 200784]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [19/08/2009 20:25 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [19/08/2009 20:25 29776]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2/05/2009 16:22 108289]

R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [19/08/2009 20:25 362184]

R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [19/08/2009 20:25 3142344]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} - hxxp://www.mtv-france.com/podcast/videoDL.cab

FF - ProfilePath - c:\documents and settings\AntoineD\Application Data\Mozilla\Firefox\Profiles\yghasjkw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.wowwiki.com/Portal:Main|http://chrysalis.clicforum.fr/index.php

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-20 21:32

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(1376)

c:\program files\Tall Emu\Online Armor\OAwatch.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

.

Completion time: 2009-08-20 21:37

ComboFix-quarantined-files.txt 2009-08-20 19:37

ComboFix2.txt 2009-08-17 18:10

ComboFix3.txt 2009-08-16 16:27

ComboFix4.txt 2009-08-16 16:13

 

Pre-Run: 80.787.841.024 octets libres

Post-Run: 80.753.016.832 octets libres

 

209 --- E O F --- 2009-08-19 18:24

[Falkra]

Je ne l'ai pas mis à jour car ce genre de programme me dépasse totalement

Il faut absolument le mettre à jour c'est aussi dans la note que je mets toujours.

Si tu n'as pas accès à internet télécharge une copie fraîche ici et transfère la par clé USB, en écrasant l'ancien fichier combofix.exe, il le faut à jour.

[Maho]

Autant pour moi. Voici le bon rapport.

 

Bonne soirée.

 

ComboFix 09-08-19.0C - AntoineD 20/08/2009 22:20.5.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.1023.631 [GMT 2:00]

Running from: c:\documents and settings\AntoineD\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Pare-feu Online Armor *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\ac2d09.msi

 

.

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))

.

 

2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OnlineArmor

2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor

2009-08-19 18:25 . 2009-07-11 04:04 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys

2009-08-19 18:25 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys

2009-08-19 18:25 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys

2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\program files\Tall Emu

2009-08-19 18:23 . 2009-06-25 08:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll

2009-08-19 18:23 . 2009-06-25 08:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll

2009-08-19 18:23 . 2009-06-25 08:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll

2009-08-19 18:23 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys

2009-08-17 17:52 . 2009-08-17 17:10 176640 ----a-w- c:\windows\system32\appmgmts.dll

2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\MSBuild

2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\Reference Assemblies

2009-08-15 21:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-15 21:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-15 21:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-15 21:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-15 21:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-15 21:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-15 21:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-15 21:50 . 2009-08-15 21:50 -------- d-----w- C:\0656ce9091292e9e36d34114245569

2009-08-15 21:50 . 2009-08-16 14:27 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-15 21:43 . 2009-08-15 21:43 -------- d-----r- c:\documents and settings\LocalService\Mes documents

2009-08-15 19:38 . 2009-08-15 19:38 152576 ----a-w- c:\documents and settings\AntoineD\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-15 19:29 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-15 19:25 . 2009-08-15 19:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla

2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Malwarebytes

2009-08-12 20:45 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-12 20:45 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-12 20:26 . 2009-08-12 20:26 -------- d-----w- c:\program files\Trend Micro

2009-08-12 14:43 . 2009-08-12 14:43 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 20:16 . 2009-07-16 17:37 -------- d-----w- c:\documents and settings\AntoineD\Application Data\vlc

2009-08-20 16:35 . 2008-01-02 22:45 -------- d-----w- c:\program files\Hewlett-Packard

2009-08-19 19:19 . 2008-04-22 16:44 -------- d-----w- c:\program files\DivX

2009-08-19 18:53 . 2009-05-02 14:22 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-19 18:41 . 2008-01-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-16 18:28 . 2007-12-29 15:59 63696 ----a-w- c:\documents and settings\AntoineD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-15 21:54 . 2004-08-05 12:00 657124 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-15 21:54 . 2004-08-05 12:00 156700 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-15 19:40 . 2008-01-23 16:16 -------- d-----w- c:\program files\Java

2009-08-12 14:43 . 2004-08-05 12:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-10 18:26 . 2008-01-22 18:37 1 ----a-w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2009-08-10 18:26 . 2008-01-22 18:36 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2

2009-08-10 12:00 . 2008-01-03 23:17 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-05 09:03 . 2008-08-08 17:24 -------- d-----w- c:\program files\World of Warcraft

2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 03:23 . 2009-01-15 16:36 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 15:57 . 2004-08-05 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:57 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 15:57 . 2004-08-05 12:00 17408 ------w- c:\windows\system32\corpol.dll

2009-06-28 14:44 . 2008-05-17 12:30 -------- d-----w- c:\documents and settings\AntoineD\Application Data\teamspeak2

2009-06-26 22:30 . 2009-06-26 19:06 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Ventrilo

2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Ventrilo

2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard

2009-06-25 08:26 . 2004-08-05 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:26 . 2004-08-05 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:26 . 2004-08-05 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:26 . 2004-08-05 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:26 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:26 . 2004-08-05 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-08-05 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:44 . 2004-08-05 12:00 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll

2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll

2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll

2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin

2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll

2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-06-10 16:33 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\nvudisp.exe

2009-06-10 16:33 . 2007-12-05 00:41 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-06-10 16:33 . 2007-12-05 00:41 5908608 ----a-w- c:\windows\system32\nv4_disp.dll

2009-06-10 14:14 . 2004-08-05 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2007-12-29 13:56 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll

2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll

2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll

2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-06-10 06:15 . 2004-08-05 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-04 14:39 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll

.

 

------- Sigcheck -------

 

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys

[7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys

[-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((( SnapShot_2009-08-17_18.08.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-20 18:19 . 2009-08-20 18:19 16384 c:\windows\Temp\Perflib_Perfdata_594.dat

+ 2008-05-29 15:00 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll

- 2008-05-29 15:00 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll

+ 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll

- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll

+ 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll

+ 2009-04-17 10:30 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [19/08/2009 20:25 200784]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [19/08/2009 20:25 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [19/08/2009 20:25 29776]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2/05/2009 16:22 108289]

R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [19/08/2009 20:25 362184]

R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [19/08/2009 20:25 3142344]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} - hxxp://www.mtv-france.com/podcast/videoDL.cab

FF - ProfilePath - c:\documents and settings\AntoineD\Application Data\Mozilla\Firefox\Profiles\yghasjkw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.wowwiki.com/Portal:Main|http://chrysalis.clicforum.fr/index.php

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-20 22:26

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2009-08-20 22:29

ComboFix-quarantined-files.txt 2009-08-20 20:29

ComboFix2.txt 2009-08-20 19:37

ComboFix3.txt 2009-08-17 18:10

ComboFix4.txt 2009-08-16 16:27

ComboFix5.txt 2009-08-20 20:19

 

Pre-Run: 80.683.401.216 octets libres

Post-Run: 80.678.096.896 octets libres

 

207 --- E O F --- 2009-08-19 18:24

Modifié le 20 août 2009 par Maho

[Falkra]

Cela n'a pas été grave, mais si Combofix te le propose, et que tu as l'accès à internet, dis oui, pareil pour la console de récupération (parfois bloquée par des bestioles).

 

Ca m'a l'air ok, plus de symptômes, de ton côté ?

[Maho]

Bonsoir,

 

Il n'y a plus de symptômes, plus rien que je puisse remarquer. J'ai lancé un dernier scan antivir et MBAM, "au cas ou", et MBAM détecte un Trojan que j'ai bloqué avec mon pare feu. Ça me semble un peu préoccupant :

 

 

> BN7.tmp bloqué à 19h53

 

et

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2671

Windows 5.1.2600 Service Pack 3

 

21/08/2009 19:59:19

mbam-log-2009-08-21 (19-59-19).txt

 

Type de recherche: Examen rapide

Eléments examinés: 93032

Temps écoulé: 3 minute(s), 1 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 2

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

 

 

> BN7.tmp, supprimé à 19h59.

 

Ai-je mal paramétré mon firewall ?

 

Merci, bonne soirée.

[Falkra]

Au contraire, ton firewall est très bien paramétré.

 

Télécharge ATF Cleaner (clique) par Atribune.

• Double-clique sur ATF-Cleaner.exe pour lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected

Clique sur Exit, dans le menu principal, pour quitter le programme.

Ca videra les fichiers temporaires de windows.

 

Relance combofix, laisse-le se mettre à jour et poste le rapport stp.

N'autorise aucun fichier .TMP à avoir l'accès à internet. autorise l'accès pour combofix et les fichier .cfexe si demandé.

[Maho]

Re-bonsoir,

 

voici le log combofix :

 

ComboFix 09-08-20.07 - AntoineD 21/08/2009 21:22.6.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.1023.661 [GMT 2:00]

Running from: c:\documents and settings\AntoineD\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Pare-feu Online Armor *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

 

.

((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))

.

 

2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OnlineArmor

2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor

2009-08-19 18:25 . 2009-07-11 04:04 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys

2009-08-19 18:25 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys

2009-08-19 18:25 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys

2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\program files\Tall Emu

2009-08-19 18:23 . 2009-06-25 08:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll

2009-08-19 18:23 . 2009-06-25 08:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll

2009-08-19 18:23 . 2009-06-25 08:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll

2009-08-19 18:23 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys

2009-08-17 17:52 . 2009-08-17 17:10 176640 ----a-w- c:\windows\system32\appmgmts.dll

2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\MSBuild

2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\Reference Assemblies

2009-08-15 21:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-15 21:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-15 21:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-15 21:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-15 21:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-15 21:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-15 21:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-15 21:50 . 2009-08-15 21:50 -------- d-----w- C:\0656ce9091292e9e36d34114245569

2009-08-15 21:50 . 2009-08-16 14:27 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-15 21:43 . 2009-08-15 21:43 -------- d-----r- c:\documents and settings\LocalService\Mes documents

2009-08-15 19:38 . 2009-08-15 19:38 152576 ----a-w- c:\documents and settings\AntoineD\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-15 19:29 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-15 19:25 . 2009-08-15 19:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla

2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Malwarebytes

2009-08-12 20:45 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-12 20:45 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-12 20:26 . 2009-08-12 20:26 -------- d-----w- c:\program files\Trend Micro

2009-08-12 14:43 . 2009-08-12 14:43 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-21 18:26 . 2009-07-16 17:37 -------- d-----w- c:\documents and settings\AntoineD\Application Data\vlc

2009-08-20 16:35 . 2008-01-02 22:45 -------- d-----w- c:\program files\Hewlett-Packard

2009-08-19 19:19 . 2008-04-22 16:44 -------- d-----w- c:\program files\DivX

2009-08-19 18:53 . 2009-05-02 14:22 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-19 18:41 . 2008-01-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-16 18:28 . 2007-12-29 15:59 63696 ----a-w- c:\documents and settings\AntoineD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-15 21:54 . 2004-08-05 12:00 657124 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-15 21:54 . 2004-08-05 12:00 156700 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-15 19:40 . 2008-01-23 16:16 -------- d-----w- c:\program files\Java

2009-08-12 14:43 . 2004-08-05 12:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-10 18:26 . 2008-01-22 18:37 1 ----a-w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2009-08-10 18:26 . 2008-01-22 18:36 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2

2009-08-10 12:00 . 2008-01-03 23:17 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-05 09:03 . 2008-08-08 17:24 -------- d-----w- c:\program files\World of Warcraft

2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 03:23 . 2009-01-15 16:36 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 15:57 . 2004-08-05 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:57 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 15:57 . 2004-08-05 12:00 17408 ------w- c:\windows\system32\corpol.dll

2009-06-28 14:44 . 2008-05-17 12:30 -------- d-----w- c:\documents and settings\AntoineD\Application Data\teamspeak2

2009-06-26 22:30 . 2009-06-26 19:06 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Ventrilo

2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Ventrilo

2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard

2009-06-25 08:26 . 2004-08-05 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:26 . 2004-08-05 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:26 . 2004-08-05 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:26 . 2004-08-05 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:26 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:26 . 2004-08-05 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-08-05 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:44 . 2004-08-05 12:00 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll

2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll

2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll

2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin

2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll

2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-06-10 16:33 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\nvudisp.exe

2009-06-10 16:33 . 2007-12-05 00:41 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-06-10 16:33 . 2007-12-05 00:41 5908608 ----a-w- c:\windows\system32\nv4_disp.dll

2009-06-10 14:14 . 2004-08-05 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2007-12-29 13:56 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll

2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll

2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll

2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-06-10 06:15 . 2004-08-05 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-04 14:39 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll

.

 

------- Sigcheck -------

 

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys

[7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys

[-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((( SnapShot_2009-08-17_18.08.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-21 18:00 . 2009-08-21 18:00 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat

+ 2008-05-29 15:00 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll

- 2008-05-29 15:00 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll

+ 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll

- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll

+ 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll

+ 2009-04-17 10:30 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]

"Regedit32"="c:\windows\system32\regedit.exe" [bU]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [19/08/2009 20:25 200784]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [19/08/2009 20:25 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [19/08/2009 20:25 29776]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2/05/2009 16:22 108289]

R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [19/08/2009 20:25 362184]

R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [19/08/2009 20:25 3142344]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

TCP: {C952600B-8AEE-4B3F-8CF2-1AC45AAFC608} = 195.238.2.22 195.238.2.21

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} - hxxp://www.mtv-france.com/podcast/videoDL.cab

FF - ProfilePath - c:\documents and settings\AntoineD\Application Data\Mozilla\Firefox\Profiles\yghasjkw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.wowwiki.com/Portal:Main|http://chrysalis.clicforum.fr/index.php

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-21 21:29

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2009-08-21 21:32

ComboFix-quarantined-files.txt 2009-08-21 19:32

ComboFix2.txt 2009-08-20 20:29

ComboFix3.txt 2009-08-20 19:37

ComboFix4.txt 2009-08-17 18:10

ComboFix5.txt 2009-08-21 19:16

 

Pre-Run: 80.635.383.808 octets libres

Post-Run: 80.585.633.792 octets libres

 

255 --- E O F --- 2009-08-19 18:24