MBAM bloque IP (c'est une attaque ?)

gazouz33 · le 7 février 2010

OK voici le compte rendu combofix :

ComboFix 10-02-06.03 - ADEL1 07/02/2010 16:25:45.4.2 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1583 [GMT 0:00]

Lancé depuis: c:\documents and settings\ADEL1\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\ADEL1\x.exe

C:\khq

c:\windows\system32\AutoRun.inf

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\winrar32.exe

c:\windows\system32\wpcap.dll

D:\khq

E:\khq

I:\khq

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-07 au 2010-02-07 ))))))))))))))))))))))))))))))))))))

.

2010-02-07 12:24 . 2010-02-07 12:26 -------- d-----w- c:\program files\Vibe Streamer

2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\abelhadigital.com

2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\documents and settings\ADEL1\Application Data\abelhadigital.com

2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\program files\HostsMan

2010-02-05 19:13 . 2010-02-07 16:27 -------- d-----w- C:\Temp

2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\documents and settings\ADEL1\Application Data\LogProtect

2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\program files\LogProtect

2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- c:\program files\trend micro

2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- C:\rsit

2010-02-04 20:53 . 2010-02-04 20:55 -------- d-----w- c:\documents and settings\ADEL1\vw

2010-02-04 20:53 . 2010-02-04 20:53 -------- d-----w- c:\documents and settings\ADEL1\Visual IP Trace

2010-02-02 21:51 . 2010-02-02 21:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!

2010-02-02 15:17 . 2010-02-02 15:17 -------- d-----w- c:\documents and settings\ADEL1\Application Data\TeamViewer

2010-02-02 15:17 . 2010-02-05 17:19 -------- d-----w- c:\program files\TeamViewer

2010-02-02 12:19 . 2010-02-02 12:45 -------- d-----w- c:\program files\JDownloader

2010-01-30 16:50 . 2010-02-02 12:12 -------- d-----w- C:\Mes Sites Web

2010-01-30 16:49 . 2010-01-30 16:49 -------- d-----w- c:\program files\WinHTTrack

2010-01-25 21:58 . 2010-01-25 21:58 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Eggiz

2010-01-25 13:59 . 2010-01-25 13:59 -------- d-----w- c:\program files\Eggiz

2010-01-18 10:21 . 2010-01-18 10:21 -------- d-----w- C:\spoolerlogs

2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SDI

2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\ADEL1\Application Data\SDI

2010-01-15 15:36 . 2010-01-15 15:36 -------- d-----w- c:\program files\AF Software

2010-01-15 15:17 . 2010-01-15 15:17 -------- d-----w- c:\program files\Makayama

2010-01-15 14:59 . 2010-01-15 14:59 -------- d-----w- c:\program files\Abitec

2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\program files\Microsoft Windows Script

2010-01-14 13:50 . 2010-01-14 13:55 -------- d-----w- c:\program files\Fma

2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FMA

2010-01-14 13:26 . 2010-01-14 13:26 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Globe7

2010-01-14 13:03 . 2010-01-14 13:03 -------- d-----w- c:\program files\PowerQuest

2010-01-14 12:34 . 2010-01-14 12:36 -------- d-----w- c:\program files\WebCopier

2010-01-11 11:38 . 2010-01-11 11:45 2452037 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_87\mpcstar_setup.exe

2010-01-11 11:37 . 2010-01-11 11:37 1157 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_86\mpcstar_setup.exe

2010-01-11 10:32 . 2010-01-11 10:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield

2010-01-11 10:31 . 2010-01-11 10:32 -------- d-----w- c:\program files\Fichiers communs\Jasc Software Inc

2010-01-11 10:31 . 2010-01-11 10:31 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Jasc Software Inc

2010-01-11 10:30 . 2010-01-11 10:31 -------- d-----w- c:\program files\Jasc Software Inc

2010-01-10 12:13 . 2010-01-10 12:13 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Identities

2010-01-10 11:24 . 2010-01-10 11:24 -------- d-s---w- c:\documents and settings\ADEL1\UserData

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-07 16:24 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\DMCache

2010-02-07 12:16 . 2002-09-07 00:00 71686 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-07 12:16 . 2002-09-07 00:00 458886 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-06 18:34 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\IDM

2010-02-03 20:57 . 2010-02-02 12:31 0 ----a-w- c:\documents and settings\ADEL1\errorlog.tmp

2010-02-02 21:51 . 2009-06-02 15:08 -------- d-----w- c:\program files\Yahoo!

2010-02-02 13:58 . 2010-01-05 12:07 -------- d-----w- c:\documents and settings\ADEL1\Application Data\uTorrent

2010-01-27 14:41 . 2009-12-09 14:27 1 ----a-w- c:\documents and settings\ADEL1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-01-21 20:34 . 2009-12-28 12:49 88880 ----a-w- c:\documents and settings\ADEL1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-17 13:01 . 2010-01-06 10:56 -------- d-----w- c:\program files\BitComet

2010-01-14 13:04 . 2009-04-17 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-11 10:31 . 2009-04-17 19:43 -------- d-----w- c:\program files\Fichiers communs\InstallShield

2010-01-07 10:59 . 2009-05-10 10:48 -------- d-----w- c:\program files\Internet Download Manager

2010-01-06 13:27 . 2010-01-06 13:27 198064 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

2010-01-06 10:56 . 2010-01-06 10:56 1036288 ----a-w- c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

2010-01-06 10:28 . 2010-01-06 10:26 -------- d-----w- c:\program files\freebird

2010-01-05 12:07 . 2010-01-05 12:07 -------- d-----w- c:\program files\uTorrent

2010-01-05 11:55 . 2010-01-05 11:54 -------- d-----w- c:\documents and settings\ADEL1\Application Data\ooVoo Details

2010-01-05 11:54 . 2009-06-21 12:00 -------- d-----w- c:\program files\ooVoo

2010-01-05 11:24 . 2010-01-05 11:24 305 ----a-w- c:\windows\system32\secushr.dat

2010-01-05 11:23 . 2010-01-05 11:23 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FlashGet

2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf

2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf

2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf

2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-01-04 14:22 . 2010-01-04 14:21 -------- d-----w- c:\program files\Fichiers communs\Motorola Shared

2010-01-04 14:21 . 2010-01-04 12:04 -------- d-----w- c:\program files\Motorola

2010-01-04 12:19 . 2010-01-04 12:19 40960 ----a-r- c:\documents and settings\ADEL1\Application Data\Microsoft\Installer\{86EB9B75-C7F8-4D7D-A032-6C5858757525}\ARPPRODUCTICON.exe

2010-01-04 09:47 . 2010-01-04 09:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software

2010-01-04 09:42 . 2010-01-04 09:42 -------- d-----w- c:\program files\Avanquest update

2010-01-04 09:42 . 2010-01-04 09:41 -------- d-----w- c:\program files\Motorola Phone Tools

2010-01-04 09:41 . 2010-01-04 09:41 25600 ----a-w- c:\documents and settings\ADEL1\usbsermptxp.sys

2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys

2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\documents and settings\ADEL1\usbsermpt.sys

2010-01-03 10:40 . 2009-07-01 10:36 -------- d-----w- c:\program files\Bit Che

2010-01-03 10:40 . 2010-01-03 10:40 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Convivea

2009-12-29 10:11 . 2009-06-23 14:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Malwarebytes

2009-12-28 13:38 . 2009-04-17 18:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-12-26 19:28 . 2009-12-26 01:22 -------- d-----w- c:\program files\Ontrack

2009-12-20 13:59 . 2009-05-13 10:15 -------- d-----w- c:\program files\FLV Player

2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf

2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-12-20 10:25 . 2009-04-17 12:36 -------- d-----w- c:\program files\Hewlett-Packard

2009-12-16 15:55 . 2009-12-09 12:26 586106 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll

2009-12-16 15:54 . 2009-12-09 12:26 369014 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll

2009-12-16 15:54 . 2009-12-09 12:26 237943 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll

2009-12-16 15:39 . 2009-12-16 15:39 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Ahead

2009-12-16 15:17 . 2009-12-16 15:17 -------- d-----w- c:\program files\XviD

2009-12-14 22:10 . 2009-12-14 22:10 -------- d-----w- c:\documents and settings\ADEL1\Application Data\vlc

2009-12-10 14:43 . 2009-12-09 12:26 127348 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll

2009-12-10 14:43 . 2009-12-09 12:26 180598 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll

2009-12-09 14:07 . 2009-12-09 14:04 77040 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_8\win2k_xp14363.exe

2009-12-09 13:48 . 2009-12-09 13:48 0 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_4\win2k_xp14363.exe

2009-12-09 13:19 . 2009-12-09 13:19 181680 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc02\components\idmmzcc.dll

2009-12-09 13:01 . 2009-12-09 11:31 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-12-09 12:32 . 2009-12-09 12:22 133192 ----a-w- c:\windows\hpwins13.dat

2009-12-09 12:29 . 2009-12-09 12:29 0 ----a-w- c:\windows\nsreg.dat

2009-12-09 11:28 . 2009-12-09 11:28 21892 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-07 11:51 . 2009-04-21 09:41 1 ----a-w- c:\documents and settings\ADEL\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-12-07 10:30 . 2009-12-09 12:26 2183544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll

2009-12-01 13:49 . 2009-07-01 12:33 64 ----a-w- c:\documents and settings\ADEL\errorlog.tmp

2009-11-30 20:30 . 2009-12-09 12:26 479605 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll

2009-11-20 12:05 . 2009-12-09 12:26 246132 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll

.

------- Sigcheck -------

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]

"SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-07-24 3495240]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]

"mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-12-01 1066240]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"LogProtect"="c:\program files\LogProtect\LogProtect.exe" [2010-01-07 3910144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=

"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=

"c:\\Program Files\\ooVoo\\ooVoo.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"42890:TCP"= 42890:TCP:utor

"42890:UDP"= 42890:UDP:utor

"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo

"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo

"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo

"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo

"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo

"10984:TCP"= 10984:TCP:BitComet 10984 TCP

"10984:UDP"= 10984:UDP:BitComet 10984 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/06/2009 14:57 108289]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/04/2009 18:46 269648]

R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [04/01/2010 14:22 91392]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/12/2009 13:38 19160]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [04/01/2010 14:22 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [04/01/2010 14:22 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [04/01/2010 14:22 42752]

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

Trusted Zone: chat-land.org

Trusted Zone: kuaiche.com\software

FF - ProfilePath - c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\

FF - prefs.js: browser.search.selectedEngine - WikipÃ©dia (fr)

FF - prefs.js: browser.startup.homepage - hxxp://www.cherche.us/

FF - prefs.js: keyword.URL - hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q=

FF - component: c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-07 16:32

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):e9,9f,41,50,df,39,34,a1,f5,47,7c,a5,dd,87,85,2b,8c,5c,1c,f2,40,

bc,24,af,49,25,84,8e,e6,ad,7c,7c,14,0d,88,d5,76,f7,f8,74,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7a131821-1a88-43ff-a385-7946cc3ea724}]

@Denied: (Full) (Everyone)

"Model"=dword:00000005

"Therad"=dword:0000001b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):7d,f6,21,d2,33,72,32,f9,42,f4,f8,9c,7b,e1,d2,3e,d5,4c,fe,69,16,

b8,f8,ff,b7,72,3e,b4,0a,a1,8a,05,f6,71,95,8c,ef,16,78,a7,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e0c97009-4299-4455-bab4-d28d0e73f920}]

@Denied: (Full) (Everyone)

"Model"=dword:00000023

"Therad"=dword:00000001

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(980)

c:\windows\system32\athgina.dll

- - - - - - - > 'explorer.exe'(2664)

c:\program files\LogProtect\DllHookM.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\acs.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\wscntfy.exe

c:\program files\Motorola\MotoConnectService\MotoConnect.exe

.

**************************************************************************

.

Heure de fin: 2010-02-07 16:35:33 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-02-07 16:35

ComboFix2.txt 2010-01-13 20:33

ComboFix3.txt 2010-01-10 13:40

ComboFix4.txt 2010-01-06 10:02

Avant-CF: 35 087 040 512 octets libres

Après-CF: 35 145 084 928 octets libres

- - End Of File - - C4BFE2B96A249BEC00A453DFE1B83474

Falkra · le 7 février 2010

Il y a des fichiers patchés, on va tenter de réparer tout ça.

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

Télécharge le fichier CFscript.txt depuis ce site :
http://senduit.com/03af05
Place-le sur le bureau, près de l'icône de combofix.
Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

gazouz33 · le 7 février 2010

Il y a des fichiers patchés, on va tenter de réparer tout ça.

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

Télécharge le fichier CFscript.txt depuis ce site :
http://senduit.com/03af05

Place-le sur le bureau, près de l'icône de combofix.

Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

j'ai téléchargé de lien et il c'est un fichier html pas txt comme sur l'exemple

j'ai quand même suivi vos instruction mais apparemment il y a une erreur de script qui arrête le processus. voici une image :

ça reste comme cela et combofix se ferme quand j'appuie sur ok

Merci de m'éclairer

Falkra · le 7 février 2010

IL ne faut pas télécharger le lien, mais cliquer dessus, aller sur la page et là tu as un lien clicable pour télécharger CFscript.txt

Ferme Combofix.

gazouz33 · le 7 février 2010

Désolé pour la bourde voici le rapport combofix

ComboFix 10-02-06.03 - ADEL1 07/02/2010 17:59:15.5.2 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1499 [GMT 0:00]

Lancé depuis: c:\documents and settings\ADEL1\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\ADEL1\Bureau\CFscript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::

"c:\documents and settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\searchplugins\cherche.xml"

"c:\documents and settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\searchplugins\cherche.xml"

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\searchplugins\cherche.xml

c:\documents and settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\searchplugins\cherche.xml

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-07 au 2010-02-07 ))))))))))))))))))))))))))))))))))))

.

2010-02-06 18:35 . 2010-02-07 16:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\abelhadigital.com

2010-02-05 19:13 . 2010-02-07 16:39 -------- d-----w- C:\Temp

2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\documents and settings\ADEL1\Application Data\LogProtect

2010-02-05 17:58 . 2010-02-07 16:41 -------- d-----w- c:\program files\LogProtect