Sites antivirus et microsoft inaccessibles
Fermé
Bonjour,
J'ai un problème proche de celui décrit par mama1969 là http://www.commentcamarche.net/forum/affich 10194844 virus qui bloque les sites antivirus
Le contexte : XP Pro SP2 + Trend comme antivirus
Les symptômes :
- Impossible de se connecter aux sites Microsoft ou d'antivirus en mode normal (possible en mode sans échec)
- Pb identique avec IE7 et FireFox 3.0.5
- Surf sur les autres sites possible
- comme celà ressemblait à un pb DNS, j'ai vérifié la résolution : ping et nslookup résolvent + ou - bien mais en mettant l'@IP à la place du nom (ex: http://206.204.52.31 => ne marche pas)
- Donc, j'ai clos l'hypthèse DNS mais j'ai quand même vérifié le hosts (OK => il est vide) et tenté avec différents DNS => même combat
Le pb c'est que si les symptômes semblent identiques, la résolution elle... ne marche pas.
J'ai passé :
- ComboFix (renommé pour l'occasion) : Rien
- SDFix : Rien
- Adware : Rien
- Spybot : Rien
- SmitfraudFix : Rien
- MalwareBytes : Rien
- CCleaner : Rien
=> en fait, pas "rien de trouvé" (mais rien qui ne m'a semblé intéressant => cookies, clés de registres de softs désintallés depuis et clés supprimées) mais rien de corrigé => je ne peux toujours pas aller sur les sites antivirus.
Ma demande est double :
a) Quel est ce virus/trojan/... et que fait-il d'autre (keylogger ? backdoor ???) => c'est surtout ça qui m'inquiète (achats en ligne vue la période, consultation du compte)
b) comment s'en débarrasser ?
Merci d'avance !
A titre informatif, un des logs créés si ça peut aider. Le cas échéant, réclamez moi en un autre (pertinent) :
ComboFix 08-12-30.02 - admin 2008-12-31 22:24:00.6 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1535.1191 [GMT 1:00]
Lancé depuis: c:\documents and settings\admin\Bureau\killFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/B/COLOR
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-31 ))))))))))))))))))))))))))))))))))))
.
2008-12-31 15:58 . 2008-12-31 15:58 <REP> d-------- c:\documents and settings\admin\Application Data\Malwarebytes
2008-12-31 15:58 . 2008-12-31 15:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-31 15:58 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-31 15:58 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-31 12:51 . 2008-12-31 12:51 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-12-31 12:48 . 2008-12-31 12:50 <REP> d-------- c:\documents and settings\admin\.housecall6.6
2008-12-31 12:48 . 2008-12-31 12:48 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-17 20:04 . 2008-12-31 11:54 <REP> d-------- c:\documents and settings\admin\Tracing
2008-12-17 20:02 . 2008-12-17 20:02 <REP> d-------- c:\program files\Microsoft
2008-12-17 20:01 . 2008-12-17 20:01 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-17 19:57 . 2008-12-17 19:57 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-15 14:05 . 2003-10-01 13:55 <REP> d--h----- c:\documents and settings\testcitrix\Voisinage réseau
2008-12-15 14:05 . 2003-10-01 13:55 <REP> d--h----- c:\documents and settings\testcitrix\Voisinage d'impression
2008-12-15 14:05 . 2003-10-01 13:55 <REP> d--h----- c:\documents and settings\testcitrix\Modèles
2008-12-15 14:05 . 2003-10-01 13:55 <REP> dr------- c:\documents and settings\testcitrix\Menu Démarrer
2008-12-15 14:05 . 2008-12-15 14:05 <REP> dr------- c:\documents and settings\testcitrix\Favoris
2008-12-15 14:05 . 2003-10-01 13:55 <REP> d-------- c:\documents and settings\testcitrix\Bureau
2008-12-15 14:05 . 2008-12-15 14:07 <REP> d-------- c:\documents and settings\testcitrix\Application Data\ICAClient
2008-12-15 14:05 . 2008-12-15 14:05 <REP> d-------- c:\documents and settings\testcitrix
2008-12-15 14:05 . 2008-12-11 18:52 536,868 --a------ c:\documents and settings\testcitrix\default.scr
2008-12-14 12:27 . 2008-12-14 12:27 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 20:28 . 2008-12-12 20:28 504,794 --a------ C:\rhumato.pdf
2008-12-03 14:54 . 2008-12-03 11:34 14,951,404 --a------ c:\documents and settings\admin\rsisavf.zip
2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
2008-12-02 19:47 . 2008-12-02 19:47 938,470 --a------ C:\Document_20081202_194728.pdf
2008-12-01 11:19 . 2008-12-01 11:19 51 --a------ c:\windows\itrrr.dat
2008-11-07 08:30 . 2008-11-07 08:30 139 --a------ c:\windows\system32\~.inf
2008-11-02 10:35 . 2008-11-02 10:35 472,579 --a------ C:\CNI pass.pdf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-30 23:52 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-19 12:42 793,011 ----a-w c:\documents and settings\admin\default.scr
2008-12-17 19:01 --------- d-----w c:\program files\Windows Live
2008-12-15 13:22 --------- d-----w c:\documents and settings\admin\Application Data\ICAClient
2008-12-14 11:27 --------- d-----w c:\program files\Java
2008-12-07 13:26 --------- d-----w c:\documents and settings\admin\Application Data\U3
2008-12-05 14:55 --------- d-----w c:\documents and settings\admin\Application Data\DNTU
2008-12-03 20:08 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-12 10:35 --------- d-----w c:\documents and settings\admin\Application Data\VMware
2008-11-09 20:57 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-23 09:09 737,280 ----a-w c:\windows\iun6002.exe
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-15 11:53 15,397 ----a-w c:\program files\settings.dat
2008-03-30 07:29 3,648,512 ----a-w c:\documents and settings\admin\Application Data\nkspower.exe
2007-02-19 10:37 28,904 -c--a-w c:\documents and settings\admin\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-04-16 15:53 158,873 --sha-w c:\windows\system32\jxzvhg.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-11-27 13:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
2007-11-22 10:41 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007111220071119\index.dat
2007-11-26 07:04 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007111920071126\index.dat
2007-12-04 07:13 49,152 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007112620071203\index.dat
2007-12-04 07:13 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007120420071205\index.dat
2007-12-05 20:24 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007120520071206\index.dat
2007-12-06 14:47 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007120620071207\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-24 339968]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"TPKBDLED"="c:\windows\System32\TpScrLk.exe" [2002-10-08 40960]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 710000]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-08-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-08-07 24576]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-08-07 45106]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-08-07 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TPP Auto Loader"="c:\windows\tppaldr.exe" [2002-06-24 118784]
"BEWINTERNET-FR-DMESessionManager"="c:\program files\OrangeBs\SessionManager\SessionManager.exe" [2007-05-15 81920]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CardDetectorGX0301"="c:\program files\CardDetector\GX0301\CardDetector.exe" [2007-11-14 278528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TrackPointSrv"="tp4serv.exe" [2005-02-18 c:\windows\system32\tp4serv.exe]
"TP4EX"="tp4ex.exe" [2002-09-04 c:\windows\system32\TP4EX.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="d:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2005-07-25 561152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 10 (0xa)
"ForceStartMenuLogOff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.MPG4"= c:\windows\mpg4c32.dll
"vidc.mpg2"= c:\windows\mpg4c32.dll
"vidc.mpg3"= c:\windows\mpg4c32.dll
"vidc.GEOX"= c:\windows\system32\GeoCodec.dll
"vidc.iv50"= c:\windows\ir50_32.dll
"vidc.MJPG"= c:\windows\m3jpeg32.dll
"vidc.dmb1"= c:\windows\m3jpeg32.dll
"vidc.ffds"= -
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0/u\[u]0/u]
"Script"=chg-administrateur.vbs
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\OrangeBs\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"443:UDP"= 443:UDP:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:UDP port 37675 ooVoo
"1655:TCP"= 1655:TCP:qnhwzjv
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2005-07-01 13872]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2005-07-01 4442]
S2 ACEDRV08;ACEDRV08;\??\c:\windows\system32\drivers\ACEDRV08.sys [2007-11-21 108768]
S2 durfhivvm;Image Time;c:\windows\system32\svchost.exe -k netsvcs [2002-08-30 14336]
S2 oyrnzpkt;Helper Monitor;c:\windows\system32\svchost.exe -k netsvcs [2002-08-30 14336]
S2 TmFilter;Trend Micro Filter;\??\c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2005-11-09 205328]
S2 TmPreFilter;Trend Micro PreFilter;\??\c:\program files\Trend Micro\OfficeScan Client\TmPreFlt.sys [2005-11-09 36368]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\Drivers\camdrv30.sys [2008-01-06 171264]
S3 DVDACCSS;DVDACCSS;\??\c:\progra~1\DVDACC~1\DVDAX.SYS []
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-07-31 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-07-31 51968]
S3 GTF32BUS;GT F32 BUS;c:\windows\system32\DRIVERS\gtf32bus.sys [2007-07-19 35200]
S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-07-19 8064]
S3 GTSCSER;GT SC SER;c:\windows\system32\DRIVERS\gtscser.sys [2007-07-19 21248]
S3 TPP200;USB Storage Adapter V2 (TPP);c:\windows\system32\DRIVERS\TPP200.SYS [2007-02-19 36096]
S3 ZMWS Service;ZMWS Service;d:\cms\guppylocal\ZazouMiniWebServer.exe -service []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
durfhivvm
oyrnzpkt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d626d3da-5c25-11dd-888d-00166f5abf84}]
\Shell\AutoRun\command - G:\AutoRunCardDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fddbf878-2b56-11dd-8876-00166f5abf84}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fddbf879-2b56-11dd-8876-00166f5abf84}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - MDM
*Newly Created Service* - PXHELP20
.
Contenu du dossier 'Tâches planifiées'
2008-12-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-04-14 00:01]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://intranet
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Télécharger avec NetTransport - d:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Add to AMV Convert Tool... - d:\program files\MP3 Player Utilities 3.75\AMVConverter\grab.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - d:\program files\MP3 Player Utilities 3.75\MediaManager\grab.html
IE: Sauver &fichier media avec Flash and Media Capture - c:\program files\Fichiers communs\MetaProducts\FMCapt.dll/savemedia.htm
IE: Sauver &image avec Flash and Media Capture - c:\program files\Fichiers communs\MetaProducts\FMCapt.dll/saveimg.htm
IE: Tout t&élécharger avec NetTransport - d:\program files\Xi\NetTransport 2\NTAddList.html
Trusted Zone: support.fujitsu-siemens.fr
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\OCXDownloadChecker_6110.ocx - O16 -: {1DB93715-3B60-43EE-93E6-279BB3E1DF76}
hxxp://10.210.40.76/cab/OCXChecker_6110.cab
c:\windows\Downloaded Program Files\OCXDownloadChecker.inf
c:\windows\Downloaded Program Files\AtxEnc.dll - O16 -: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4}
hxxps://antivirus.compass-group.fr/officescan/console/html/AtxEnc.cab
c:\windows\system32\ccss.ico - c:\windows\system32\ccs.ico
c:\windows\system32\pCCPPlayer.ocx
c:\windows\system32\ccpxa.dll
O16 -: {45432B26-C76C-43C3-B7D3-EF5A132B995F}
hxxp://rescuerigger.com/CCS-WebKit/pCCPPlayer.cab
c:\windows\Downloaded Program Files\pCCPPlayer.inf
c:\windows\system32\msvcr71.dll - c:\windows\system32\msvcp71.dll
c:\windows\system32\S3DSendLog.exe
c:\windows\system32\mfc71.dll
c:\windows\Downloaded Program Files\Ston3D.ocx
O16 -: {7508D2BB-F085-45BF-8261-167C6DF4D477}
hxxp://player.stonetrip.com/Ston3D.cab
c:\windows\Downloaded Program Files\Ston3D.inf
c:\windows\Downloaded Program Files\VMKeyboardHook.dll - c:\windows\Downloaded Program Files\VMRCActiveXClient.dll
O16 -: {7C896371-4B7F-4B34-95B1-24851F5DED24}
hxxp://dmars-406223/VirtualServer/activex/VMRCActiveXClient.cab
c:\windows\Downloaded Program Files\VMRCActiveXClient.inf
c:\windows\Downloaded Program Files\AtxPie.dll - O16 -: {A050E865-64E3-431B-8079-F0DFCEA90A2D}
hxxps://antivirus.compass-group.fr/ControlManager/SSO_PKI/console/html/root/AtxPie.cab
c:\windows\Downloaded Program Files\CONFLICT.1\VMKeyboardHook.dll - c:\windows\Downloaded Program Files\CONFLICT.1\VMRCActiveXClient.dll
O16 -: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB}
hxxp://smars-vrt03:1024/VirtualServer/activex/VMRCActiveXClient.cab
c:\windows\Downloaded Program Files\CONFLICT.1\VMRCActiveXClient.inf
c:\windows\Downloaded Program Files\Download_6110.ocx - O16 -: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD}
hxxp://10.210.40.76/cab/DownloadFile_6110.cab
c:\windows\Downloaded Program Files\Download.inf
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\6vretfx9.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: d:\program files\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\program files\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 22:25:53
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\durfhivvm]
"ServiceDll"="c:\windows\system32\jxzvhg.dll"
J'ai un problème proche de celui décrit par mama1969 là http://www.commentcamarche.net/forum/affich 10194844 virus qui bloque les sites antivirus
Le contexte : XP Pro SP2 + Trend comme antivirus
Les symptômes :
- Impossible de se connecter aux sites Microsoft ou d'antivirus en mode normal (possible en mode sans échec)
- Pb identique avec IE7 et FireFox 3.0.5
- Surf sur les autres sites possible
- comme celà ressemblait à un pb DNS, j'ai vérifié la résolution : ping et nslookup résolvent + ou - bien mais en mettant l'@IP à la place du nom (ex: http://206.204.52.31 => ne marche pas)
- Donc, j'ai clos l'hypthèse DNS mais j'ai quand même vérifié le hosts (OK => il est vide) et tenté avec différents DNS => même combat
Le pb c'est que si les symptômes semblent identiques, la résolution elle... ne marche pas.
J'ai passé :
- ComboFix (renommé pour l'occasion) : Rien
- SDFix : Rien
- Adware : Rien
- Spybot : Rien
- SmitfraudFix : Rien
- MalwareBytes : Rien
- CCleaner : Rien
=> en fait, pas "rien de trouvé" (mais rien qui ne m'a semblé intéressant => cookies, clés de registres de softs désintallés depuis et clés supprimées) mais rien de corrigé => je ne peux toujours pas aller sur les sites antivirus.
Ma demande est double :
a) Quel est ce virus/trojan/... et que fait-il d'autre (keylogger ? backdoor ???) => c'est surtout ça qui m'inquiète (achats en ligne vue la période, consultation du compte)
b) comment s'en débarrasser ?
Merci d'avance !
A titre informatif, un des logs créés si ça peut aider. Le cas échéant, réclamez moi en un autre (pertinent) :
ComboFix 08-12-30.02 - admin 2008-12-31 22:24:00.6 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1535.1191 [GMT 1:00]
Lancé depuis: c:\documents and settings\admin\Bureau\killFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/B/COLOR
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-31 ))))))))))))))))))))))))))))))))))))
.
2008-12-31 15:58 . 2008-12-31 15:58 <REP> d-------- c:\documents and settings\admin\Application Data\Malwarebytes
2008-12-31 15:58 . 2008-12-31 15:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-31 15:58 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-31 15:58 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-31 12:51 . 2008-12-31 12:51 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-12-31 12:48 . 2008-12-31 12:50 <REP> d-------- c:\documents and settings\admin\.housecall6.6
2008-12-31 12:48 . 2008-12-31 12:48 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-17 20:04 . 2008-12-31 11:54 <REP> d-------- c:\documents and settings\admin\Tracing
2008-12-17 20:02 . 2008-12-17 20:02 <REP> d-------- c:\program files\Microsoft
2008-12-17 20:01 . 2008-12-17 20:01 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-17 19:57 . 2008-12-17 19:57 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-15 14:05 . 2003-10-01 13:55 <REP> d--h----- c:\documents and settings\testcitrix\Voisinage réseau
2008-12-15 14:05 . 2003-10-01 13:55 <REP> d--h----- c:\documents and settings\testcitrix\Voisinage d'impression
2008-12-15 14:05 . 2003-10-01 13:55 <REP> d--h----- c:\documents and settings\testcitrix\Modèles
2008-12-15 14:05 . 2003-10-01 13:55 <REP> dr------- c:\documents and settings\testcitrix\Menu Démarrer
2008-12-15 14:05 . 2008-12-15 14:05 <REP> dr------- c:\documents and settings\testcitrix\Favoris
2008-12-15 14:05 . 2003-10-01 13:55 <REP> d-------- c:\documents and settings\testcitrix\Bureau
2008-12-15 14:05 . 2008-12-15 14:07 <REP> d-------- c:\documents and settings\testcitrix\Application Data\ICAClient
2008-12-15 14:05 . 2008-12-15 14:05 <REP> d-------- c:\documents and settings\testcitrix
2008-12-15 14:05 . 2008-12-11 18:52 536,868 --a------ c:\documents and settings\testcitrix\default.scr
2008-12-14 12:27 . 2008-12-14 12:27 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 20:28 . 2008-12-12 20:28 504,794 --a------ C:\rhumato.pdf
2008-12-03 14:54 . 2008-12-03 11:34 14,951,404 --a------ c:\documents and settings\admin\rsisavf.zip
2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
2008-12-02 19:47 . 2008-12-02 19:47 938,470 --a------ C:\Document_20081202_194728.pdf
2008-12-01 11:19 . 2008-12-01 11:19 51 --a------ c:\windows\itrrr.dat
2008-11-07 08:30 . 2008-11-07 08:30 139 --a------ c:\windows\system32\~.inf
2008-11-02 10:35 . 2008-11-02 10:35 472,579 --a------ C:\CNI pass.pdf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-30 23:52 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-19 12:42 793,011 ----a-w c:\documents and settings\admin\default.scr
2008-12-17 19:01 --------- d-----w c:\program files\Windows Live
2008-12-15 13:22 --------- d-----w c:\documents and settings\admin\Application Data\ICAClient
2008-12-14 11:27 --------- d-----w c:\program files\Java
2008-12-07 13:26 --------- d-----w c:\documents and settings\admin\Application Data\U3
2008-12-05 14:55 --------- d-----w c:\documents and settings\admin\Application Data\DNTU
2008-12-03 20:08 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-12 10:35 --------- d-----w c:\documents and settings\admin\Application Data\VMware
2008-11-09 20:57 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-23 09:09 737,280 ----a-w c:\windows\iun6002.exe
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-15 11:53 15,397 ----a-w c:\program files\settings.dat
2008-03-30 07:29 3,648,512 ----a-w c:\documents and settings\admin\Application Data\nkspower.exe
2007-02-19 10:37 28,904 -c--a-w c:\documents and settings\admin\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-04-16 15:53 158,873 --sha-w c:\windows\system32\jxzvhg.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-11-27 13:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
2007-11-22 10:41 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007111220071119\index.dat
2007-11-26 07:04 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007111920071126\index.dat
2007-12-04 07:13 49,152 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007112620071203\index.dat
2007-12-04 07:13 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007120420071205\index.dat
2007-12-05 20:24 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007120520071206\index.dat
2007-12-06 14:47 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007120620071207\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-24 339968]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"TPKBDLED"="c:\windows\System32\TpScrLk.exe" [2002-10-08 40960]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 710000]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-08-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-08-07 24576]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-08-07 45106]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-08-07 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TPP Auto Loader"="c:\windows\tppaldr.exe" [2002-06-24 118784]
"BEWINTERNET-FR-DMESessionManager"="c:\program files\OrangeBs\SessionManager\SessionManager.exe" [2007-05-15 81920]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CardDetectorGX0301"="c:\program files\CardDetector\GX0301\CardDetector.exe" [2007-11-14 278528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TrackPointSrv"="tp4serv.exe" [2005-02-18 c:\windows\system32\tp4serv.exe]
"TP4EX"="tp4ex.exe" [2002-09-04 c:\windows\system32\TP4EX.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="d:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2005-07-25 561152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 10 (0xa)
"ForceStartMenuLogOff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.MPG4"= c:\windows\mpg4c32.dll
"vidc.mpg2"= c:\windows\mpg4c32.dll
"vidc.mpg3"= c:\windows\mpg4c32.dll
"vidc.GEOX"= c:\windows\system32\GeoCodec.dll
"vidc.iv50"= c:\windows\ir50_32.dll
"vidc.MJPG"= c:\windows\m3jpeg32.dll
"vidc.dmb1"= c:\windows\m3jpeg32.dll
"vidc.ffds"= -
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0/u\[u]0/u]
"Script"=chg-administrateur.vbs
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\OrangeBs\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"443:UDP"= 443:UDP:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:UDP port 37675 ooVoo
"1655:TCP"= 1655:TCP:qnhwzjv
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2005-07-01 13872]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2005-07-01 4442]
S2 ACEDRV08;ACEDRV08;\??\c:\windows\system32\drivers\ACEDRV08.sys [2007-11-21 108768]
S2 durfhivvm;Image Time;c:\windows\system32\svchost.exe -k netsvcs [2002-08-30 14336]
S2 oyrnzpkt;Helper Monitor;c:\windows\system32\svchost.exe -k netsvcs [2002-08-30 14336]
S2 TmFilter;Trend Micro Filter;\??\c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2005-11-09 205328]
S2 TmPreFilter;Trend Micro PreFilter;\??\c:\program files\Trend Micro\OfficeScan Client\TmPreFlt.sys [2005-11-09 36368]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\Drivers\camdrv30.sys [2008-01-06 171264]
S3 DVDACCSS;DVDACCSS;\??\c:\progra~1\DVDACC~1\DVDAX.SYS []
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-07-31 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-07-31 51968]
S3 GTF32BUS;GT F32 BUS;c:\windows\system32\DRIVERS\gtf32bus.sys [2007-07-19 35200]
S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-07-19 8064]
S3 GTSCSER;GT SC SER;c:\windows\system32\DRIVERS\gtscser.sys [2007-07-19 21248]
S3 TPP200;USB Storage Adapter V2 (TPP);c:\windows\system32\DRIVERS\TPP200.SYS [2007-02-19 36096]
S3 ZMWS Service;ZMWS Service;d:\cms\guppylocal\ZazouMiniWebServer.exe -service []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
durfhivvm
oyrnzpkt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d626d3da-5c25-11dd-888d-00166f5abf84}]
\Shell\AutoRun\command - G:\AutoRunCardDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fddbf878-2b56-11dd-8876-00166f5abf84}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fddbf879-2b56-11dd-8876-00166f5abf84}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - MDM
*Newly Created Service* - PXHELP20
.
Contenu du dossier 'Tâches planifiées'
2008-12-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-04-14 00:01]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://intranet
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Télécharger avec NetTransport - d:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Add to AMV Convert Tool... - d:\program files\MP3 Player Utilities 3.75\AMVConverter\grab.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - d:\program files\MP3 Player Utilities 3.75\MediaManager\grab.html
IE: Sauver &fichier media avec Flash and Media Capture - c:\program files\Fichiers communs\MetaProducts\FMCapt.dll/savemedia.htm
IE: Sauver &image avec Flash and Media Capture - c:\program files\Fichiers communs\MetaProducts\FMCapt.dll/saveimg.htm
IE: Tout t&élécharger avec NetTransport - d:\program files\Xi\NetTransport 2\NTAddList.html
Trusted Zone: support.fujitsu-siemens.fr
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\OCXDownloadChecker_6110.ocx - O16 -: {1DB93715-3B60-43EE-93E6-279BB3E1DF76}
hxxp://10.210.40.76/cab/OCXChecker_6110.cab
c:\windows\Downloaded Program Files\OCXDownloadChecker.inf
c:\windows\Downloaded Program Files\AtxEnc.dll - O16 -: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4}
hxxps://antivirus.compass-group.fr/officescan/console/html/AtxEnc.cab
c:\windows\system32\ccss.ico - c:\windows\system32\ccs.ico
c:\windows\system32\pCCPPlayer.ocx
c:\windows\system32\ccpxa.dll
O16 -: {45432B26-C76C-43C3-B7D3-EF5A132B995F}
hxxp://rescuerigger.com/CCS-WebKit/pCCPPlayer.cab
c:\windows\Downloaded Program Files\pCCPPlayer.inf
c:\windows\system32\msvcr71.dll - c:\windows\system32\msvcp71.dll
c:\windows\system32\S3DSendLog.exe
c:\windows\system32\mfc71.dll
c:\windows\Downloaded Program Files\Ston3D.ocx
O16 -: {7508D2BB-F085-45BF-8261-167C6DF4D477}
hxxp://player.stonetrip.com/Ston3D.cab
c:\windows\Downloaded Program Files\Ston3D.inf
c:\windows\Downloaded Program Files\VMKeyboardHook.dll - c:\windows\Downloaded Program Files\VMRCActiveXClient.dll
O16 -: {7C896371-4B7F-4B34-95B1-24851F5DED24}
hxxp://dmars-406223/VirtualServer/activex/VMRCActiveXClient.cab
c:\windows\Downloaded Program Files\VMRCActiveXClient.inf
c:\windows\Downloaded Program Files\AtxPie.dll - O16 -: {A050E865-64E3-431B-8079-F0DFCEA90A2D}
hxxps://antivirus.compass-group.fr/ControlManager/SSO_PKI/console/html/root/AtxPie.cab
c:\windows\Downloaded Program Files\CONFLICT.1\VMKeyboardHook.dll - c:\windows\Downloaded Program Files\CONFLICT.1\VMRCActiveXClient.dll
O16 -: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB}
hxxp://smars-vrt03:1024/VirtualServer/activex/VMRCActiveXClient.cab
c:\windows\Downloaded Program Files\CONFLICT.1\VMRCActiveXClient.inf
c:\windows\Downloaded Program Files\Download_6110.ocx - O16 -: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD}
hxxp://10.210.40.76/cab/DownloadFile_6110.cab
c:\windows\Downloaded Program Files\Download.inf
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\6vretfx9.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: d:\program files\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\program files\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 22:25:53
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\durfhivvm]
"ServiceDll"="c:\windows\system32\jxzvhg.dll"
A voir également:
- Sites antivirus et microsoft inaccessibles
- Désinstaller microsoft edge - Guide
- Installer microsoft store - Guide
- Installer windows 10 sans compte microsoft - Guide
- Money microsoft - Télécharger - Comptabilité & Facturation
- Microsoft 365 basic - Guide
