Prob de dns

nattye70 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
victime d'un détournement de DNS: 85.255.x.x (redirection de navigateur)

comment on supprime ca
j ai eu de l aide sur le forum plus tot de quelqu un de tres gentil mais
le mode sans echec ne fonctionne pas
quelqu un a eu ce probleme

merci
Configuration: Windows XP
Firefox 3.0.10

5 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    si les lignes 85.255.x.x sont présentes:

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 5 et appuyer sur entrée afin de créer le rapport des infection présentes.

    _________________

    puis pour verifier:

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. nattye70
       
      SmitFraudFix v2.417

      Rapport fait à 6:31:11,21, 2009-06-01
      Executé à partir de C:\Documents and Settings\stef\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\PROGRA~1\LAUNCH~1\LManager.exe
      C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\stef\Bureau\SmitfraudFix\Policies.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stef


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\stef\LOCALS~1\Temp


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stef\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\stef\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



      »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      o4Patch
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

      »»»»»»»»»»»»»»»»»»»»»»»» RK

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""




      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

      Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 85.255.112.234
      DNS Server Search Order: 85.255.112.185

      Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

      Description: Atheros AR5005G Wireless Network Adapter - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 85.255.112.234
      DNS Server Search Order: 85.255.112.185

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: DhcpNameServer=85.255.112.234,85.255.112.185
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer=85.255.112.234,85.255.112.185
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: DhcpNameServer=192.168.2.1
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: NameServer=85.255.112.234,85.255.112.185
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: DhcpNameServer=85.255.112.234,85.255.112.185
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer=85.255.112.234,85.255.112.185
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: DhcpNameServer=192.168.2.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: NameServer=85.255.112.234,85.255.112.185
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: DhcpNameServer=85.255.112.234,85.255.112.185
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer=85.255.112.234,85.255.112.185
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: NameServer=85.255.112.234,85.255.112.185
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.234,85.255.112.185
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.234,85.255.112.185
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.112.234,85.255.112.185


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
    2. nattye70
       
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by stef at 2009-06-01 06:35:39
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 40 GB (74%) free of 54 GB
      Total RAM: 894 MB (48% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 06:35:44, on 2009-06-01
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\PROGRA~1\LAUNCH~1\LManager.exe
      C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Documents and Settings\stef\Bureau\RSIT.exe
      C:\Documents and Settings\stef\Bureau\stef.exe

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
      O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
      O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
      O4 - Global Startup: Acer Empowering Technology.lnk = ?
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer = 85.255.112.234,85.255.112.185
      O17 - HKLM\System\CCS\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: NameServer = 85.255.112.234,85.255.112.185
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.234,85.255.112.185
      O17 - HKLM\System\CS1\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer = 85.255.112.234,85.255.112.185
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.234,85.255.112.185
      O17 - HKLM\System\CS2\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer = 85.255.112.234,85.255.112.185
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.234,85.255.112.185
      O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      0
  2. nattye70
     
    BONJOUR
    AVEC SMITFRAUD LE CHOIX NO 5 EST POUR RECHERCHÉ DES INFECTIONS ET LES VIRÉS!

    POURQUOI ME DEMANDE T-IL TOUJOURS AVANT DE CHANGER MON I.P EN DYNAMIQUE
    DOIT-JE LE FAIRE

    ELLE EST DEJA EN DYNAMIQUE MON ADRESSE I.P
    ELLE N EST PAS FIXE!!!
    MERCI
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    essaie ceci:

    scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

    ______________________

    puis remets un rapport RSIT
    0
    1. nattye70
       
      desolé
      pas moyen de faire la mise a jour connection bloqué
      je fait un scan
      je revient
      0
    2. nattye70
       
      Malwarebytes' Anti-Malware 1.37
      Version de la base de données: 2182
      Windows 5.1.2600 Service Pack 3

      2009-06-01 11:31:23
      mbam-log-2009-06-01 (11-31-16).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 174666
      Temps écoulé: 28 minute(s), 28 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 2
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 12
      Dossier(s) infecté(s): 5
      Fichier(s) infecté(s): 77

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63f703f8-81c6-4872-8dd5-52dfb933890c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{63f703f8-81c6-4872-8dd5-52dfb933890c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{63f703f8-81c6-4872-8dd5-52dfb933890c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.

      Dossier(s) infecté(s):
      c:\documents and settings\stef\Application Data\ErrorFix (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\Logs (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\Results (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120 (Rogue.ErrorFix) -> No action taken.

      Fichier(s) infecté(s):
      c:\documents and settings\stef\application data\ErrorFix\spy_ignore.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\Logs\2009-04-15 10-43-240.log (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\Logs\2009-04-15 12-00-000.log (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\Logs\2009-04-15 12-00-001.log (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\filelist.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-0.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-1.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-2.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-3.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-4.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-5.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-6.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-7.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-8.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-9.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-10.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-11.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-12.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-13.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-14.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-15.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-16.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-17.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-18.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-19.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-20.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-21.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-22.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-23.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-24.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-25.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-26.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-27.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-28.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-29.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-30.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-31.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-32.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-33.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-34.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-35.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-36.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-37.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-38.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-39.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-40.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-41.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-42.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-43.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-44.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-45.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-46.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-47.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-48.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-49.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-50.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-51.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-52.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-53.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-54.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-55.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-56.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-57.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-58.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-59.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-60.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-61.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-62.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-63.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-64.db (Rogue.ErrorFix) -> No action taken.
      c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-65.db (Rogue.ErrorFix) -> No action taken.
      c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
      C:\WINDOWS\Tasks\ErrorFix Scan.job (Rogue.ErrorFix) -> No action taken.
      0
    3. nattye70
       
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by stef at 2009-06-01 11:40:36
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 40 GB (74%) free of 54 GB
      Total RAM: 894 MB (46% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:40:42, on 2009-06-01
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\PROGRA~1\LAUNCH~1\LManager.exe
      C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
      C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\stef\Bureau\RSIT.exe
      C:\Documents and Settings\stef\Bureau\stef.exe

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
      O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
      O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
      O4 - Global Startup: Acer Empowering Technology.lnk = ?
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui est en quarantaine dans malwarebyte puis

    remets un rapport malwarebyte
    ___________

    mettre a jour internet explorer
    pour XP
    http://download.microsoft.com/...

    pour VISTA:
    http://download.microsoft.com/download/5/9/8/598CDBFA-4C11-45BA-8283-91439C7B8E5B/IE8-WindowsVista-x86-FRA.exe

    _____________

    mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
    https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

    ou passer a un lecteur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas metre les barres foxit, ask, ebay..)

    http://www.commentcamarche.net/telecharger/telechargement 205 foxit reader

    _____________

    Mettre a jour java:
    https://javara.fr.malavida.com/

    Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
    Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    Double-clique sur le répertoire JavaRa obtenu.
    Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
    Clique sur Search For Updates.
    Sélectionne Update Using jucheck.exe puis clique sur Search.
    Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
    Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
    Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
    (c:\JavaRa.log)
    Ferme l'application.

    si cela ne fonctionne pas

    https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

    tu peux désinstaller les vieilles versions.
    _____________

    puis colle un rapport antivir
    0
    1. nattye70
       
      plus rien dans mon pc yahoo!!!merci merci merci
      Avira AntiVir Personal
      Report file date: 1 juin 2009 18:15

      Scanning for 1444480 virus strains and unwanted programs.

      Licensee : Avira AntiVir Personal - FREE Antivirus
      Serial number : 0000149996-ADJIE-0000001
      Platform : Windows XP
      Windows version : (Service Pack 3) [5.1.2600]
      Boot mode : Normally booted
      Username : SYSTEM
      Computer name : ACER-3FAFADAADF

      Version information:
      BUILD.DAT : 9.0.0.394 17962 Bytes 17/04/2009 11:20:00
      AVSCAN.EXE : 9.0.3.5 466689 Bytes 27/04/2009 21:53:02
      AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 14:58:26
      LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 15:35:50
      LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 14:58:54
      ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 16:30:38
      ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 00:33:28
      ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 29/05/2009 13:59:44
      ANTIVIR3.VDF : 7.1.4.42 56320 Bytes 01/06/2009 21:53:40
      Engineversion : 8.2.0.180
      AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 22:05:54
      AESCRIPT.DLL : 8.1.2.0 389497 Bytes 16/05/2009 21:53:10
      AESCN.DLL : 8.1.2.3 127347 Bytes 16/05/2009 21:53:10
      AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 22:24:42
      AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 21:53:32
      AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 00:01:58
      AEHEUR.DLL : 8.1.0.129 1761655 Bytes 16/05/2009 21:53:10
      AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 00:01:58
      AEGEN.DLL : 8.1.1.44 348532 Bytes 16/05/2009 21:53:08
      AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 18:32:40
      AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 21:53:30
      AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 18:32:40
      AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:48:00
      AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 14:32:16
      AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 18:34:30
      AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 14:32:10
      AVARKT.DLL : 9.0.0.3 292609 Bytes 27/04/2009 21:53:02
      AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 14:37:10
      SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 19:03:50
      SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 12:21:34
      NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 14:32:12
      RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 15:45:46
      RCTEXT.DLL : 9.0.37.0 86785 Bytes 27/04/2009 21:53:02

      Configuration settings for the scan:
      Jobname.............................: Complete system scan
      Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
      Logging.............................: low
      Primary action......................: interactive
      Secondary action....................: ignore
      Scan master boot sector.............: on
      Scan boot sector....................: on
      Boot sectors........................: C:, D:,
      Process scan........................: on
      Scan registry.......................: on
      Search for rootkits.................: on
      Integrity checking of system files..: off
      Scan all files......................: All files
      Scan archives.......................: on
      Recursion depth.....................: 20
      Smart extensions....................: on
      Macro heuristic.....................: on
      File heuristic......................: medium

      Start of the scan: 1 juin 2009 18:15

      Starting search for hidden objects.
      '56547' objects were checked, '0' hidden objects were found.

      The scan of running processes will be started
      Scan process 'wordpad.exe' - '1' Module(s) have been scanned
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'firefox.exe' - '1' Module(s) have been scanned
      Scan process 'CLI.EXE' - '1' Module(s) have been scanned
      Scan process 'CLI.EXE' - '1' Module(s) have been scanned
      Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'iPodService.exe' - '1' Module(s) have been scanned
      Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
      Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
      Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
      Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
      Scan process 'Acer.Empowering.Framework.Launcher.exe' - '1' Module(s) have been scanned
      Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
      Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned
      Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
      Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
      Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
      Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
      Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
      Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
      Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
      Scan process 'LManager.exe' - '1' Module(s) have been scanned
      Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
      Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
      Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
      Scan process 'MCRDSVC.EXE' - '1' Module(s) have been scanned
      Scan process 'CLI.EXE' - '1' Module(s) have been scanned
      Scan process 'EHTRAY.EXE' - '1' Module(s) have been scanned
      Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
      Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
      Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
      Scan process 'JQS.EXE' - '1' Module(s) have been scanned
      Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
      Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
      Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
      Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
      Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
      Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
      Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
      Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
      Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
      Scan process 'AAWService.exe' - '1' Module(s) have been scanned
      Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
      Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
      Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
      Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
      Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
      Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
      Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
      Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
      Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
      Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
      Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
      55 processes with 55 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!
      Master boot sector HD1
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!
      Boot sector 'D:\'
      [INFO] No virus was found!

      Starting to scan executable files (registry).
      The registry was scanned ( '75' files ).


      Starting the file scan:

      Begin scan in 'C:\' <ACER>
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      [NOTE] This file is a Windows system file.
      [NOTE] This file cannot be opened for scanning.
      C:\hiberfil.sys
      [WARNING] The file could not be opened!
      [NOTE] This file is a Windows system file.
      [NOTE] This file cannot be opened for scanning.
      Begin scan in 'D:\' <ACERDATA>


      End of the scan: 1 juin 2009 18:52
      Used time: 36:44 Minute(s)

      The scan has been done completely.

      10012 Scanned directories
      341110 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      2 Files cannot be scanned
      341108 Files not concerned
      8630 Archives were scanned
      2 Warnings
      2 Notes
      56547 Objects were scanned with rootkit scan
      0 Hidden objects were found
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    remets un rapport rsit pour dernière vérification
    0