Sujet Précédent Sujet Suivant

Prob de dns

nattye70 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
victime d'un détournement de DNS: 85.255.x.x (redirection de navigateur)

comment on supprime ca
j ai eu de l aide sur le forum plus tot de quelqu un de tres gentil mais
le mode sans echec ne fonctionne pas
quelqu un a eu ce probleme

merci
A voir également:

5 réponses

Réponse 1 / 5
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt

si les lignes 85.255.x.x sont présentes:

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 5 et appuyer sur entrée afin de créer le rapport des infection présentes.

_________________

puis pour verifier:

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
nattye70
 
SmitFraudFix v2.417

Rapport fait à 6:31:11,21, 2009-06-01
Executé à partir de C:\Documents and Settings\stef\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\stef\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stef


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\stef\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stef\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\stef\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.112.234
DNS Server Search Order: 85.255.112.185

Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

Description: Atheros AR5005G Wireless Network Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.112.234
DNS Server Search Order: 85.255.112.185

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: DhcpNameServer=85.255.112.234,85.255.112.185
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer=85.255.112.234,85.255.112.185
HKLM\SYSTEM\CCS\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: NameServer=85.255.112.234,85.255.112.185
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: DhcpNameServer=85.255.112.234,85.255.112.185
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer=85.255.112.234,85.255.112.185
HKLM\SYSTEM\CS1\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: NameServer=85.255.112.234,85.255.112.185
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: DhcpNameServer=85.255.112.234,85.255.112.185
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer=85.255.112.234,85.255.112.185
HKLM\SYSTEM\CS2\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: NameServer=85.255.112.234,85.255.112.185
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.234,85.255.112.185
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.234,85.255.112.185
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.112.234,85.255.112.185


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
nattye70
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by stef at 2009-06-01 06:35:39
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 40 GB (74%) free of 54 GB
Total RAM: 894 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:35:44, on 2009-06-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\stef\Bureau\RSIT.exe
C:\Documents and Settings\stef\Bureau\stef.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{63F703F8-81C6-4872-8DD5-52DFB933890C}: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CS2\Services\Tcpip\..\{1EC84E10-E519-4B45-8734-CED186FA24C3}: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.234,85.255.112.185
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
0
Réponse 2 / 5
nattye70
 
BONJOUR
AVEC SMITFRAUD LE CHOIX NO 5 EST POUR RECHERCHÉ DES INFECTIONS ET LES VIRÉS!

POURQUOI ME DEMANDE T-IL TOUJOURS AVANT DE CHANGER MON I.P EN DYNAMIQUE
DOIT-JE LE FAIRE

ELLE EST DEJA EN DYNAMIQUE MON ADRESSE I.P
ELLE N EST PAS FIXE!!!
MERCI
0
Réponse 3 / 5
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
essaie ceci:

scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

puis remets un rapport RSIT
0
nattye70
 
desolé
pas moyen de faire la mise a jour connection bloqué
je fait un scan
je revient
0
nattye70
 
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2182
Windows 5.1.2600 Service Pack 3

2009-06-01 11:31:23
mbam-log-2009-06-01 (11-31-16).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 174666
Temps écoulé: 28 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 12
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 77

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63f703f8-81c6-4872-8dd5-52dfb933890c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{63f703f8-81c6-4872-8dd5-52dfb933890c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1ec84e10-e519-4b45-8734-ced186fa24c3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{63f703f8-81c6-4872-8dd5-52dfb933890c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234,85.255.112.185 -> No action taken.

Dossier(s) infecté(s):
c:\documents and settings\stef\Application Data\ErrorFix (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\Logs (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\Results (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120 (Rogue.ErrorFix) -> No action taken.

Fichier(s) infecté(s):
c:\documents and settings\stef\application data\ErrorFix\spy_ignore.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\Logs\2009-04-15 10-43-240.log (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\Logs\2009-04-15 12-00-000.log (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\Logs\2009-04-15 12-00-001.log (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\filelist.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-0.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-1.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-2.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-3.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-4.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-5.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-6.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-7.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-8.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-9.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-10.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-11.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-12.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-13.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-14.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-15.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-16.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-17.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-18.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-19.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-20.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-21.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-22.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-23.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-24.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-25.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-26.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-27.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-28.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-29.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-30.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-31.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-32.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-33.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-34.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-35.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-36.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-37.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-38.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-39.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-40.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-41.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-42.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-43.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-44.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-45.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-46.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-47.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-48.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-49.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-50.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-51.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-52.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-53.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-54.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-55.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-56.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-57.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-58.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-59.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-60.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-61.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-62.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-63.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-64.db (Rogue.ErrorFix) -> No action taken.
c:\documents and settings\stef\application data\ErrorFix\quarantinew\2009-04-15 10-45-120\regb-65.db (Rogue.ErrorFix) -> No action taken.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\ErrorFix Scan.job (Rogue.ErrorFix) -> No action taken.
0
nattye70
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by stef at 2009-06-01 11:40:36
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 40 GB (74%) free of 54 GB
Total RAM: 894 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:42, on 2009-06-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\stef\Bureau\RSIT.exe
C:\Documents and Settings\stef\Bureau\stef.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
0
Réponse 4 / 5
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire ce qui est en quarantaine dans malwarebyte puis

remets un rapport malwarebyte
___________

mettre a jour internet explorer
pour XP
http://download.microsoft.com/...

pour VISTA:
http://download.microsoft.com/download/5/9/8/598CDBFA-4C11-45BA-8283-91439C7B8E5B/IE8-WindowsVista-x86-FRA.exe

_____________

mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

ou passer a un lecteur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas metre les barres foxit, ask, ebay..)

http://www.commentcamarche.net/telecharger/telechargement 205 foxit reader

_____________

Mettre a jour java:
https://javara.fr.malavida.com/

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

si cela ne fonctionne pas

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

tu peux désinstaller les vieilles versions.
_____________

puis colle un rapport antivir
0
nattye70
 
plus rien dans mon pc yahoo!!!merci merci merci
Avira AntiVir Personal
Report file date: 1 juin 2009 18:15

Scanning for 1444480 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ACER-3FAFADAADF

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 17/04/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 27/04/2009 21:53:02
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 14:58:26
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 15:35:50
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 14:58:54
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 16:30:38
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 00:33:28
ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 29/05/2009 13:59:44
ANTIVIR3.VDF : 7.1.4.42 56320 Bytes 01/06/2009 21:53:40
Engineversion : 8.2.0.180
AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 22:05:54
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 16/05/2009 21:53:10
AESCN.DLL : 8.1.2.3 127347 Bytes 16/05/2009 21:53:10
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 22:24:42
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 21:53:32
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 00:01:58
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 16/05/2009 21:53:10
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 00:01:58
AEGEN.DLL : 8.1.1.44 348532 Bytes 16/05/2009 21:53:08
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 18:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 21:53:30
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 18:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:48:00
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 14:32:16
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 18:34:30
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 14:32:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 27/04/2009 21:53:02
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 14:37:10
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 19:03:50
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 12:21:34
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 14:32:12
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 15:45:46
RCTEXT.DLL : 9.0.37.0 86785 Bytes 27/04/2009 21:53:02

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 1 juin 2009 18:15

Starting search for hidden objects.
'56547' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'wordpad.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Launcher.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'MCRDSVC.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'EHTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'JQS.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
55 processes with 55 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '75' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'D:\' <ACERDATA>


End of the scan: 1 juin 2009 18:52
Used time: 36:44 Minute(s)

The scan has been done completely.

10012 Scanned directories
341110 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
341108 Files not concerned
8630 Archives were scanned
2 Warnings
2 Notes
56547 Objects were scanned with rootkit scan
0 Hidden objects were found
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
remets un rapport rsit pour dernière vérification
0

Discussions similaires

DNS_PROBE_STARTED uniquement avec G chrome pas Firefox ?
patmoss -
patmoss -

3 réponses
erreur : DSN PROBE finished no internet
antiboijoande -
Chica -

6 réponses
Erreurs DNS_PROBE_STARTED à répétition
metany -
metany -

11 réponses
message d'erreur : DNS PROBE FINISHED NO INTERNET
twin73 -
Anne -

61 réponses