Supprimer Zob.DNSChanger Résolu

Question

Bonjour , mon PC est infecté par Zob.DNSChanger et je n'arrive pas à le supprimer avec Spybot qui est le seul à le détecter . J'ai fait une recherche avec SmitfraudFix et voici le rapport . Un peu d'aide, s'il vous plaît ?

SmitFraudFix v2.217

Rapport fait à 23:23:32,96, 27/08/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\windows\system32\sfitekvitf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\THUSY


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\THUSY\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\THUSY\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdypp.exe"

kdypp.exe détecté !


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: TP-LINK 11b/g Wireless Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 208.67.220.220
DNS Server Search Order: 208.67.222.222 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: NameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F40F0325-E264-4190-8B25-6B2C7D0AFE01}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: NameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F40F0325-E264-4190-8B25-6B2C7D0AFE01}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: NameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F40F0325-E264-4190-8B25-6B2C7D0AFE01}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

green day · Answer

Salut

 on reste ici ! :)

Télécharge ceci sur ton bureau :

Lien :  hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm 
 
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++

steve2 · Answer

OK. Voici le rapport de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:12, on 28/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Starware Toolbar Musique - {dd37610c-baa7-4541-b6e9-fae7d78d49d5} - C:\Program Files\Starware370\bin\Starware370.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - 
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: NameServer = 85.255.115.94,85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

green day · Answer

Salut

bizarre, tu as fais quelque chose depuis hier ???

++

steve2 · Answer

Salut.
Hier, j'ai installé le jeu Worms4 ainsi que le logiciel lockfolder et c'est tout , rien d'autre . Pourquoi ? Qu'est-ce que tu trouve  bizarre ?

green day · Answer

seulement des lignes qui apparaissent dans le rapport smitfraud et pas dans le hijack, poste un nouveau smitfraud stp

++

steve2 · Answer

Voila le nouveau rapport de smitfraud :

SmitFraudFix v2.217

Rapport fait à 19:36:30,81, 28/08/2007
Executé à partir de C:\Documents and Settings\THUSY\Mes documents\logiciels\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\apps\ABoard\AOSD.exe
C:\windows\system32\sfitekvitf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\THUSY


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\THUSY\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\THUSY\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdypp.exe"

kdypp.exe détecté !


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: TP-LINK 11b/g Wireless Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 208.67.220.220
DNS Server Search Order: 208.67.222.222 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: NameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F40F0325-E264-4190-8B25-6B2C7D0AFE01}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: NameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F40F0325-E264-4190-8B25-6B2C7D0AFE01}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}: NameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F40F0325-E264-4190-8B25-6B2C7D0AFE01}: DhcpNameServer=85.255.115.94,85.255.112.137
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

green day · Answer

ok,

#  Télécharger FixWareout sur le bureau : http://downloads.subratam.org/Fixwareout.exe
# Lancer le fix : cliquer sur Next, puis Install, s’assurer que l’option Run fixit est activée puis cliquer sur Finish.
# Il sera demandé ensuite de redémarrer l’ordinateur : redémarrer le.
# Si le système met un peu plus de temps au démarrage, c'est normal.
# Le contenu du rapport qui s'affichera à l'écran sera enregistrai dans un fichier nommé report.txt, poste le stp

ensuite reposte un nouveau smitfraud stp

++

steve2 · Answer

ok, 
Voici le rapport du fix :

Username "administrateur" - 2007-08-29  1:03:16 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdypp.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D} 
"nameserver"="85.255.115.94,85.255.112.137" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}
"DhcpNameServer"="85.255.115.94,85.255.112.137" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{DAACE8C6-CCC2-4956-A4A8-3CDB25EB190D}
"DhcpNameServer"="85.255.115.94,85.255.112.137" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{F40F0325-E264-4190-8B25-6B2C7D0AFE01}
"DhcpNameServer"="85.255.115.94,85.255.112.137" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully. 
 
»»»»» Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "system"="" 
....
....
»»»»» Misc files. 
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kdypp.ren 71214 20/08/2004 

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe"
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe"
"VCSPlayer"="\"C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe\""
"CleanEasyImg"="c:\apps\easydvd\cleanall.exe"
"Club-Internet_McciTrayApp"="C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe"
"StandardInstall"=""
"sfitekvitf"="c:\windows\system32\sfitekvitf.exe sfitekvitf"
"!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
C:\WINDOWSepair\autoexec.nt  missing 
C:\WINDOWSepair\Config.nt  missing 
»»»»» End report »»»»»

steve2 · Answer

et voici un rapport smitfraud :

SmitFraudFix v2.217

Rapport fait à  1:18:19,59, 29/08/2007
Executé à partir de C:\Documents and Settings\THUSY\Mes documents\logiciels\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\windows\system32\sfitekvitf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\THUSY


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\THUSY\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\THUSY\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: TP-LINK 11b/g Wireless Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 208.67.220.220
DNS Server Search Order: 208.67.222.222 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: DhcpNameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

steve2 · Answer

réaction ?

green day · Answer

Salut

il y a de l'amélioration !

fais ce qui est indiqué ici stp :

virus methode preliminaire de desinfection version fr

++

steve2 · Answer

Ok,
A l'étape 2, le rapport de AVG anti-spyware indique qu'il ny a rien et maintenant je passe à Bit defender

steve2 · Answer

Et voici le rapport de bit defender , et je passe maintenant à hijackThis :



BitDefender Online Scanner - Real Time Virus Report
	
Generated at: Fri, Aug 31, 2007 - 22:36:32


Scan Info
Scanned Files
	
257379

Infected Files
	
14
	

 Virus Detected

Dropped:Trojan.DNSChanger.PJ
	
1

Trojan.Downloader.Zlob.ZQN
	

13

steve2 · Answer

Et voila le rapport de hijackthis . J'espère ne pas être trop optimiste en pensant que mon problème est réglé :) !


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:38, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {dd37610c-baa7-4541-b6e9-fae7d78d49d5} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LFAgent] C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30.exe -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - 
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B26B6E6-7CB4-4B92-BDA1-7B93A0B7C78E}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\..\{C392F26C-D9D5-4DDF-97E0-7BB49B2804BE}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D60412C-4200-4025-92C9-6728D55719CF}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

green day · Answer

Et bien justement, où en sont tes soucis ???

++

steve2 · Answer

salut! Il semblerait que mes soucis avec zob.dnschanger soient fini ! Merci beaucoup pour ton aide !

green day · Answer

Salut

ok, il ne te reste plus qu'à installer un parefeu !

==> voir ici :  securite proteger un ordinateur contre les malwares d internet

pas d'quoi ;-)

@+

Supprimer Zob.DNSChanger

17 réponses

Votre réponse

Discussions similaires

Newsletters