Redirection DNS

Résolu

AchChti Messages postés 17 Statut Membre -
geoffrey5 Messages postés 14008 Statut Contributeur sécurité - 26 nov. 2008 à 23:00

Bonjour,
Permettez moi de demander votre aide pour un problème de DNS est changé come suite :

Serveurs DNS. . . . . . . . . . . . . : 85.255.112.101
85.255.112.8
Je n’arrive pas à le modifier…

suite à un sujet déjà résolu " infection virus tazebama.dll_ ", j'ai commencé à suivre les étapes, j’ai fait un scan avec « Hijackthis », et j’ai besoin d’analyser les logs que vous trouverai ci-dessous :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:57, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\ANA\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\stacsv.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\conime.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome. exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome. exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome. exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome. exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome. exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome. exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome. exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskmgr.exe
C:\hijackthis\Achti.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.7.2:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SeePassword] C:\Users\ANA\AppData\Local\Temp\Rar$EX00.680\See_Password_2.05.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\ANA\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'ℑ au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer = 85.255.112.101;85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer = 85.255.112.101;85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer = 85.255.112.101;85.255.112.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kddkk.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 15241 bytes

Merci beaucoup

Achraf

Afficher la suite

A voir également:

Redirection DNS
Changer dns - Guide
Dns gratuit - Guide
Flush dns - Guide
Dns benchmark - Télécharger - Divers Réseau & Wi-Fi
Dns orange - Accueil - Guide box et connexion Internet

14 réponses

Réponse 1 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Salut !!

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.

ensuite :

Option 1 - Recherche :

▶ télécharge smitfraudfix et enregistre le sur le bureau

▶ Ensuite double clique sur smitfraudfix puis exécuter

▶ Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

▶ copier/coller le rapport dans la réponse.

Voici un tutoriel sonore et animé en cas de problème d'utilisation

(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains,
cet utilitaire pourrait arrêter des logiciels de sécurité.)

AchChti Messages postés 17 Statut Membre

Salut et Merci

ci-dessous le rapport SmitfraudFix, comme tu m'a demandé:

#################################################################"
SmitFraudFix v2.378

Scan done at 8:55:52,32, 25/11/2008
Run from C:\Users\ANA\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Users\ANA\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf FOUND !
C:\resycled\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 85.255.112.101;85.255.112.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

################################################################

Réponse 2 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Salut !!

Maintenant fais ceci stp :

▶ redémarre le PC en mode sans échec

▶ Double cliquer sur smitfraudfix

▶ Sélectionner 5

▶ Enregistre le rapport sur ton bureau

▶ redémarre en mode normal et poste le rapport dans ta prochaine réponse stp

AchChti Messages postés 17 Statut Membre

Slt,

il n'a rien donnée, je crois qu'il n'a pas accepté le mode sans échec:

SmitFraudFix v2.378

Mode normal seulement - Normal mode only
Appuyez sur une touche pour continuer...

entre temps j'ai utilisé "Malwarebytes' Anti-Malware", il a supprimé des trucs, le DNS est redevenu propre mais après redémarrage le problème est revenu.
ci-dessous le rapport "Malwarebytes'":
#######################################################################
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 6.0.6001 Service Pack 1

25/11/2008 15:15:57
mbam-log-2008-11-25 (15-15-52).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 313024
Temps écoulé: 3 hour(s), 33 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 10
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0ee03dec-1e4c-4059-ac1e-63af8d439843}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0ee03dec-1e4c-4059-ac1e-63af8d439843}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6105ec55-1ba1-4d0f-a088-2c6a0a3643b5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6105ec55-1ba1-4d0f-a088-2c6a0a3643b5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1d253e1-0545-40a2-9b07-897d366ba524}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0ee03dec-1e4c-4059-ac1e-63af8d439843}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0ee03dec-1e4c-4059-ac1e-63af8d439843}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6105ec55-1ba1-4d0f-a088-2c6a0a3643b5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6105ec55-1ba1-4d0f-a088-2c6a0a3643b5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b1d253e1-0545-40a2-9b07-897d366ba524}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> No action taken.

Dossier(s) infecté(s):
C:\resycled (Trojan.DNSChanger) -> No action taken.

Fichier(s) infecté(s):
C:\resycled\boot.com (Trojan.DNSChanger) -> No action taken.
######################################################"

AchChti Messages postés 17 Statut Membre

comme il n'a pas accepté en mode sans échec, je l'ai exécuté en mode normale, ci-dessous le rapport:

SmitFraudFix v2.378

Scan done at 16:08:06,68, 25/11/2008
Run from C:\Users\ANA\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 85.255.112.101;85.255.112.8

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=192.168.1.254

AchChti Messages postés 17 Statut Membre

le rapport de l'option 1, après exécution de l'option 5:

SmitFraudFix v2.378

Scan done at 16:23:19,85, 25/11/2008
Run from C:\Users\ANA\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\System32\rundll32.exe
C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\conime.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 85.255.112.101;85.255.112.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Réponse 3 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

vas vider la quarantaine de malwarebytes et ensuite fais ceci stp :

Option 2 - Nettoyage :

▶ redémarre le PC en mode sans échec

▶ Double cliquer sur smitfraudfix

▶ Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

▶ A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

▶ Enregistre le rapport sur ton bureau

▶ Redémarrer en mode normal et poster le rapport.

AchChti Messages postés 17 Statut Membre

Salut,
ci-dessous le rapport de l'option 2:

######################################################################
SmitFraudFix v2.378

Scan done at 20:50:15,69, 25/11/2008
Run from C:\Users\ANA\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Google\googletoolbar1.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
######################################################################

et voici le rapport de l'option 1, après le clean:

####################################################################
SmitFraudFix v2.378

Scan done at 21:01:22,66, 25/11/2008
Run from C:\Users\ANA\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\alg.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 85.255.112.101;85.255.112.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
####################################################################

Réponse 4 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Toujours les infections wareout...

relance smitfraudFix avec l'option 5 et poste le rapport stp

AchChti Messages postés 17 Statut Membre

je pense que cette fois ci est la bonne...tu peut me confirmer?

Merci pour tout, Merci beaucoup.

ci-dessous le rapport de l'option 5, ainsi celui de l'option 1:

#############################################
SmitFraudFix v2.378

Scan done at 21:11:50,66, 25/11/2008
Run from C:\Users\ANA\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 85.255.112.101;85.255.112.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
########################################################
########################################################
########################################################
SmitFraudFix v2.378

Scan done at 21:14:44,40, 25/11/2008
Run from C:\Users\ANA\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\alg.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANA\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
###########################################################

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Ok maintenant fais ceci stp :

▶ Télécharge RegCleaner

▶ Une fois installé, double-clique sur son icône pour l'exécuter

▶ Dans la barre de menu, clique sur Options puis sélectionne Language => Choose the language

▶ recherche French.rlg et double-clique dessus pour appliquer la langue

▶ Clique ensuite sur Outils dans la barre de menu

▶ Sélectionne Nettoyage du registre => Nettoyeur de registre automatique

▶ RegCleaner va alors lancer le nettoyage automatiquement

▶ Coche ensuite les entrées invalides qui sont apparues dans la fenêtre et clique sur Supprimer sélections => Terminer => Quitter

Et ensuite refais un nouveau rapport hijackthis stp

AchChti Messages postés 17 Statut Membre

Nécessaire fait, ci-dessous le rapport "hijackthis":

#######################################################
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:19, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\alg.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\hijackthis\Achti.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SeePassword] C:\Users\ANA\AppData\Local\Temp\Rar$EX00.680\See_Password_2.05.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kddkk.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 6 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

puis tu cliques sur fix checked.

je ne vois pas d antivirus... Tu n en as pas ??

AchChti Messages postés 17 Statut Membre

Nécessaire fait, ci-dessous les log hijackthis :

concernant l'antivirus, j'ai Zone Alarme Security Suite version 8

###############################################
###############################################
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:44, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\alg.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\hijackthis\Achti.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SeePassword] C:\Users\ANA\AppData\Local\Temp\Rar$EX00.680\See_Password_2.05.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer = 85.255.112.101;85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer = 85.255.112.101;85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer = 85.255.112.101;85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer = 85.255.112.101;85.255.112.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kddkk.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 7 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

ce n est pas un nouveau rapport que tu as envoyé mais si tu as bien fixé les lignes que je t ai demandé c est bon ;-)

Est ce que tu as encore des problèmes ??

AchChti Messages postés 17 Statut Membre

c'est le dérnier rapport, tu peux vérifier avec le champ "Scan saved at 22:10:44, on 25/11/2008 ", moi j'ai actuellement 22h40.

j'ai toujours sur DNS les fameuses address, je ne sais pas si je dois redémmarer pour voir s'il y a un changement.

Serveurs DNS. . . . . . . . . . . . . : 85.255.112.101
85.255.112.8

ci-dessous tu trouvera les rapports:

############## hijackthis ###################
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:49, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\alg.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\hijackthis\Achti.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SeePassword] C:\Users\ANA\AppData\Local\Temp\Rar$EX00.680\See_Password_2.05.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer = 85.255.112.101;85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer = 85.255.112.101;85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer = 85.255.112.101;85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer = 85.255.112.101;85.255.112.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kddkk.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 8 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

relance encore smitfraudfix avec l option 5 stp

Tu viens d où au faite ??

AchChti Messages postés 17 Statut Membre

je suis marocain et actuellement je suis au Mali.. et toi?

l'option 5 OK, ci-dessous le rapport:

SmitFraudFix v2.378

Scan done at 22:55:47,80, 25/11/2008
Run from C:\Users\ANA\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 85.255.112.101;85.255.112.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Réponse 9 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Je viens de Belgique... je me demandais pourquoi il n'était que 23h chez toi mais maintenant je comprends ;-)

Ton rapport est incomplet...

AchChti Messages postés 17 Statut Membre

désolé j'ai pas fait attention lors du Copy/Past, je n'ai pas sauvegardé le rapport

une autre exécution ne donne rien
#######################################
SmitFraudFix v2.378

Scan done at 23:14:39,29, 25/11/2008
Run from C:\Users\ANA\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
######################################""

j'ai remarqué qu'après que je me déconnecte et je me reconnecte, le DNS reapparet!!!

je vais faire encore l'option 5:

SmitFraudFix v2.378

Scan done at 23:19:28,26, 25/11/2008
Run from C:\Users\ANA\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 85.255.112.101;85.255.112.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

je confirme bien que c'est la fin du rapport..

Réponse 10 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Ok fais ceci stp :

▶ Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau

▶ Double-clique sur OTMoveIt.exe pour le lancer.

▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous "Paste instructions for item to be moved".

:files
C:\Windows\system32\kddkk.exe

:services
Windows Tribute Service

▶ clique sur MoveIt! pour lancer la suppression.

▶ Le résultat apparaitra dans le cadre "Results".

▶ Clique sur Exit pour fermer.

▶ Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

▶ Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

ensuite redémarre le pc et refais un nouveau rapport hijackthis stp

AchChti Messages postés 17 Statut Membre

le rapport C:\_OTMoveIt\MovedFiles:

========== FILES ==========
File/Folder C:\Windows\system32\kddkk.exe not found.
========== SERVICES/DRIVERS ==========
Service Windows Tribute Service stopped successfully.
Service Windows Tribute Service deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11252008_233117

comme le fichier n'a pas été supprimé, et je me rappel que windows defender a détecté ce meme fichier et il n'a pas pu le supprimer, meme moi j'avais essayer d le faire manuellement mais sans résultat.
j'ai profité du reboot pour passer en mode sans échec, j'ai supprimé le fichier C:\Windows\system32\kddkk.exe, j'ai passé en mode normale puis j'ai exécuté l'option 5 du SmitFraudFix (ci-dessous le rapport), et à la fin HijackThis.

########################################
SmitFraudFix v2.378

Scan done at 23:44:07,10, 25/11/2008
Run from C:\Users\ANA\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
DNS Server Search Order: 85.255.112.101;85.255.112.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: DhcpNameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6105EC55-1BA1-4D0F-A088-2C6A0A3643B5}: NameServer=85.255.112.101;85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: NameServer=85.255.112.101;85.255.112.8

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

#################################################

le rapport de HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:18, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Windows\notepad.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\hijackthis\Achti.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SeePassword] C:\Users\ANA\AppData\Local\Temp\Rar$EX00.680\See_Password_2.05.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer = 196.200.88.100 196.200.80.24
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EE03DEC-1E4C-4059-AC1E-63AF8D439843}: NameServer = 196.200.88.100 196.200.80.24
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kddkk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 11 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

ca a l air bon, plus de traces des DNS...

relance hijackthis en cliquant sur scan only et coches cette ligne stp :

O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kddkk.exe (file missing)

puis tu cliques sur fix checked.

ensuite :

▶ Télécharge malwarebyte's anti-malware

▶ Un tutoriel sera à ta disposition sur ce site pour t'aider à l'utiliser.

▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

▶ L'analyse peut durer un bon moment.....

▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée

AchChti Messages postés 17 Statut Membre

c'est bon, il a demandé un reboot, c'est OK il n'y a plus de DNS...

j'ai déjà le programme malwarebyte's anti-malware , il prend sur mon PC 3h30, je vais le lancer et demain matin je poste les résultats.

Merci Chef.

Réponse 12 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Ok y a pas de problèmes ;-)

Fais une mise à jour avant de lancer une analyse complète...

Bonne fin de soirée @+

AchChti Messages postés 17 Statut Membre

Salut,

j'ai exécuté Malwarebytes il n'a rien trouvé, puis j'ai exécuté deux fois combofix il a viré un fichier et un répertoire.

je crois maintenant c'est OK, Merci infiniment.

ci-dessous les rapports Malwarebytes, Hijackthis et SmitFraudFix :

@@@@@@@@@@@@@ Malwarebytes @@@@@@@@@@@@@
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 6.0.6001 Service Pack 1

26/11/2008 15:01:33
mbam-log-2008-11-26 (15-01-33).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 259907
Temps écoulé: 2 hour(s), 57 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@
@@@@@@@@@@@@@@@ HijackThis @@@@@@@@@@@
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:37, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\Apntex.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ANA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\IDM COMPUTER SOLUTIONS\ULTRAEDIT-32\uedit32.exe
C:\hijackthis\Achti.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.7.2:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ANA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 13 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Salut !!

Si tu n as plus de problèmes, tu peux faire ceci pour terminer stp :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

▶ Télécharge Toolscleaner sur ton Bureau

▶ Double-clique sur ToolsCleaner2.exe et laisse le travailler
▶ Clique sur Recherche et laisse le scan se terminer.
▶ Clique sur Suppression pour finaliser.
▶ Tu peux, si tu le souhaites, te servir des Options facultatives.
▶ Clique sur Quitter, pour que le rapport puisse se créer.
▶ Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

Désactive et réactive la Restauration du système :

Voici un tutoriel qui t expliquera comment désactiver et réactiver la restauration du système.

Ensuite vas réactiver le controle des comptes et créer un point de restauration !! IMPORTANT

Tu peux mettre ton problème résolu !! Comment mettre résolu ??

AchChti Messages postés 17 Statut Membre

c'est fait, ci-dessous le rapport.

Mille Merci.

[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\HijackThis: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\hijackthis\hijackthis.log: trouvé !
C:\Users\ANA\AppData\Roaming\Microsoft\Windows\Recent\MSNFix.lnk: trouvé !
C:\Users\ANA\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
C:\Users\ANA\Desktop\SmitFraudfix: trouvé !
C:\Users\ANA\Desktop\AttaqueDNS\ComboFix.exe: trouvé !
C:\Users\ANA\Desktop\AttaqueDNS\SmitFraudFix.exe: trouvé !
C:\Users\ANA\Desktop\AttaqueDNS\OTMoveIt3.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Users\ANA\AppData\Roaming\Microsoft\Windows\Recent\MSNFix.lnk: supprimé !
C:\Users\ANA\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
C:\Users\ANA\Desktop\AttaqueDNS\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Users\ANA\Desktop\AttaqueDNS\SmitFraudFix.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\hijackthis\hijackthis.log: supprimé !
C:\Users\ANA\Desktop\AttaqueDNS\OTMoveIt3.exe: supprimé !
C:\HijackThis: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Users\ANA\Desktop\SmitFraudfix: supprimé !

Réponse 14 / 14

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

C est ok ;-)

Supprime aussi combofix stp

Bonne fin de soirée @+

Discussions similaires

DNS_PROBE_STARTED uniquement avec G chrome pas Firefox ?

erreur : DSN PROBE finished no internet

GOOGLE avertissement de redirection

message d'erreur : DNS PROBE FINISHED NO INTERNET

Redirection DNS

14 réponses

Votre réponse

Discussions similaires

Newsletters