Sebab

Fenêtre WINANTIVIRUS intempestive [RESOLU]

Moi je dis BRAVO !!! :P Apparemment, ça tourne à merveille ; le bidule a bien été viré ! Merci Eclypse !!!!!!!!!!!!

Merci... Voici le rapport Hijack' : Logfile of HijackThis v1.99.1 Scan saved at 12:00, on 2007-08-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\Program Files\Avast Software\Avast4\aswUpdSv.exe C:\Program Files\Avast Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Avast Software\Avast4\ashMaiSv.exe C:\Program Files\Avast Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Avast Software\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrateur\Mes documents\Sébastien\Outils\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer = 85.255.113.133 85.255.112.94 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Et Wareout : Username "Administrateur" - 2007-08-16 11:45:51 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FD721D33-7848-4028-8FAC-163409076536} "nameserver"="85.255.113.133" <Value cleared. Cache de résolution DNS vidé. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... »»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe" "adiras"="adiras.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe" "avast!"="\"C:\\Program Files\\Avast Software\\Avast4\\ashDisp.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\"" "mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\"" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»

Bonjour Eclypse, Bon, voilà le rapport suite option 2 : SmitFraudFix v2.212 Rapport fait à 10:57:54.29, 2007-08-16 Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 ar.atwola.com 192.168.200.3 atdmt.com 192.168.200.3 avp.ch 192.168.200.3 avp.com 192.168.200.3 avp.ru 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 ca.com 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 customer.symantec.com 192.168.200.3 dispatch.mcafee.com 192.168.200.3 download.mcafee.com 192.168.200.3 downloads-us1.kaspersky-labs.com 192.168.200.3 downloads-us2.kaspersky-labs.com 192.168.200.3 downloads-us3.kaspersky-labs.com 192.168.200.3 downloads1.kaspersky-labs.com 192.168.200.3 downloads2.kaspersky-labs.com 192.168.200.3 downloads3.kaspersky-labs.com 192.168.200.3 downloads4.kaspersky-labs.com 192.168.200.3 engine.awaps.net 192.168.200.3 f-secure.com 192.168.200.3 fastclick.net 192.168.200.3 ftp.avp.ch 192.168.200.3 ftp.downloads1.kaspersky-labs.com 192.168.200.3 ftp.downloads2.kaspersky-labs.com 192.168.200.3 ftp.downloads3.kaspersky-labs.com 192.168.200.3 ftp.f-secure.com 192.168.200.3 ftp.kasperskylab.ru 192.168.200.3 ftp.sophos.com 192.168.200.3 ids.kaspersky-labs.com 192.168.200.3 kaspersky-labs.com 192.168.200.3 kaspersky.com 192.168.200.3 liveupdate.symantec.com 192.168.200.3 liveupdate.symantecliveupdate.com 192.168.200.3 mast.mcafee.com 192.168.200.3 mcafee.com 192.168.200.3 media.fastclick.net 192.168.200.3 my-etrust.com 192.168.200.3 nai.com 192.168.200.3 networkassociates.com 192.168.200.3 norton.com 192.168.200.3 phx.corporate-ir.net 192.168.200.3 rads.mcafee.com 192.168.200.3 secure.nai.com 192.168.200.3 securityresponse.symantec.com 192.168.200.3 service1.symantec.com 192.168.200.3 sophos.com 192.168.200.3 spd.atdmt.com 192.168.200.3 symantec.com 192.168.200.3 trendmicro.com 192.168.200.3 update.symantec.com 192.168.200.3 updates.symantec.com 192.168.200.3 updates1.kaspersky-labs.com 192.168.200.3 updates2.kaspersky-labs.com 192.168.200.3 updates3.kaspersky-labs.com 192.168.200.3 updates4.kaspersky-labs.com 192.168.200.3 updates5.kaspersky-labs.com 192.168.200.3 us.mcafee.com 192.168.200.3 vil.nai.com 192.168.200.3 viruslist.com 192.168.200.3 viruslist.ru 192.168.200.3 virusscan.jotti.org 192.168.200.3 virustotal.com 192.168.200.3 www.avp.ch 192.168.200.3 www.avp.com 192.168.200.3 www.avp.ru 192.168.200.3 www.awaps.net 192.168.200.3 www.ca.com 192.168.200.3 www.f-secure.com 192.168.200.3 www.fastclick.net 192.168.200.3 www.grisoft.com 192.168.200.3 www.kaspersky-labs.com 192.168.200.3 www.kaspersky.com 192.168.200.3 www.kaspersky.ru 192.168.200.3 www.mcafee.com 192.168.200.3 www.my-etrust.com 192.168.200.3 www.nai.com 192.168.200.3 www.networkassociates.com 192.168.200.3 www.sophos.com 192.168.200.3 www.symantec.com 192.168.200.3 www.symantec.com 192.168.200.3 www.trendmicro.com 192.168.200.3 www.viruslist.com 192.168.200.3 www.viruslist.ru 192.168.200.3 www.virustotal.com 192.168.200.3 www3.ca.com »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer=85.255.113.133 85.255.112.94 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer=85.255.113.133 85.255.112.94 HKLM\SYSTEM\CS2\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

J'avais téléchargé la nouvelle mais conservé l'ancienne... c'est visiblement cette dernière qui avait pris le pas sur l'autre... Merci ! Bon, cette fois-ci, je crois que j'ai réussi (boulet, boulet) SmitFraudFix v2.212 Rapport fait à 7:49:04.06, 2007-08-16 Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\Program Files\Avast Software\Avast4\aswUpdSv.exe C:\Program Files\Avast Software\Avast4\ashServ.exe C:\WINDOWS\system32\printer.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Avast Software\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Avast Software\Avast4\ashMaiSv.exe C:\Program Files\Avast Software\Avast4\ashWebSv.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 192.168.200.3 download.microsoft.com 192.168.200.3 downloads.microsoft.com 192.168.200.3 go.microsoft.com 192.168.200.3 microsoft.com 192.168.200.3 msdn.microsoft.com 192.168.200.3 office.microsoft.com 192.168.200.3 support.microsoft.com 192.168.200.3 windowsupdate.microsoft.com 192.168.200.3 www.microsoft.com 192.168.200.3 pandasoftware.com 192.168.200.3 www.pandasoftware.com »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\printer.exe PRESENT ! C:\WINDOWS\system32\WinAvXX.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\ADMINI~1\MENUDM~1\PROGRA~1\DMARRA~1\system.exe PRESENT ! C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\autorun.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\system32\\hanonvt.ini" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 85.255.113.133 DNS Server Search Order: 85.255.112.94 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer=85.255.113.133 85.255.112.94 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer=85.255.113.133 85.255.112.94 HKLM\SYSTEM\CS2\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer=85.255.113.133 85.255.112.94 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Merci Eclypse. Voici mon rapport SmitFraud. Pendant son analyse, j'ai eu droit au message : "La modification du registre a été désactivée par votre administrateur"... Je crois que ce bidule a fait pas mal de ravage... SmitFraudFix v2.195 Rapport fait à 7:28:37.48, 2007-08-16 Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\Program Files\Avast Software\Avast4\aswUpdSv.exe C:\Program Files\Avast Software\Avast4\ashServ.exe C:\WINDOWS\system32\printer.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Avast Software\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Avast Software\Avast4\ashMaiSv.exe C:\Program Files\Avast Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 192.168.200.3 download.microsoft.com 192.168.200.3 downloads.microsoft.com 192.168.200.3 go.microsoft.com 192.168.200.3 microsoft.com 192.168.200.3 msdn.microsoft.com 192.168.200.3 office.microsoft.com 192.168.200.3 support.microsoft.com 192.168.200.3 windowsupdate.microsoft.com 192.168.200.3 www.microsoft.com 192.168.200.3 pandasoftware.com 192.168.200.3 www.pandasoftware.com »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\system32\\hanonvt.ini" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 85.255.113.133 DNS Server Search Order: 85.255.112.94 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer=85.255.113.133 85.255.112.94 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer=85.255.113.133 85.255.112.94 HKLM\SYSTEM\CS2\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer=85.255.113.133 85.255.112.94 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Ok, j'ai suivi les instructions... Le problème, c'est que Winantivirus continue de sévir....... Zut... Voici mon dernier rapport hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 20:20, on 2007-08-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\Program Files\Avast Software\Avast4\aswUpdSv.exe C:\Program Files\Avast Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Avast Software\Avast4\ashMaiSv.exe C:\Program Files\Avast Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\printer.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Avast Software\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\Administrateur\Mes documents\Sébastien\Outils\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - Startup: system.exe O4 - Global Startup: autorun.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Y'a peut-être une étape que je n'ai pas suivi...

Quelle rapidité ! J'essaye tout ça sans tarder.

Bonjour à toutes et à tous, Informaticien assez moyen, je suis victime d'une politique commerciale douteuse de la part de Winantivirus Pro. Des fenêtres intempestives apparaîssent régulièrement et un triangle jaune s'est glissé dans ma barre des tâches. Depuis ce matin, je tente sans résultat d'enlever ce bidule. J'ai essayé Hitman Pro, CCleaner et autres utilitaires de désinfection, y compris en mode sans échec mais rien ne fonctionne......... J'espère que quelqu'un pourra m'aider... Voici mon rapport hijackthis Et ensuite le rapport SmitFraudFix Logfile of HijackThis v1.99.1 Scan saved at 18:32, on 2007-08-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avast Software\Avast4\aswUpdSv.exe C:\Program Files\Avast Software\Avast4\ashServ.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Avast Software\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\system32\WinAvXX.exe C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Avast Software\Avast4\ashMaiSv.exe C:\Program Files\Avast Software\Avast4\ashWebSv.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.532\ZR_1.0.0.37\Zeb-Restore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Administrateur\Mes documents\Sébastien\Outils\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Startup: system.exe O4 - Global Startup: autorun.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{84B4D2CE-E312-45CD-8EFD-99921D63B7C3}: NameServer = 85.255.113.133,85.255.112.94 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer = 85.255.113.133 85.255.112.94 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe SmitFraudFix v2.195 Rapport fait à 17:13:07,87, 15/08/2007 Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 atdmt.com 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 engine.awaps.net 192.168.200.3 fastclick.net 192.168.200.3 ftp.avp.ch 192.168.200.3 ftp.kasperskylab.ru 192.168.200.3 updates5.kaspersky-labs.com 192.168.200.3 www.awaps.net 192.168.200.3 www.viruslist.ru »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: DhcpNameServer=85.255.113.133,85.255.112.94 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{84B4D2CE-E312-45CD-8EFD-99921D63B7C3}: DhcpNameServer=85.255.113.133,85.255.112.94 HKLM\SYSTEM\CCS\Services\Tcpip\..\{84B4D2CE-E312-45CD-8EFD-99921D63B7C3}: NameServer=85.255.113.133,85.255.112.94 HKLM\SYSTEM\CCS\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer=85.255.113.133 85.255.112.94 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: DhcpNameServer=85.255.113.133,85.255.112.94 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{84B4D2CE-E312-45CD-8EFD-99921D63B7C3}: DhcpNameServer=85.255.113.133,85.255.112.94 HKLM\SYSTEM\CS1\Services\Tcpip\..\{84B4D2CE-E312-45CD-8EFD-99921D63B7C3}: NameServer=85.255.113.133,85.255.112.94 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer=85.255.113.133 85.255.112.94 HKLM\SYSTEM\CS2\Services\Tcpip\..\{0871DFB2-91D3-43E3-BAF9-C1D35319D958}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: DhcpNameServer=85.255.113.133,85.255.112.94 HKLM\SYSTEM\CS2\Services\Tcpip\..\{6C1BD7AE-65F1-41AC-BB3B-4F252C55D940}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{84B4D2CE-E312-45CD-8EFD-99921D63B7C3}: DhcpNameServer=85.255.113.133,85.255.112.94 HKLM\SYSTEM\CS2\Services\Tcpip\..\{84B4D2CE-E312-45CD-8EFD-99921D63B7C3}: NameServer=85.255.113.133,85.255.112.94 HKLM\SYSTEM\CS2\Services\Tcpip\..\{FD721D33-7848-4028-8FAC-163409076536}: NameServer=85.255.113.133 85.255.112.94 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Merci pour votre aide...