RepairDNS est un utilitaire qui permet de détecter et de supprimer certaines infections DNS avec redirection du fichier Hosts.
  • Avatar du membre
  • Avatar du membre
#24155
FRST montre effectivement depuis le début que les DLL sont légitime signéC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedAlors que ZHPDiag indique quelle sont patchésMD5.492D07D79E7024CA310867B526D9636D] - (.Microsoft Corporation - DNS 用戶端 API DLL.) () -- C:\Windows\System32\dnsapi.dll [357888] © =>Hijacker.Jabuticaba.X[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - (.Microsoft Corporation - DNS 用戶端 API DLL.) () -- C:\Windows\Syswow64\dnsapi.dll [270336] © =>Hijacker.Jabuticaba.XMD5 492D07D79E7024CA310867B526D9636D https://www.virustotal.com/fr/file/f2fe ... A8A84E5DC9 https://www.virustotal.com/fr/file/0d3c ... ysis/Elles sont bonne j'ai du mal a comprendre ce qui cloche ;)
#24161
Tomtom, C'est bien là  mon problème aussi.Voici tous les md5 sous winre, /!\ mon pc est sous win 8.1x64ces dossiersC:\dnsapiw7x64C:\dnsapi8.1x64C:\Apidnswin10x64contiennent les dnsapi.dll des windows correpsondant
Code : Tout sélectionner
Farbar Recovery Scan Tool (x64) Version:07-11-2015Exécuté par Système (2015-11-11 21:31:46)Exécuté depuis C:\Mode d'amorà§age: Recovery================== Search Files: "dnsapi.dll" =============C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll[2015-03-14 20:38][2014-10-29 02:06] 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930ABC:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_90d9b2b12b50777f\dnsapi.dll[2014-06-14 09:43][2015-04-14 13:26] 0106819 ____A () 8352637D2731E59DD15E7D8DA9E2A1A0C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16423_none_90de9f412b4d9e7f\dnsapi.dll[2014-06-14 10:38][2014-06-21 15:48] 0084987 ____A () 86CAF33E26CDDF3A2AC01D99456BD74CC:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16384_none_909ebe1d2b7d6255\dnsapi.dll[2013-08-22 03:55][2014-06-21 15:48] 0088262 ____A () D2075C385F63E652354933ABC969619FC:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_8696aea6f6e30ce2\dnsapi.dll[2015-03-14 20:39][2014-10-29 02:30] 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46AC:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_8685085ef6efb584\dnsapi.dll[2014-06-14 09:43][2015-04-14 09:25] 0150063 ____A () 317AD768649A884ADF8325B18CD77A15C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16423_none_8689f4eef6ecdc84\dnsapi.dll[2014-06-14 10:38][2014-06-21 14:39] 0116405 ____A () D97A9913EAA1898611CF0DEFDED34FD4C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16384_none_864a13caf71ca05a\dnsapi.dll[2013-08-22 11:06][2014-06-21 14:35] 0115413 ____A () EE6EFF218640DF73E027876E2822ECD7C:\Windows\SysWOW64\dnsapi.dll[2015-03-14 20:38][2014-10-29 02:06] 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930ABC:\Windows\System32\dnsapi.dll[2015-03-14 20:39][2014-10-29 02:30] 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46AC:\dnsapiw7x64\SysWOW64\dnsapi.dll[2015-10-07 11:18][2011-03-03 07:38] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9C:\dnsapiw7x64\System32\dnsapi.dll[2015-10-07 11:18][2011-03-03 08:24] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636DC:\dnsapi8.1x64\Wow64\dnsapi.dll[2015-10-08 21:13][2014-10-29 02:06] 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930ABC:\dnsapi8.1x64\system32\dnsapi.dll[2015-10-08 21:13][2014-10-29 02:30] 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46AC:\Apidnswin10x64\wow64\dnsapi.dll[2015-10-06 23:53][2015-07-10 12:00] 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7C:\Apidnswin10x64\AMD64\dnsapi.dll[2015-10-06 23:53][2015-07-10 12:00] 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll[2015-07-10 11:30][2015-07-10 11:30] 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\dnsapi.dll[2015-07-10 11:30][2015-07-10 11:30] 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477X:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16384_none_864a13caf71ca05a\dnsapi.dll[2013-08-22 14:45][2013-08-22 14:45] 0655872 ____A (Microsoft Corporation) 59E2D5DD885C5A06C16CD5E309A5060AX:\Windows\System32\dnsapi.dll[2013-08-22 14:45][2013-08-22 14:45] 0655872 ____A (Microsoft Corporation) 59E2D5DD885C5A06C16CD5E309A5060A====== Fin de Chercher ======
Donc celles-ci sont saines
Code : Tout sélectionner
C:\dnsapiw7x64\SysWOW64\dnsapi.dll[2015-10-07 11:18][2011-03-03 07:38] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9C:\dnsapiw7x64\System32\dnsapi.dll[2015-10-07 11:18][2011-03-03 08:24] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D
pour celles-ci, il semble que zhpdiag ne matche pas correctement
Alors que ZHPDiag indique quelle sont patchésMD5.492D07D79E7024CA310867B526D9636D] - (.Microsoft Corporation - DNS 用戶端 API DLL.) () -- C:\Windows\System32\dnsapi.dll [357888] © =>Hijacker.Jabuticaba.X[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - (.Microsoft Corporation - DNS 用戶端 API DLL.) () -- C:\Windows\Syswow64\dnsapi.dll [270336] © =>Hijacker.Jabuticaba.X
Du coup, Zhp diag ne "matcherait" pas correctement.Cela là  que je coice, Nicolas.labougie
#24163
Les caractère asiatique ( 用戶端 qui veut dire Client) Microsoft Corporation - DNS 用戶端 API DLLgêne peut être la lecture de l'outil :?:
#24232
Hi,MBAM Scan log:
Code : Tout sélectionner
Scan Date: 2015/11/12Scan Time: AM 08:47Logfile: 151112MBAMLog.txtAdministrator: Yes Version: 2.2.0.1024Malware Database: v2015.11.11.08Rootkit Database: v2015.11.04.02License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: bmywin Scan Type: Threat ScanResult: CompletedObjects Scanned: 464319Time Elapsed: 47 min, 26 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected)
We make dnsapi.dll now, marked as md5 box with FRST search and RepairDns. Is it correct ?Best regards.
#24238
Hello olgun52,The question that this raises about reading the tool (RepairDns) and the tool (FRST) ;) The files appear legitimate controlsfc log shows no repair dnsapi.dllthe search list is good Search Files "dnsapi.dllinterpretation of the tool may be hindered by the Asian character.you can try again FRST in safe mode cmdcmd: sfc /scanfile="C:\WINDOWS\system32\dnsapi.dll"cmd: sfc /scanfile="C:\WINDOWS\SysWOW64\dnsapi.dll"or replaceSystem32SysWOW64Maybe Labougie another idea :?:
#24305
Tomtom, Olgun,As Farbar said, the best way, next time is to check the hash in WinRe Mode. (After replace: order).Here, the files seem to be clean, cause mbam ran normally.For me, Olgun must continue normally is job without issue for these dll.[zhpcleaner - adwcleaner and so on].This scan
Farbar Recovery Scan Tool (x64) Version:05-11-2015Ran by bmywin (2015-11-11 08:26:32)Running from C:\Users\bmywin\DesktopBoot Mode: Normal ================== Search Files: "dnsapi.dll" =============
Shows that all dll are clean, everything is good.LabougiePS,Sorry for delays, i'm very busy this end of Week.
#24424
Bonjour Olgun, labougie, :) it was a pleasureBest regards.tomtom95
[did80]PC infecté

ok ceci stp http://static.telecharger.01net.co[…]

[did80]virus Chromium

salut flo des traces de chromium Tél&eacu[…]

SUP.Orphan.Compatibility

Hello je rentre de voyage, j'ouvre mon pc et je f[…]

logiciel: BlueLife KeyFreeze Éditeur/D&eac[…]