Ergebnis 1 bis 2 von 2

Thema: DNS Hijack ?

  1. #1
    Einsteiger
    Registriert seit
    19.10.2008
    Beiträge
    1

    DNS Hijack ?

    Hello,

    First of all, please excuse my really bad english, I'm french...

    I'm back from a week of work, and I had a bad surprise when I switched on my computer today : Firefox randomly open some adverts popups, and windows update and windows defender seems to have no longer access to Internet. (I can't make any update).

    OS : Windows Vista Family Premium
    Antivirus : Avira Antivir Personnal
    Firewall : Windows one..
    Other software : Ad Aware 2008 Free & SpyBot S&D

    I made a Spybot S&D scan and he found that :

    -Zlob.DNSChanger
    -Zlob.DNSChanger.rtk
    -Zedo
    -TradeDoubler
    -MediaPlex
    -DoubleClick
    -BlueStreak
    -Adviva
    -AdRevolver

    I removed everything, but after a reboot and another scan, everything was here again !

    I decided to make a Hijack this scan and he found this :

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:30:23, on 19/10/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\SpeedSix\bin\JawsService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    c:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\Utilities\KeNotify.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Toshiba\TRCMan\TRCMan.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Windows\regx32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
    O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [TrialReset] C:\Windows\regx32.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Toshibafrbholink-21&site=home (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix: 
    O17 - HKLM\System\CCS\Services\Tcpip\..\{070DDB71-A29E-4C63-8AF9-44442D18B4FE}: NameServer = 85.255.113.131,85.255.112.88
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B2052DCF-DEF6-4399-AA40-162B5EFEA9E8}: NameServer = 85.255.113.131,85.255.112.88
    O17 - HKLM\System\CS1\Services\Tcpip\..\{070DDB71-A29E-4C63-8AF9-44442D18B4FE}: NameServer = 85.255.113.131,85.255.112.88
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Jaws Service (JawsService.exe) - SpeedSix Software Ltd. - C:\Program Files\SpeedSix\bin\JawsService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdsju.exe
    
    --
    End of file - 11282 bytes
    Lines "017" seemed strange to me, so I checked the TCP/IP properties of my ethernet card, and my DNS adresses were fixed to strange values (Normally it's set on automatic). I tried to remove them, but that return every time, even if I try to fix the lines with HijackThis. (If I do a scan after the fix, these lines are appering again.)

    I searched over the Internet, and I found a "software" for these "DNS-Hijack", SmitfraudFix.

    Here is the log that I get :

    Code:
    SmitFraudFix v2.365
    
    Scan done at 17:09:49,95, 19/10/2008
    Run from C:\Users\Sw4tty\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode
    
    »»»»»»»»»»»»»»»»»»»»»»»» Process
    
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\SpeedSix\bin\JawsService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    c:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
    C:\Windows\ehome\ehsched.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\Utilities\KeNotify.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Toshiba\TRCMan\TRCMan.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Common Files\Steam\SteamService.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\regx32.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    
    »»»»»»»»»»»»»»»»»»»»»»»» hosts
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sw4tty
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sw4tty\Application Data
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sw4tty\FAVORI~1
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Desktop
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
     
     
    
    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!
    
    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!
    
    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!
    
    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!
    
    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, following keys are not inevitably infected!!!
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!
    
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "LoadAppInit_DLLs"=dword:00000001
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» RK
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    
    Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
    
    Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
    DNS Server Search Order: 85.255.113.131
    DNS Server Search Order: 85.255.112.88
    
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{070DDB71-A29E-4C63-8AF9-44442D18B4FE}: DhcpNameServer=85.255.113.131,85.255.112.88
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{070DDB71-A29E-4C63-8AF9-44442D18B4FE}: NameServer=85.255.113.131,85.255.112.88
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B2052DCF-DEF6-4399-AA40-162B5EFEA9E8}: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B2052DCF-DEF6-4399-AA40-162B5EFEA9E8}: NameServer=85.255.113.131,85.255.112.88
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{070DDB71-A29E-4C63-8AF9-44442D18B4FE}: DhcpNameServer=85.255.113.131,85.255.112.88
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{070DDB71-A29E-4C63-8AF9-44442D18B4FE}: NameServer=85.255.113.131,85.255.112.88
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B2052DCF-DEF6-4399-AA40-162B5EFEA9E8}: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B2052DCF-DEF6-4399-AA40-162B5EFEA9E8}: NameServer=85.255.113.131,85.255.112.88
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{070DDB71-A29E-4C63-8AF9-44442D18B4FE}: DhcpNameServer=85.255.113.131,85.255.112.88
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{070DDB71-A29E-4C63-8AF9-44442D18B4FE}: NameServer=85.255.113.131,85.255.112.88
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{B2052DCF-DEF6-4399-AA40-162B5EFEA9E8}: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{B2052DCF-DEF6-4399-AA40-162B5EFEA9E8}: NameServer=85.255.113.131,85.255.112.88
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» End
    I tried to reboot my computer in safe-mode and use the clean option, but once again, that doesn't changed anything... (As the "Search and Clean DNS-Hijack" one).

    Any help with this would be greatly apreciated. Thanks in advance everyone !

  2. #2
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: DNS Hijack ?

    Welcome to HijackThis.de Dr_COX,

    More infection showing than just the DNS changer, but yes, it is malware created. Hopefully you haven't made other changes and waited for a response here. Let's go ahead with a repair scan first, then get more complete details after to see what else we might need to do.


    To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


    Download Malwarebytes' Anti-Malware from Here or Here.

    Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

    ==================

    Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.

    If necessary allow it to locate or download a copy of HijackThis as needed.

    Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

    RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt). Also the Malwarebytes log.

    You can use separate posts here when replying and posting the log files if needed.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Antworten: 6
    Letzter Beitrag: 02.12.2007, 22:35
  2. Komisches Dns Problem
    Von Knievel im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 03.11.2007, 19:24
  3. DNS Error
    Von Kuehni im Forum Archiv
    Antworten: 32
    Letzter Beitrag: 15.08.2006, 08:09
  4. dns look up
    Von max westermeier im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 14.04.2006, 21:17
  5. IE hijacked - DNS entry - HELP PLEASE!
    Von bl4ze im Forum Archiv
    Antworten: 17
    Letzter Beitrag: 09.08.2005, 21:35

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •