Virus spy spy spy

erik bis -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
J'ai quelques soucis sur ce pc egalement quand a la redirection de mes recherches sur des sites qui n'ont rien a voir.... aidez moi!! merci

erik
Configuration: Windows XP
Internet Explorer 6.0

8 réponses

  1. igloo
     
    bonjour , sais tu si tu possedes le service pack 1 ou le pack 2 ? ensuite as tu fais des analyses sur ton ordinateur avec des logiciels de types anti spyware , adware etc

    Merci
    0
  2. erik bis
     
    non j'attends la marche a suivre....
    0
  3. erik bis
     
    operation effectuée ensuite.....
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. erik bis
     
    rapport hi jack this

    Logfile of HijackThis v1.99.1
    Scan saved at 19:43:57, on 24/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
    C:\Program Files\802.11 Wireless LAN\802.11b Wireless USB Adapter HW.00 V1.11\Wireless Configuration Utility HW.00.exe
    C:\Program Files\Avast4\ashMaiSv.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wisptis.exe
    C:\Program Files\Antispyware\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Antispyware\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.free.fr/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.mediatheque-sdb.loc/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: assistant d'acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: Wireless Configuration Utility HW.00.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {62360003-D8A7-418B-9DC6-2B9DE95273A0} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v8/0326/ticker.cab
    O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.f5biz.com/dial/htm/WebInstall.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_06) -
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3978CED9-C5E2-4A36-8A1C-F2EDF2EA7203}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A7865BF-A3BA-4075-AE86-B076047E9746}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{61A4FAE3-7B78-4151-BE55-1EDDBAA5546A}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{663FF5C3-2826-434C-95DD-7F267A1839EF}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{72D66600-BEEC-442D-94FF-709B246FFA3B}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{86C8842B-CD05-4787-B277-959F500CE79F}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8D5337BB-2F6E-4740-B900-33E698F13BEA}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9032DD5B-3F0D-4640-A0D6-6F2CA043CC72}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{993C09B1-E6D4-46E0-BC3D-918AFC6944B6}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D5DE5BD-D2F7-42BF-A284-6892DD752B8F}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BF3ACF39-D381-465E-BD4B-8F23AECD7729}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.45 85.255.112.172
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3978CED9-C5E2-4A36-8A1C-F2EDF2EA7203}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.45 85.255.112.172
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3978CED9-C5E2-4A36-8A1C-F2EDF2EA7203}: NameServer = 85.255.116.45,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.45 85.255.112.172
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Antispyware\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    0
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Télécharge le FixWareout d'un de ces deux sites sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3978CED9-C5E2-4A36-8A1C-F2EDF2EA7203}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A7865BF-A3BA-4075-AE86-B076047E9746}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CCS\Services\Tcpip\..\{61A4FAE3-7B78-4151-BE55-1EDDBAA5546A}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CCS\Services\Tcpip\..\{663FF5C3-2826-434C-95DD-7F267A1839EF}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CCS\Services\Tcpip\..\{72D66600-BEEC-442D-94FF-709B246FFA3B}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CCS\Services\Tcpip\..\{86C8842B-CD05-4787-B277-959F500CE79F}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CCS\Services\Tcpip\..\{8D5337BB-2F6E-4740-B900-33E698F13BEA}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9032DD5B-3F0D-4640-A0D6-6F2CA043CC72}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CCS\Services\Tcpip\..\{993C09B1-E6D4-46E0-BC3D-918AFC6944B6}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D5DE5BD-D2F7-42BF-A284-6892DD752B8F}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BF3ACF39-D381-465E-BD4B-8F23AECD7729}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.45 85.255.112.172

    O17 - HKLM\System\CS1\Services\Tcpip\..\{3978CED9-C5E2-4A36-8A1C-F2EDF2EA7203}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.45 85.255.112.172

    O17 - HKLM\System\CS2\Services\Tcpip\..\{3978CED9-C5E2-4A36-8A1C-F2EDF2EA7203}: NameServer = 85.255.116.45,85.255.112.172

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.45 85.255.112.172

    Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

    A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

    Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

    A+
    0
    1. erik bis
       
      Fixwareout Last edited 2/11/2007
      Post this report in the forums please
      ...
      »»»»»Prerun check

      »»»»» System restarted

      »»»»» Postrun check
      HKLM\SOFTWARE\~\Winlogon\ "system"=""
      ....
      ....
      »»»»» Misc files.
      ....
      »»»»» Checking for older varients.
      ....

      Search five digit cs, dm, kd, jb, other, files.
      The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



      Click browse, find the file then click submit.
      http://www.virustotal.com/flash/index_en.html
      Or https://virusscan.jotti.org/

      »»»»» Other
      C:\WINDOWS\Temp\kdwjj.ren 63213 20/08/2004



      »»»»» Current runs
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
      "UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
      6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
      "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
      "avast!"="C:\\PROGRA~1\\Avast4\\ashDisp.exe"
      "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
      "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
      65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
      "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "strmsnmsgrs"="msnmsgrsc.exe"
      "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
      "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
      ....
      Hosts file was reset, If you use a custom hosts file please replace it
      C:\WINDOWS\System32\AUTOEXEC.NT missing
      »»»»» End report »»»»»
      0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Vas sur le site https://virusscan.jotti.org/
    - Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : C:\WINDOWS\Temp\kdwjj.ren
    - Clic sur submit toujours en haut à droite
    - Le scan va se lancer, ça va prendre un petit instant
    - En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
    Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
    0
    1. erik bis
       
      Scanner results
      Scan taken on 29 Mar 2007 04:57:54 (GMT)
      AntiVir Found TR/DNSChanger.HM
      ArcaVir Found Trojan.Dnschanger.Hm
      Avast Found Win32:Trojan-gen. {Other}
      AVG Antivirus Found Generic2.UTH
      BitDefender Found MemScan:Trojan.Downloader.Agent.NC
      ClamAV Found Trojan.Small-968
      Dr.Web Found Trojan.DnsChange
      F-Prot Antivirus Found Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus
      F-Secure Anti-Virus Found Trojan.Win32.DNSChanger.hm
      Fortinet Found W32/DNSChanger.HM!tr
      Kaspersky Anti-Virus Found Trojan.Win32.DNSChanger.hm
      NOD32 Found Win32/Small.FB
      Norman Virus Control Found W32/DNSChanger.AYZ
      Panda Antivirus Found Trj/dmRandom.FD
      Rising Antivirus Found Trojan.DNSChanger.apo
      VirusBuster Found Trojan.DNSChanger.MC
      VBA32 Found Trojan.Win32.DNSChanger.hm
      0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Supprime:
    C:\WINDOWS\Temp\kdwjj.ren

    A+
    0