Bonjour
mes parents on choppé un spyware dont je n'arrive pas a arriver a bout.
J'ai beau faire des scans avec spybot, adaware, nettoyer la base de registre avec HiJackThis. rien n'y fait.
Ce qu'il se produit c'est que lorsque je lance HiJackTHis il y a une chiée de domaine genre login.yahoo.fr CF les logs hijack.
Et cette liste de domaine sont des domaine inaccessible car a la place je vois ce qu'il ya sur la capture quand j'essaie d'y acceder!!!, si je vire ces domaine a l'aid d'HiJackThis, il y a une quantité équivalente d'autres domaiens qui s'ajoute si je refait un scan. Je ne vois pas de process suspect, bref je ne sais plus quoi faire... HELP ME 
1. Capture d'écran :
2. Logs HiJackThis
Logfile of HijackThis v1.99.1
Scan saved at 11:11:46, on 1/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
C:\Program Files\Xerox\ControlCentre 2.0\XWCTray.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\xerox\ControlCentre 2.0\Pagis\Monitor.exe
C:\Program Files\No-IP\DUC20.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 1347246823 mail.yahoo.com
O1 - Hosts: 1347246823 www.mail.yahoo.com
O1 - Hosts: 1347246823 www.search.yahoo.com
O1 - Hosts: 1347246823 news.yahoo.com
O1 - Hosts: 1347246823 www.news.yahoo.com
O1 - Hosts: 1347246823 login.yahoo.com
O1 - Hosts: 1347246823 www.login.yahoo.com
O1 - Hosts: 1347246823 yahoo.com
O1 - Hosts: 1347246823 auctions.yahoo.com
O1 - Hosts: 1347246823 www.auctions.yahoo.com
O1 - Hosts: 1347246823 bid.yahoo.com
O1 - Hosts: 1347246823 www.bid.yahoo.com
O1 - Hosts: 1347246823 finance.yahoo.com
O1 - Hosts: 1347246823 www.finance.yahoo.com
O1 - Hosts: 1347246823 kids.yahoo.com
O1 - Hosts: 1347246823 www.kids.yahoo.com
O1 - Hosts: 1347246823 sports.yahoo.com
O1 - Hosts: 1347246823 www.sports.yahoo.com
O1 - Hosts: 1347246823 store.yahoo.com
O1 - Hosts: 1347246823 www.store.yahoo.com
O1 - Hosts: 1347246823 profiles.yahoo.com
O1 - Hosts: 1347246823 www.profiles.yahoo.com
O1 - Hosts: 1347246823 groups.yahoo.com
O1 - Hosts: 1347246823 www.groups.yahoo.com
O1 - Hosts: 1347246823 personals.yahoo.com
O1 - Hosts: 1347246823 www.personals.yahoo.com
O1 - Hosts: 1347246823 photos.yahoo.com
O1 - Hosts: 1347246823 www.photos.yahoo.com
O1 - Hosts: 1347246823 my.yahoo.com
O1 - Hosts: 1347246823 www.my.yahoo.com
O1 - Hosts: 1347246823 club.yahoo.com
O1 - Hosts: 1347246823 www.club.yahoo.com
O1 - Hosts: 1347246823 messages.yahoo.com
O1 - Hosts: 1347246823 www.messages.yahoo.com
O1 - Hosts: 1347246823 music.yahoo.com
O1 - Hosts: 1347246823 www.music.yahoo.com
O1 - Hosts: 1347246823 launch.yahoo.com
O1 - Hosts: 1347246823 www.launch.yahoo.com
O1 - Hosts: 1347246823 games.yahoo.com
O1 - Hosts: 1347246823 www.games.yahoo.com
O1 - Hosts: 1347246823 stock.yahoo.com
O1 - Hosts: 1347246823 www.stock.yahoo.com
O1 - Hosts: 1347246823 wrs.yahoo.com
O1 - Hosts: 1347246823 www.wrs.yahoo.com
O1 - Hosts: 1347246823 fantasysports.yahoo.com
O1 - Hosts: 1347246823 www.fantasysports.yahoo.com
O1 - Hosts: 1347246823 hk.yahoo.com
O1 - Hosts: 1347246823 www.hk.yahoo.com
O1 - Hosts: 1347246823 dir.yahoo.com
O1 - Hosts: 1347246823 www.dir.yahoo.com
O1 - Hosts: 1347246823 movies.yahoo.com
O1 - Hosts: 1347246823 www.movies.yahoo.com
O1 - Hosts: 1347246823 rd.yahoo.com
O1 - Hosts: 1347246823 www.rd.yahoo.com
O1 - Hosts: 1347246823 edit.yahoo.com
O1 - Hosts: 1347246823 www.edit.yahoo.com
O1 - Hosts: 1347246823 hotmail.msn.com
O1 - Hosts: 1347246823 www.hotmail.msn.com
O1 - Hosts: 1347246823 www.search.msn.com
O1 - Hosts: 1347246823 spaces.msn.com
O1 - Hosts: 1347246823 www.spaces.msn.com
O1 - Hosts: 1347246823 msnbc.msn.com
O1 - Hosts: 1347246823 www.msnbc.msn.com
O1 - Hosts: 1347246823 members.msn.com
O1 - Hosts: 1347246823 www.members.msn.com
O1 - Hosts: 1347246823 g.msn.com
O1 - Hosts: 1347246823 www.g.msn.com
O1 - Hosts: 1347246823 moneycentral.msn.com
O1 - Hosts: 1347246823 www.moneycentral.msn.com
O1 - Hosts: 1347246823 rad.msn.com
O1 - Hosts: 1347246823 www.rad.msn.com
O1 - Hosts: 1347246823 sympatico.msn.ca
O1 - Hosts: 1347246823 www.sympatico.msn.ca
O1 - Hosts: 1347246823 search.msn.co.uk
O1 - Hosts: 1347246823 www.search.msn.co.uk
O1 - Hosts: 1347246823 messenger.msn.com
O1 - Hosts: 1347246823 www.messenger.msn.com
O1 - Hosts: 1347246823 entertainment.msn.com
O1 - Hosts: 1347246823 www.entertainment.msn.com
O1 - Hosts: 1347246823 zone.msn.com
O1 - Hosts: 1347246823 www.zone.msn.com
O1 - Hosts: 1347246823 images.google.com
O1 - Hosts: 1347246823 www.images.google.com
O1 - Hosts: 1347246823 gmail.google.com
O1 - Hosts: 1347246823 www.gmail.google.com
O1 - Hosts: 1347246823 mail.google.com
O1 - Hosts: 1347246823 www.mail.google.com
O1 - Hosts: 1347246823 news.google.com
O1 - Hosts: 1347246823 www.news.google.com
O1 - Hosts: 1347246823 groups-beta.google.com
O1 - Hosts: 1347246823 www.groups-beta.google.com
O1 - Hosts: 1347246823 maps.google.com
O1 - Hosts: 1347246823 www.maps.google.com
O1 - Hosts: 1347246823 froogle.google.com
O1 - Hosts: 1347246823 www.froogle.google.com
O1 - Hosts: 1347246823 auctions.yahoo.co.jp
O1 - Hosts: 1347246823 www.auctions.yahoo.co.jp
O1 - Hosts: 1347246823 mail.yahoo.co.jp
O1 - Hosts: 1347246823 www.mail.yahoo.co.jp
O1 - Hosts: 1347246823 www.search.yahoo.co.jp
O1 - Hosts: 1347246823 dailynews.yahoo.co.jp
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XWMSUSBAPI] C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
O4 - HKLM\..\Run: [ControlCentreTray] "C:\Program Files\Xerox\ControlCentre 2.0\XWCTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [useful-soft] C:\WINDOWS\System32\svchst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: SKYNET.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Contrleur de planification Pagis.lnk = C:\Program Files\xerox\ControlCentre 2.0\Pagis\Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D417377B-958C-4A1E-9F1D-47724DD0417C}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
|
J'ai beau virer tous les domaine listé ca revient en boucle 
Et je ne trouve pas le process responsable
Ce qui est comique c'est que cette @##@#@@@@###@@ de société aux méthodes frauduleuse fait un lien vers leur site genre c'est pas eu la cause, pffffffff....
Voilà merci d'avance pour votre précieuse aide...
Gat$
P.S.: A noter que ces domaines sont ceux contenu par le fichier c:\windows\system32\drivers\etc\hosts
et que je ne peux pas deleter ce fichier car utilisé par un autre programme!
Message édité par Gat$ le 01-08-2005 à 11:23:07
---------------
Recherche de partenaires pvp dans World of Warcraft :: http://www.wowteamfinder.com
FORUM HardWare.fr
