pb avec le site de www.google.fr ou quoi ???? faux problème - Sécurité - Windows & Software
Marsh Posté le 28-12-2004 à 14:16:53
"regardez "
Je vois rien moi...
Marsh Posté le 28-12-2004 à 14:29:26
Détournement de fichier hosts
Regarde ce qu'il y a dans C:\WINDOWS\system32\drivers\etc\hosts, il ne devrait y avoir que ça:
# Copyright (c) 1993-1999 Microsoft Corp. |
Télécharge HijackThis et poste un log ici
Marsh Posté le 28-12-2004 à 14:38:15
Logfile of HijackThis v1.98.2
Scan saved at 14:39:11, on 28/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\nslsvice.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\lotus\notes\ntmulti.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\Program Files\Microsoft Hardware\Keyboard\type32.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
E:\PROGRA~1\WANADOO\CnxMon.exe
E:\Program Files\Wanadoo\taskbaricon.exe
E:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
E:\NOSPY.ORG\start1.exe
E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
E:\WINNT\system32\ctfmon.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
E:\Program Files\Logitech\ImageStudio\LowLight.exe
E:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINNT\System32\MsiExec.exe
E:\Program Files\Power IE\PowerIE.exe
E:\DOCUME~1\tech\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - E:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - E:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - E:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "e:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] E:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] E:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] E:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] E:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] E:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] E:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [STARTPAGE] E:\NOSPY.ORG\start1.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b28177.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.co [...] nPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://supply.ficosa.com/gs/remote/ficosa/msrdp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b28177.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
Marsh Posté le 28-12-2004 à 15:17:06
ben j'ai trouvé c'était la faute du programme
StartPage Spyware Removal Tool for IE une daube quoi
qui se lançait en E:\NOSPY.ORG\start1.exe
Marsh Posté le 28-12-2004 à 14:09:27
hello tout le monde
bonnes fetes à tous
je veux faire une recherche et je tombe sur un site qui me dit que le nom de domaine de google.fr ou google.com est a vendre
regardez plutot
Domain 4sale
google.fr Domain For Sale at DomainCollection.com
GET a quote TODAY! - Click Here
Domain 4sale
google.fr
Search Results for: google.fr
Sponsored Links
The Fashion Spot
The online community about fashion designers style cosmetics & more.
www.TheFasionSpot.com
Mary Kay Perfect Presents
Make her feel pretty this Christmas by giving the gift of beauty! aff
www.marykay.com
Related Categories
Indian movies
Fashion models
Fashion modeling
Super models
Buy movies
Picture show
What women want
Pretty women
Movie
New movies
Movie online
Dvd movies
Cheap dvd movies
Movie rental
Buy dvd movie
Vhs movie
Dragonball z movies
Popular Categories
Travel
Car Rental
Hotels
Airline
Financial Planning
Debt
Credit Cards
Loans
Business and Finance
Affiliate Program
Student Loans
Stocks
Health and Beauty
Skin Care Products
Exercise Equipment
Hair Replacement
Health Products
Vitamins
Weight Loss Drugs
Joint Pain Relief
Haven't found what you're looking for? Try Searching here:
j'ai passé ad-aware, spybot, cwshredder
y'a rien
ça viens que de chez moi ou quoi ???
pour info dans mon host y'a rien
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
127.0.0.1 localhost
Message édité par killlkenny le 28-12-2004 à 15:23:58