Question analyse hijackthis Fermé

Question

Bonjour,

mon PC ayant certains problèmes de lenteur, j'ai effectué un scan par hijackthis comme souvent conseillé ici (après analyses adaware et spybot).

Dans l'analyse du scan, j'ai beaucoup de lignes de type :
O1 - hosts : 192.6.10.41 + caractères.
"considérablement méchant" => "Effacer les URL's qui vous sont inconnues!"

Puis-je purement et simplement les supprimer (je ne suis pas "pro" de l'informatique et pour moi tout est "inconnu"!!)

Merci.

duam · Answer

Avis aux amateurs, voici le log complet :Logfile of HijackThis v1.98.2Scan saved at 14:25:17, on 13/12/2004Platform: Windows 2000 SP4 (WinNT 5.00.2195)M<IE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\WINNT\system32egsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINNT\system32\MSTask.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\MsPMSPSv.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\System32\igfxtray.exeC:\WINNT\System32\hkcmd.exeC:\Program Files\Analog Devices\SoundMAX\Smtray.exeC:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exeC:\WINNT\system32undll32.exeC:\WINNT\system32\LVComS.exeC:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exeC:\Program Files\Olitec\USB ADSL\CnxDslTb.exeC:\Program Files\Logitech\ImageStudio\LowLight.exeC:\WINNT\system32\internat.exeC:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exeC:\Program Files\Network Associates\PGP\PGPtray.exeC:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXEC:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exeC:\WINNT\system32\hpoipm07.exeC:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOSTS07.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINNT\system32undll32.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Mes téléchargements\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO1 - Hosts: 192.6.10.66 FRDGRHEXP003O1 - Hosts: 192.6.10.5 DAP01FREXP5O1 - Hosts: 192.6.10.115 FRDGRHSAP005O1 - Hosts: 192.6.32.2 DGAF4O1 - Hosts: 128.29.0.6 DGAF5O1 - Hosts: 192.6.32.1 OREASA1O1 - Hosts: 192.6.12.1 DGC01FREXCH1O1 - Hosts: 192.6.33.1 DGC01FREXCH2O1 - Hosts: 192.6.10.40 DGRH01FREXCH1O1 - Hosts: 192.6.10.41 DGRH01FREXCH2O1 - Hosts: 128.40.32.6 FORCIDGTO1 - Hosts: 128.40.60.4 DGT6O1 - Hosts: 192.7.1.1 DO02FRFED1O1 - Hosts: 192.7.2.1 DO02FRFED2O1 - Hosts: 192.6.0.91 DEOTOOLSO1 - Hosts: 128.138.128.151 DFPP_NT01O1 - Hosts: 128.138.128.161 DPGPFUX02O1 - Hosts: 128.138.128.172 DPGPFUX03O1 - Hosts: 128.138.128.169 DPGPFUX04O1 - Hosts: 128.138.128.163 DPP01FR12O1 - Hosts: 128.138.128.153 DPP01FRCLI03O1 - Hosts: 128.138.128.156 DPP01FRCLI04O1 - Hosts: 128.138.128.160 DPP01FRCLI05O1 - Hosts: 128.138.128.154 DPP01FRCLI07O1 - Hosts: 128.138.128.157 DPP01FRCLI08O1 - Hosts: 128.143.10.2 DPP01FRCLI09O1 - Hosts: 128.141.0.35 DPP01FRMP1O1 - Hosts: 128.141.0.42 DPP01FRMP2O1 - Hosts: 128.141.0.43 DPP01FRMP3O1 - Hosts: 128.138.128.164 FRDPGPFEXC1O1 - Hosts: 128.138.128.165 FRDPGPFTEC01O1 - Hosts: 128.138.128.18 FRDPGPFTEC02O1 - Hosts: 128.141.0.30 FRDPGPFTEC03O1 - Hosts: 128.138.128.171 FRDPGPFFILMED1O1 - Hosts: 128.138.128.75 FRDPGPFOGW01O1 - Hosts: 128.138.128.170 FRDPGPFMD1O1 - Hosts: 128.138.128.8 FRDPGPFIISINT01O1 - Hosts: 128.138.128.9 FRDPGPFIISPRD01O1 - Hosts: 128.138.128.7 FRDPGPFMISINT01O1 - Hosts: 128.138.128.6 FRDPGPFMISPRD01O1 - Hosts: 128.138.128.17 FRDPGPFNWS01O1 - Hosts: 128.138.128.25 FRDPGPFIMP01O1 - Hosts: 128.138.128.26 FRDPGPFNSM01O1 - Hosts: 128.138.128.19 FRDPGPFFIL01O1 - Hosts: 128.138.128.20 FRDPGPFEAIDEV1O1 - Hosts: 128.138.128.23 FRDPGPFEDI01O1 - Hosts: 128.138.128.28 FRDPGPFOCSINT1O1 - Hosts: 128.138.128.90 FRDPGPFSQLINT01O1 - Hosts: 128.138.128.21 FRDPGPFEAIINT1O1 - Hosts: 128.141.0.26 SAPAPPROO1 - Hosts: 128.141.0.24 SAPDDPPFO1 - Hosts: 128.138.128.113 DPGPFDEVO1 - Hosts: 128.141.0.23 OAPCPTAO1 - Hosts: 128.138.128.155 DFPPCES155O1 - Hosts: 128.138.128.41 FRDPGPFSAPQD1O1 - Hosts: 128.138.128.42 FRDPGPFSAPTC1O1 - Hosts: 128.138.128.43 FRDPGPFSAPTD1O1 - Hosts: 128.138.128.44 FRDPGPFSAPTI1O1 - Hosts: 128.138.128.45 FRDPGPFMCST00O1 - Hosts: 128.138.128.46 FRDPGPFMCSTN1O1 - Hosts: 128.138.128.47 FRDPGPFMCSTN2O1 - Hosts: 128.138.128.138 FRDPGPFSAPPC1O1 - Hosts: 128.138.128.139 FRDPGPFSAPPC2O1 - Hosts: 128.138.128.140 FRDPGPFSAPPD1O1 - Hosts: 128.138.128.141 FRDPGPFSAPPI1O1 - Hosts: 128.138.128.142 FRDPGPFMCSP00O1 - Hosts: 128.138.128.143 FRDPGPFMCSPN1O1 - Hosts: 128.138.128.144 FRDPGPFMCSPN2O1 - Hosts: 128.138.128.145 FRDPGPFSAPPA1O1 - Hosts: 128.138.128.146 FRDPGPFSAPPA2O1 - Hosts: 128.138.128.147 FRDPGPFSAPPA3O1 - Hosts: 128.138.128.150 FRDPGPFSAPSN01O1 - Hosts: 128.138.1.200 STAFF41154O1 - Hosts: 128.138.120.12 STAFF40191O1 - Hosts: 128.138.128.10 STAFF40XSFO1 - Hosts: 128.138.128.100 STAFF40199O1 - Hosts: 128.138.128.102 STAFF40200O1 - Hosts: 128.138.128.104 STAFF40202O1 - Hosts: 128.138.128.106 STAFF40204O1 - Hosts: 128.138.128.124 STAFF40190O1 - Hosts: 128.138.128.137 STAFF40033O1 - Hosts: 128.138.128.30 STAFF40201O1 - Hosts: 128.138.128.40 STAFF41181O1 - Hosts: 128.138.128.59 STAFF40258O1 - Hosts: 128.138.128.99 STAFF40232O1 - Hosts: 128.138.51.101 STAFF4363O1 - Hosts: 128.138.51.102 STAFF4398O1 - Hosts: 128.138.51.103 STAFF40371O1 - Hosts: 128.138.51.104 STAFF40375O1 - Hosts: 128.138.51.105 STAFF40427O1 - Hosts: 128.138.51.106 STAFF40400O1 - Hosts: 128.138.51.108 STAFF40207O1 - Hosts: 128.138.51.11 STAFF42017O1 - Hosts: 128.138.51.112 STAFF42021O1 - Hosts: 128.138.51.114 STAFF42002O1 - Hosts: 128.138.51.115 STAFF42046O1 - Hosts: 128.138.51.118 STAFF42019O1 - Hosts: 128.138.51.119 STAFF40096O1 - Hosts: 128.138.51.12 STAFF40313O1 - Hosts: 128.138.51.120 STAFF40382O1 - Hosts: 128.138.51.121 STAFF40461O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exeO4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -sO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21ebc26847f03ef94321/netzip/RdxIE601_fr.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4323/mcfscan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{84E82002-AABC-45CE-9615-7F84DB456B67}: NameServer = 213.36.80.1 213.36.80.1

Utilisateur anonyme · Answer

Salut
fixes tout les 01 ainsi que ca
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

duam · Answer

Salut et merci, j'ai fixé tous les O1 et les O10 que tu as cités.(J'ai oublié de fixer C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s, mais il n'apparait pas dans la nouvelle analyse))J'ai rebooté et refais une analyse, la voici :Logfile of HijackThis v1.98.2Scan saved at 15:16:35, on 13/12/2004Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\WINNT\system32egsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINNT\system32\MSTask.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\MsPMSPSv.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\System32\hkcmd.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\WINNT\system32undll32.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\PROGRA~1\Logitech\Video\FxSvr2.exeC:\Mes téléchargements\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO1 - Hosts: 128.138.51.130 STAFF42063O1 - Hosts: 128.138.51.131 STAFF42066O1 - Hosts: 128.138.51.136 STAFF42077O1 - Hosts: 128.138.51.137 STAFF42079O1 - Hosts: 128.138.51.138 STAFF42080O1 - Hosts: 128.138.51.143 STAFF40359O1 - Hosts: 128.138.51.145 STAFF40450O1 - Hosts: 128.138.51.147 STAFF40206O1 - Hosts: 128.138.51.15 STAFF40305O1 - Hosts: 128.138.51.153 STAFF40463O1 - Hosts: 128.138.51.154 STAFF40479O1 - Hosts: 128.138.51.156 STAFF40419O1 - Hosts: 128.138.51.16 STAFF40276O1 - Hosts: 128.138.51.160 STAFF40418O1 - Hosts: 128.138.51.161 STAFF40483O1 - Hosts: 128.138.51.169 STAFF40343O1 - Hosts: 128.138.51.171 STAFF41179O1 - Hosts: 128.138.51.189 STAFF40452O1 - Hosts: 128.138.51.2 STAFF40289O1 - Hosts: 128.138.51.204 STAFF40227O1 - Hosts: 128.138.51.225 STAFF40462O1 - Hosts: 128.138.51.24 STAFF40264O1 - Hosts: 128.138.51.253 STAFF40405O1 - Hosts: 128.138.51.26 STAFF40031O1 - Hosts: 128.138.51.27 STAFF40345O1 - Hosts: 128.138.51.33 GAYJLO1 - Hosts: 128.138.51.34 JACOBIO1 - Hosts: 128.138.51.39 STAFF40228O1 - Hosts: 128.138.51.4 STAFF40085O1 - Hosts: 128.138.51.41 STAFF40004O1 - Hosts: 128.138.51.42 STAFF40286O1 - Hosts: 128.138.51.43 OGWINO1 - Hosts: 128.138.51.48 STAFF4358O1 - Hosts: 128.138.51.50 STAFF40352O1 - Hosts: 128.138.51.51 STAFF40252O1 - Hosts: 128.138.51.53 STAFF40299O1 - Hosts: 128.138.51.55 STAFF40256O1 - Hosts: 128.138.51.56 STAFF40259O1 - Hosts: 128.138.51.61 STAFF40251O1 - Hosts: 128.138.51.62 STAFF40268O1 - Hosts: 128.138.51.64 STAFF40296O1 - Hosts: 128.138.51.66 STAFF40119O1 - Hosts: 128.138.51.68 STAFF40354O1 - Hosts: 128.138.51.69 STAFF40292O1 - Hosts: 128.138.51.76 STAFF040424O1 - Hosts: 128.138.51.78 STAFF40426O1 - Hosts: 128.138.51.79 STAFF40428O1 - Hosts: 128.138.51.89 STAFF40457O1 - Hosts: 128.138.51.90 STAFF40490O1 - Hosts: 128.138.51.94 STAFF40453O1 - Hosts: 192.6.42.10 STAFF40250O1 - Hosts: 192.6.42.10 STAFF40250O1 - Hosts: 192.6.42.11 STAFF40384PPMPO1 - Hosts: 192.6.42.110 STAFF41113O1 - Hosts: 192.6.42.112 STAFF41170O1 - Hosts: 192.6.42.13 STAFF40349O1 - Hosts: 192.6.42.139 STAFF41040O1 - Hosts: 192.6.42.14 STAFF40471O1 - Hosts: 192.6.42.142 STAFF41053O1 - Hosts: 192.6.42.143 STAFF41066O1 - Hosts: 192.6.42.144 STAFF41057O1 - Hosts: 192.6.42.145 STAFF41079O1 - Hosts: 192.6.42.146 STAFF41000O1 - Hosts: 192.6.42.148 STAFF41009O1 - Hosts: 192.6.42.149 STAFF41029O1 - Hosts: 192.6.42.152 STAFF41076O1 - Hosts: 192.6.42.154 STAFF41111O1 - Hosts: 192.6.42.156 STAFF41006O1 - Hosts: 192.6.42.157 STAFF41003O1 - Hosts: 192.6.42.159 STAFF41093O1 - Hosts: 192.6.42.16 STAFF40261O1 - Hosts: 192.6.42.160 STAFF41012O1 - Hosts: 192.6.42.161 STAFF41072O1 - Hosts: 192.6.42.162 STAFF40036O1 - Hosts: 192.6.42.165 STAFF41113O1 - Hosts: 192.6.42.168 STAFFG41104O1 - Hosts: 192.6.42.170 STAFF41166O1 - Hosts: 192.6.42.172 STAFF41109O1 - Hosts: 192.6.42.173 STAFF41037O1 - Hosts: 192.6.42.174 STAFF41083O1 - Hosts: 192.6.42.175 STAFF41138O1 - Hosts: 192.6.42.176 STAFF41063O1 - Hosts: 192.6.42.18 STAFF40454O1 - Hosts: 192.6.42.193 STAFF41102O1 - Hosts: 192.6.42.20 STAFF40124O1 - Hosts: 192.6.42.200 STAFF40126O1 - Hosts: 192.6.42.202 STAFF41106O1 - Hosts: 192.6.42.21 STAFF40489O1 - Hosts: 192.6.42.221 STAFF40331O1 - Hosts: 192.6.42.222 STAFF011091O1 - Hosts: 192.6.42.229 STAFF41167O1 - Hosts: 192.6.42.230 STAFF41033O1 - Hosts: 192.6.42.29 STAFF42044O1 - Hosts: 192.6.42.3 STAFF40331O1 - Hosts: 192.6.42.36 STAFF42015O1 - Hosts: 192.6.42.41 STAFF42032O1 - Hosts: 192.6.42.42 STAFF42034O1 - Hosts: 192.6.42.44 STAFF42036O1 - Hosts: 192.6.42.45 STAFF40335O1 - Hosts: 192.6.42.46 42000O1 - Hosts: 192.6.42.47 STAFF42023O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exeO4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -sO4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logonO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21ebc26847f03ef94321/netzip/RdxIE601_fr.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4323/mcfscan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{84E82002-AABC-45CE-9615-7F84DB456B67}: NameServer = 213.36.80.1 213.36.80.1Comme tu le vois j'ai pas mal de nouveaux "O1 - hosts..."Que dois-je faire maintenant?

Utilisateur anonyme · Answer

refais la manip en mode sans echec pour voir(presser F8 des le redemarrage du pc).....
fixes tout les 01 ainsi que ca
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

duam · Answer

merci, j'ai fait la manip que tu m'as conseillé, malheureusement j'ai encore pas mal de merde, voici mon nouveau scan :Logfile of HijackThis v1.98.2Scan saved at 20:52:52, on 13/12/2004Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\WINNT\system32egsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINNT\system32\MSTask.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\MsPMSPSv.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\System32\hkcmd.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Mes téléchargements\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO1 - Hosts: 128.136.0.29 OAP01FRROI01O1 - Hosts: 128.136.0.4 OAP01FRROIFXO1 - Hosts: 128.136.0.43 OAP01FR07O1 - Hosts: 128.136.0.12 OAP01FR10O1 - Hosts: 128.136.0.29 OAP01FRROI01O1 - Hosts: 128.136.0.4 OAP01FRROIFXO1 - Hosts: 128.136.0.42 OAP02FREDIO1 - Hosts: 128.141.0.20 OAPCOMO1 - Hosts: 128.141.0.19 OAPDEV2O1 - Hosts: 128.136.0.16 OAPLOGAO1 - Hosts: 128.136.0.25 OAPLOGGO1 - Hosts: 128.136.0.21 OAPLOGPO1 - Hosts: 128.136.0.18 LOGDEV OAPDEVO1 - Hosts: 192.6.40.3 ZAL01FRBUR1O1 - Hosts: 192.6.40.5 ZAL01FREXCO1 - Hosts: 192.6.15.2 ZASIE01FREXCCESO1 - Hosts: 192.6.15.1 ZASIE01FROFFCESO1 - Hosts: 128.145.4.9 FAPROSCTO1 - Hosts: 128.146.1.3 SPGEMUX1O1 - Hosts: 128.147.1.4 PROCOSCTO1 - Hosts: 192.6.120.4 BARBCTO1 - Hosts: 192.6.11.155 MERCUREO1 - Hosts: 192.6.20.9 EUROO1 - Hosts: 192.6.92.201 PPCMATISO1 - Hosts: 128.29.1.136 SRICONSOO1 - Hosts: 128.29.1.134 SRICOPIEO1 - Hosts: 192.6.22.80 NETTINGO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exeO4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logonO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21ebc26847f03ef94321/netzip/RdxIE601_fr.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4323/mcfscan.cabPS : les "O10" ne sont apparemment pas supprimables, j'ai un message d'erreur lorsque je les fixe...C'est grave?

bernie61 · Answer

salutessaie ceciCommence avec ceci : désinstaller New.net, va là sur leur site et suit la procédurehttp://www.newdotnet.com/removal.htmldis nous quoia+

duam · Answer

upqu'est-ce que New.net?Dois-je en faire une sauvegarde avant de le supprimer?

Question analyse hijackthis

7 réponses

Discussions similaires