Fix my hijack log please....
Résolu
dnguyenth
Messages postés
2
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Pouvez vous m'aider a fixer ceci ? MERCI
Logfile of HijackThis v1.99.0
Scan saved at 00:00:14, on 01/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
E:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ANTIVI~1\Avast4\ashDisp.exe
C:\Program Files\Antivirus\Avast4\aswUpdSv.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Antivirus\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Internet\Warez P2P Client\warez.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\Antivirus\Avast4\ashServ.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Antivirus\Avast4\ashMaiSv.exe
C:\Program Files\Internet\Opera\Opera.exe
C:\WINDOWS\explorer.exe
D:\utilitaires\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R3 - URLSearchHook: HyperSearchHook - {0DE9383F-CA1B-4F23-A5CD-A3475159B050} - C:\Program Files\Fichiers communs\Hyperbar\HyperbarSS3.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {50D5F72D-D781-A4AB-CB62-D5EB8DFAD53E} - C:\DOCUME~1\NGUYEN~1\APPLIC~1\blehnurb\Save win.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Pilotes\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Online Axis Team Free] C:\Documents and Settings\All Users\Application Data\Amen flap online axis\grey extra.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Antivirus\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Comp iso] C:\DOCUME~1\NGUYEN~1\APPLIC~1\OnceKnob\pollpoke.exe
O4 - HKCU\..\Run: [warez] "E:\Program Files\Internet\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Internet\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Antivirus\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Antivirus\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Antivirus\Avast4\ashMaiSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Logfile of HijackThis v1.99.0
Scan saved at 00:00:14, on 01/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
E:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ANTIVI~1\Avast4\ashDisp.exe
C:\Program Files\Antivirus\Avast4\aswUpdSv.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Antivirus\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Internet\Warez P2P Client\warez.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\Antivirus\Avast4\ashServ.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Antivirus\Avast4\ashMaiSv.exe
C:\Program Files\Internet\Opera\Opera.exe
C:\WINDOWS\explorer.exe
D:\utilitaires\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R3 - URLSearchHook: HyperSearchHook - {0DE9383F-CA1B-4F23-A5CD-A3475159B050} - C:\Program Files\Fichiers communs\Hyperbar\HyperbarSS3.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {50D5F72D-D781-A4AB-CB62-D5EB8DFAD53E} - C:\DOCUME~1\NGUYEN~1\APPLIC~1\blehnurb\Save win.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Pilotes\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Online Axis Team Free] C:\Documents and Settings\All Users\Application Data\Amen flap online axis\grey extra.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Antivirus\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Comp iso] C:\DOCUME~1\NGUYEN~1\APPLIC~1\OnceKnob\pollpoke.exe
O4 - HKCU\..\Run: [warez] "E:\Program Files\Internet\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Internet\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Antivirus\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Antivirus\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Antivirus\Avast4\ashMaiSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
A voir également:
- Fix my hijack log please....
- What is my movie français - Télécharger - Divers TV & Vidéo
- Fix it - Télécharger - Optimisation
- My pascal - Télécharger - Édition & Programmation
- My lockbox - Télécharger - Chiffrement
- My cam - Télécharger - Pilotes & Matériel
3 réponses
salut tu peux fixer ses lignes
R3 - URLSearchHook: HyperSearchHook - {0DE9383F-CA1B-4F23-A5CD-A3475159B050} - C:\Program Files\Fichiers communs\Hyperbar\HyperbarSS3.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {50D5F72D-D781-A4AB-CB62-D5EB8DFAD53E} - C:\DOCUME~1\NGUYEN~1\APPLIC~1\blehnurb\Save win.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
puis recherche et supprime si tu ne connais pas
C:\WINDOWS\vsnpstd.exe
R3 - URLSearchHook: HyperSearchHook - {0DE9383F-CA1B-4F23-A5CD-A3475159B050} - C:\Program Files\Fichiers communs\Hyperbar\HyperbarSS3.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {50D5F72D-D781-A4AB-CB62-D5EB8DFAD53E} - C:\DOCUME~1\NGUYEN~1\APPLIC~1\blehnurb\Save win.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
puis recherche et supprime si tu ne connais pas
C:\WINDOWS\vsnpstd.exe
Merci pour ta réponse, j'ai procédé comme tu as dit.
Seulement ces lignes persistent et ne se fix pas :
O10 - Hijacked Internet access by New.Net
que cela veut il dire ? Est ce important ?
Seulement ces lignes persistent et ne se fix pas :
O10 - Hijacked Internet access by New.Net
que cela veut il dire ? Est ce important ?
b'soir
*New.Net ( prononcer NewDotNet)
Eradication
http://www.new.net/support/uninstall3_88.exe
Pour ceux qui ne voudraient pas le désinstaller il y a un patch qui corrige le bug de New.Net :
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
Ressources
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q302463
http://www.cexx.org/newnet.htm
http://www.cexx.org/newnetfix2.htm
*Source : Assiste/Attaquants : NewNet
http://assiste.free.fr/p/frameset/12.php
*New.Net ( prononcer NewDotNet)
Eradication
http://www.new.net/support/uninstall3_88.exe
Pour ceux qui ne voudraient pas le désinstaller il y a un patch qui corrige le bug de New.Net :
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
Ressources
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q302463
http://www.cexx.org/newnet.htm
http://www.cexx.org/newnetfix2.htm
*Source : Assiste/Attaquants : NewNet
http://assiste.free.fr/p/frameset/12.php
