Demende d'analyse d'un scan hijackthis

anto -  
 tufs -
bonjour à tous

mon ordi a un problème et je sui pas un pro en informatique (je sui nul). La page d'acceuil d'internet est souvent modifiée par une page nomée "search for" et parfois onlygood search. J'ai suivi vos instructions en téléchargeant ad aware et spypot mais tjr pareil dc j'ai fai un hijackthis.
Voilà le scan obtenu: pouvez vous me dire ce kil fo supprimer et comment?? merci bcp

Logfile of HijackThis v1.99.0
Scan saved at 19:47:23, on 22/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GOBACK\GBPOLL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\INETM\SERVICES.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\WANADOO\CNXMON.EXE
C:\PROGRAM FILES\MESSAGER WANADOO\STARTMESSAGER.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\A2\A2GUARD.EXE
C:\OLIFAXVX\MONITEUR.EXE
C:\OLIFAXVX\TOOLBAR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GOBACK\GBTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
C:\PROGRAM FILES\WANADOO\COMCOMP.EXE
C:\PROGRAM FILES\WANADOO\WATCH.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: run=C:\WINDOWS\INETM\SERVICES.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {990D9681-3B4F-11D9-A597-4445DF01266D} - C:\WINDOWS\SYSTEM\IIFMD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\INETM\SERVICES.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1056.dll,InstantAccess
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE" /Q
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\INETM\SERVICES.EXE
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE
O4 - Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE
O4 - Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1055.cab
O16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1056.cab
O18 - Filter: text/html - {D87AA338-5446-11D9-A597-4445762B9162} - C:\WINDOWS\SYSTEM\IIFMD.DLL
O18 - Filter: text/plain - {D87AA338-5446-11D9-A597-4445762B9162} - C:\WINDOWS\SYSTEM\IIFMD.DLL

6 réponses

  1. tufs
     
    salut fixe ça
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {990D9681-3B4F-11D9-A597-4445DF01266D} - C:\WINDOWS\SYSTEM\IIFMD.DLL
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL (file missing)
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\INETM\SERVICES.EXE
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1056.dll,InstantAccess
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\INETM\SERVICES.EXE
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
    O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1055.cab
    O16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1056.cab
    0
  2. tufs
     
    re pour effacer tu appuis fixe cheked et automatiquement tu
    as un dossier de sauvegarde qui se cree nomer backup
    au cas ou tu aurrais supprimer quelque chose de vitale et bien
    tu peux restorer voila sinon il faut aussi arreter certains procesus
    si le fixe ne marche pas
    0
  3. erwan01 Messages postés 184 Date d'inscription   Statut Membre Dernière intervention   2
     
    à mon avis, je referai un hijackthis après pour vérifier ...
    0
  4. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut
    fait ctrl alt suppr et termine ces processus si tu les trouvent
    C:\WINDOWS\INETM\SERVICES.EXE

    r'elance hijack coche et fix ces lignes
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    F1 - win.ini: run=C:\WINDOWS\INETM\SERVICES.EXE <==bizzard tu na pas xp

    O2 - BHO: (no name) - {990D9681-3B4F-11D9-A597-4445DF01266D} - C:\WINDOWS\SYSTEM\IIFMD.DLL

    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL (file missing)

    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\INETM\SERVICES.EXE <==idem

    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <== inutile au demarrage

    O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version5/Applet/vchatsign.cab

    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR.cab

    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack.cab

    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab

    O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1055.cab

    O16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1056.cab

    O18 - Filter: text/html - {D87AA338-5446-11D9-A597-4445762B9162} - C:\WINDOWS\SYSTEM\IIFMD.DLL

    O18 - Filter: text/plain - {D87AA338-5446-11D9-A597-4445762B9162} - C:\WINDOWS\SYSTEM\IIFMD.DLL
    ------
    la recherche et suppr ceci
    C:\WINDOWS\INETM\SERVICES.EXE<== le dossier
    la redemarre et dit moi ou cela en est

    la chasse et le balltrap ma vrai passion
    voir site perso dans profil
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. anto
     
    merci a tous mais en fait qd j essaye de réouvrir hijackthis, ca me met: "hijack thisalready running". pk??? je pourrai pas voir vos rep ce soir mais je men occupe demain. merci encore
    (j'ai pas xp, c pour ca kil figure pas ds le scan)
    0