Bonjour, voila depuis quelque temps j'ai mon pc qui rame, j'ai installer le logiciel hijackfree, mais je n'y comprend rien il disent qu'il y a beaucoup de risque de securité, Qunlq'un peut-il m'aider ou me conseiller ?? En vous remerciant

Aide pour hijackfree [Résolu]

Réponse 1 / 8

papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
20 mai 2008 à 16:18

1/télécharge et installe le logiciel Hijack This
https://www.pcastuces.com/logitheque/hijackthis.htm
tuto pour l’utiliser
regarde ici c'est parfaitement expliqué en images
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
2/
Télécharge : - Ccleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
Un tuto
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
Lance CCleaner , nettoyeur, et supprime tout ce qu'il trouve
3/
Télécharge MalwareByte
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Installe-le
Dans l'onglet Recherche, clique sur Exécuter un examen complet puis sur Rechercher.
Sélectionne ton (tes) disques durs.
Lancer l'examen
Clique sur Enregistrer le rapport et choisis ton Bureau
poste les rapports obtenus

nanou6633
20 mai 2008 à 17:57

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 770

Type de recherche: Examen complet (C:\|)
Eléments examinés: 209002
Temps écoulé: 1 hour(s), 7 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

nanou6633
20 mai 2008 à 17:59

a-squared HiJackFree Analysisa-squared
a-squared HiJackFree Analysis
http://www.hijackfree.com/

Version info: Result ToDo
Your used version of a-squared HiJackFree: 3.1.0.16
The current version of a-squared HiJackFree: 3.0.0.406

Registry Autoruns: Result ToDo
Name: Windows Defender
Path: C:\Program Files\Windows Defender\MSASCui.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: RtHDVCpl
Path: RtHDVCpl.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: HostManager
Path: C:\Program Files\Common Files\AOL\1168573209\ee\AOLSoftware.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: RoxWatchTray
Path: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: ISUSPM Startup
Path: C:\Program Files\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: ISUSScheduler
Path: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: ccApp
Path: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 7
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: osCheck
Path: C:\Program Files\Norton Internet Security\osCheck.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: StartCCC
Path: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 0
View Details
Name: a-squared
Path: C:\Program Files\a-squared Anti-Malware\a2guard.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: Symantec PIF AlertEng
Path: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: Sidebar
Path: C:\Program Files\Windows Sidebar\sidebar.exe
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 0
View Details
Name: SmpcSys
Path: C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: ehTray.exe
Path: C:\Windows\ehome\ehTray.exe
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Tricky and Other Autoruns: Result ToDo
Name: shell
Path: explorer.exe
Location: system.ini
Not checked Unknown Item
Search at Google
Name: FILES
Path: 40
Location: config.sys
Not checked Unknown Item
Search at Google
Name: SET BLASTER
Path: A220 I5 D1 P330 T3
Location: autoexec.nt
Not checked Unknown Item
Search at Google
Name: dos
Path: high, umb
Location: config.nt
Not checked Unknown Item
Search at Google
Name: device
Path: %SystemRoot%\system32\himem.sys
Location: config.nt
Not checked Unknown Item
Search at Google
Name: files
Path: 40
Location: config.nt
Not checked Unknown Item
Search at Google
Name: OFFICE One Startup v7
Path:
Location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Not checked Unknown Item
Search at Google
Name: w98Eject
Path:
Location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Not checked Unknown Item
Search at Google
Name: Extension de garantie
Path:
Location: C:\Windows\tasks\
Not checked Unknown Item
Search at Google
Name: Norton Internet Security - Analyse système complète - Nanou JVC
Path:
Location: C:\Windows\tasks\
Not checked Unknown Item
Search at Google
Name: Recovery DVD Creator
Path:
Location: C:\Windows\tasks\
Not checked Unknown Item
Search at Google
Name: SA
Path:
Location: C:\Windows\tasks\
Not checked Unknown Item
Search at Google
Name: SCHEDLGU
Path:
Location: C:\Windows\tasks\
Not checked Unknown Item
Search at Google
Name: Shell
Path: explorer.exe
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Not checked Unknown Item
Search at Google
Name: $GT;{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\Windows\system32\unregmp2.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: $GT;{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\Windows\system32\ie4uinit.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: $GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: C:\Windows\system32\regsvr32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: C:\Program Files\Windows Mail\WinMail.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: C:\Windows\system32\unregmp2.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\Windows\system32\ie4uinit.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89B4C1CD-B018-4511-B0A1-5476DBF70820}
Path: C:\Windows\system32\Rundll32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: VBScript Script File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: VBScript Encoded File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Script File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Encoded File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script Host Settings File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script File
Path: C:\Windows\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Application
Path: %1
Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: MS-DOS Application
Path: %1
Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Batch File
Path: %1
Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Screen Saver
Path: %1
Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Shortcut to MS-DOS Program
Path: %1
Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: WebCheck
Path:
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Layered Service Providers (LSP): Result ToDo
Name: mswsock.dll
Path: %SystemRoot%\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Explorer And Browser Addons: Result ToDo
Name:
Path:
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Good: 1 - Bad: 0
View Details
Name:
Path: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name:
Path:
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {7E853D72-626A-48EC-A868-BA8D5E23E045}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: Programme d'aide de l'Assistant de connexion Windows Live
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {9030D464-4C02-4ABF-8ECC-5164760863C6}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Running Processes: Result ToDo
Name: [System Process]
Process ID: 0
Path:
Info: Threads: 1 - Priority: N/A - Visible: Non
Good: 1 - Bad: 0
View Details
Name: System
Process ID: 4
Path:
Info: Threads: 105 - Priority: N/A - Visible: Non
Good: 1 - Bad: 0
View Details
Name: smss.exe
Process ID: 388
Path: C:\Windows\System32\smss.exe
Info: Threads: 4 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: csrss.exe
Process ID: 452
Path: C:\Windows\System32\csrss.exe
Info: Threads: 11 - Priority: Normal - Visible: Non
Good: 1 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: wininit.exe
Process ID: 508
Path: C:\Windows\System32\wininit.exe
Info: Threads: 3 - Priority: Haut - Visible: Non
Good: 1 - Bad: 0
View Details
Name: csrss.exe
Process ID: 516
Path: C:\Windows\System32\csrss.exe
Info: Threads: 9 - Priority: Normal - Visible: Non
Good: 1 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: winlogon.exe
Process ID: 556
Path: C:\Windows\System32\winlogon.exe
Info: Threads: 3 - Priority: Haut - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: services.exe
Process ID: 596
Path: C:\Windows\System32\services.exe
Info: Threads: 5 - Priority: Normal - Visible: Non
Good: 1 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: lsass.exe
Process ID: 608
Path: C:\Windows\System32\lsass.exe
Info: Threads: 9 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: lsm.exe
Process ID: 616
Path: C:\Windows\System32\lsm.exe
Info: Threads: 10 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: svchost.exe
Process ID: 772
Path: C:\Windows\System32\svchost.exe
Info: Threads: 7 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 832
Path: C:\Windows\System32\svchost.exe
Info: Threads: 8 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 860
Path: C:\Windows\System32\svchost.exe
Info: Threads: 10 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: ehmsas.exe
Process ID: 920
Path: C:\Windows\ehome\ehmsas.exe
Info: Threads: 3 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: Ati2evxx.exe
Process ID: 984
Path: C:\Windows\System32\Ati2evxx.exe
Info: Threads: 4 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 1016
Path: C:\Windows\System32\svchost.exe
Info: Threads: 21 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 1040
Path: C:\Windows\System32\svchost.exe
Info: Threads: 31 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 1052
Path: C:\Windows\System32\svchost.exe
Info: Threads: 48 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: a2service.exe
Process ID: 1120
Path: C:\Program Files\a-squared Anti-Dialer\a2service.exe
Info: Threads: 6 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: audiodg.exe
Process ID: 1132
Path:
Info: Threads: 4 - Priority: N/A - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: SLsvc.exe
Process ID: 1160
Path: C:\Windows\System32\SLsvc.exe
Info: Threads: 4 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: svchost.exe
Process ID: 1192
Path: C:\Windows\System32\svchost.exe
Info: Threads: 31 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: a2service.exe
Process ID: 1292
Path: C:\Program Files\a-squared Anti-Malware\a2service.exe
Info: Threads: 6 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: Ati2evxx.exe
Process ID: 1300
Path: C:\Windows\System32\Ati2evxx.exe
Info: Threads: 4 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 1388
Path: C:\Windows\System32\svchost.exe
Info: Threads: 22 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: ccSvcHst.exe
Process ID: 1472
Path: C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Info: Threads: 62 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: AluSchedulerSvc.exe
Process ID: 1544
Path: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
Info: Threads: 5 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: CPSHelpRunner.exe
Process ID: 1596
Path: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
Info: Threads: 2 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: AppSvc32.exe
Process ID: 1620
Path: C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Info: Threads: 10 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: spoolsv.exe
Process ID: 1768
Path: C:\Windows\System32\spoolsv.exe
Info: Threads: 17 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 1792
Path: C:\Windows\System32\svchost.exe
Info: Threads: 17 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 2072
Path: C:\Windows\System32\svchost.exe
Info: Threads: 5 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: RoxWatch9.exe
Process ID: 2084
Path: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
Info: Threads: 13 - Priority: Au dessous de la normale - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: WLLoginProxy.exe
Process ID: 2092
Path: C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
Info: Threads: 6 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: svchost.exe
Process ID: 2156
Path: C:\Windows\System32\svchost.exe
Info: Threads: 7 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 2184
Path: C:\Windows\System32\svchost.exe
Info: Threads: 4 - Priority: Normal - Visible: Non
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: SearchIndexer.exe
Process ID: 2216
Path: C:\Windows\System32\SearchIndexer.exe
Info: Threads: 16 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: CCC.exe
Process ID: 2272
Path: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Info: Threads: 19 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: taskeng.exe
Process ID: 2452
Path: C:\Windows\System32\taskeng.exe
Info: Threads: 5 - Priority: Au dessous de la normale - Visible: Non
Good: 1 - Bad: 0
View Details
Name: RoxMediaDB9.exe
Process ID: 2644
Path: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
Info: Threads: 11 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: WmiPrvSE.exe
Process ID: 2692
Path: C:\Windows\System32\wbem\WmiPrvSE.exe
Info: Threads: 6 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: unsecapp.exe
Process ID: 2716
Path: C:\Windows\System32\wbem\unsecapp.exe
Info: Threads: 3 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: taskeng.exe
Process ID: 2800
Path: C:\Windows\System32\taskeng.exe
Info: Threads: 15 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: dwm.exe
Process ID: 2844
Path: C:\Windows\System32\dwm.exe
Info: Threads: 7 - Priority: Haut - Visible: Non
Good: 1 - Bad: 0
View Details
Name: explorer.exe
Process ID: 2904
Path: C:\Windows\explorer.exe
Info: Threads: 29 - Priority: Normal - Visible: Non
Good: 2 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: MOM.exe
Process ID: 3104
Path: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
Info: Threads: 14 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: MSASCui.exe
Process ID: 3440
Path: C:\Program Files\Windows Defender\MSASCui.exe
Info: Threads: 10 - Priority: Normal - Visible: Non
Good: 2 - Bad: 0
View Details
Name: RtHDVCpl.exe
Process ID: 3524
Path: C:\Windows\RtHDVCpl.exe
Info: Threads: 8 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: aolsoftware.exe
Process ID: 3540
Path: C:\Program Files\Common Files\aol\1168573209\ee\aolsoftware.exe
Info: Threads: 5 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: RoxWatchTray9.exe
Process ID: 3596
Path: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
Info: Threads: 9 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: ieuser.exe
Process ID: 3648
Path: C:\Program Files\Internet Explorer\ieuser.exe
Info: Threads: 5 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: ccApp.exe
Process ID: 3884
Path: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Info: Threads: 48 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: sidebar.exe
Process ID: 3992
Path: C:\Program Files\Windows Sidebar\sidebar.exe
Info: Threads: 21 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: SmpSys.exe
Process ID: 4020
Path: C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
Info: Threads: 1 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: ehtray.exe
Process ID: 4028
Path: C:\Windows\ehome\ehtray.exe
Info: Threads: 2 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
Name: wlmail.exe
Process ID: 4708
Path: C:\Program Files\Windows Live\Mail\wlmail.exe
Info: Threads: 27 - Priority: Normal - Visible: Non
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: iexplore.exe (Aide a-squared Anti-Malware - Windows Internet Explorer)
Process ID: 5052
Path: C:\Program Files\Internet Explorer\iexplore.exe
Info: Threads: 25 - Priority: Normal - Visible: Oui
Good: 1 - Bad: 0
View Details
Name: a2hijackfree.exe (a-squared HiJackFree 3.1)
Process ID: 5272
Path: C:\Program Files\a-squared HiJackFree\a2hijackfree.exe
Info: Threads: 5 - Priority: Normal - Visible: Oui
Good: 1 - Bad: 0
View Details
Name: issch.exe
Process ID: 5876
Path: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Info: Threads: 1 - Priority: Normal - Visible: Non
Good: 1 - Bad: 0
View Details
This analysis is saved and available for at least 7 days at this website address.

nanou6633
20 mai 2008 à 18:00

les rapports :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:33, on 20/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1168573209\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168573209\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: w98Eject.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} (KeybHunterWebInterface Class) - https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Réponse 2 / 8

nanou6633
20 mai 2008 à 16:21

ok je vais faire ca je vous remercie

Réponse 3 / 8

papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
20 mai 2008 à 18:44

Télécharge OTMoveIT (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Clique double sur OTMoveIT.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

et colle-la dans le cadre de gauche de OTMoveIT :
Paste List of Files/Folders to be moved.

Clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\\\_OTMoveIT\MovedFiles.

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.

lance hijack this pour un scan et poste le rapport

nanou6633
20 mai 2008 à 21:37

bonsoir,
Voici le rapport de hijack this apres le redemarage du pc et execute OTMoveIT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:57, on 20/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\aol\1168573209\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168573209\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: w98Eject.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} (KeybHunterWebInterface Class) - https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Réponse 4 / 8

papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
20 mai 2008 à 22:19

comment se comporte le PC?

nanou6633
20 mai 2008 à 22:39

j'ai l'impression que ca va mieu mais connexion a internet son plus rapide, mais icones son redevenu normal,
je vous tien au courant.
Et je vous remercie de votre aide.
PS: alors c'etais grave docteur ???

cordialement,

zorinho > nanou6633
20 mai 2008 à 23:00

Salut,

juste pour te signaler que tu peux fixer la ligne suivante avec HJThis
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Vérifie tes mises à jour de Windows

Bon amusement

Zor

Réponse 5 / 8

papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
20 mai 2008 à 22:41

Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
Clique sur Recherche et laisse le Scan se terminer.
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter, pour que le rapport puisse se créer.
Poste-moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

si tout va bien supprime tout ce qu'on a utilisé et qui ne l'a pas été par Tools Cleaner2, car ce ne sera plus utile désormais
conserve néanmoins Ccleaner ou
Télécharge : - Ccleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
Un tuto
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
et effectue le nettoyage tous les jours avant de couper le PC

installe ce logiciel très utile et Scanne ton PC avec une fois par semaine au moins...
MalwareByte
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Installe-le
Dans l'onglet Recherche, clique sur Exécuter un examen complet puis sur Rechercher.
Sélectionne ton (tes) disques durs.
Lancer l'examen
Clique sur Enregistrer le rapport et choisis ton Bureau

tu peux le coupler avec celui-ci
Spybot Search and Destroy
https://www.safer-networking.org/?page=download

défragmente

pense à bien te protéger, j'ai découvert ce lien qui est plutôt pas mal à ce sujet

https://forum.pcastuces.com/default.asp

désactive ta restauration
clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
redémarre ton PC
clique droit sur poste de travail/propriétés/décoche la case désactiver la restauration, appliquer

la sécurité c'est très important mais ne remplace pas l'internaute, un surf prudent en évitant le crack, les sites "chauds", permet déjà d'éviter bien des soucis, le P2P lui aussi est source d'infections...

et bon surf

nanou6633
21 mai 2008 à 08:24

kikou ;)

j'ai fait ca que vous m'aviez dit pour ToolsCleaner mais quand je le ferme il me dis impossible de creer un rapport acces refuser ??

nanou6633
21 mai 2008 à 11:08

alors
j'ai tout fait , e't l'analyse de spyware doctor atrouver je cite:
2 menace et 3 infections detectées sur votre ordinateur

spyare.Known_Bad_Sites (1 infections)
Application.TrackingCookies (2 infections)

je doit faire quoi les supprimer??
"reparation verifiée"

pour l'analyse de malwarebytes tout etais normale

Je vous remercie de votre aide qui m'as etais tres utile. ;)

mais j'aurais voulu savoir si mon pc etais infecté par des trojans ou autre chose ??

En vous remerciant

Réponse 6 / 8

nanou6633
21 mai 2008 à 09:37

bonjour, voici le rapprt de ToolsCleaner

-->- Recherche:

C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

Réponse 7 / 8

papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
21 mai 2008 à 21:14

rien de bien méchant...
bon surf, en sécurité!

nanou6633
22 mai 2008 à 14:27

en vous remerciant pour votre aide

Cordialement,

nanou6633
22 mai 2008 à 14:28

probleme resolu

Réponse 8 / 8

papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
22 mai 2008 à 23:03

--

tout vient à point à qui sait attendre
pas de demande par MP svp

Aide pour hijackfree

8 réponses

Newsletters