Bonjour Qui peut analyser mon HijackThis? Merci windows xp Logfile of HijackThis v1.99.1 Scan saved at 12:19:34, on 15/07/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe C:\WINDOWS\System32\isnotify.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ismon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe C:\Program Files\Ahead\InCD\InCD.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Trend Micro\PC-cillin 9\WebTrap.EXE C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\WINDOWS\System32\issearch.exe C:\WINDOWS\System32\ishost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\BWA\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zcfnopbslsnijidac.com/sRCrO/tXiObZAnV6PdXtIboSGeifEP9iLqs_KjyJWef2EVqh... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [qcxyt.exe] C:\WINDOWS\System32\qcxyt.exe O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Lancer Voissa Anonymo - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exe O9 - Extra 'Tools' menuitem: Tools Menu Item - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version5/Applet/vchatsign.cab O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/026cc98f0457934e3806/netzip/RdxIE601_fr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit... O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://85.39.191.182//activex/AMC.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.ville-saintes.fr:81/activex/AxisCamControl.cab O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326 O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{B215F81D-1877-4C1D-B833-EE9696035F4E}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{B3129B59-27C3-4237-846E-D801E1B47F90}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD3603B1-68B0-4497-9A4A-4A72D5575E27}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15 O17 - HKLM\System\CS1\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15 O17 - HKLM\System\CS2\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Analyse HijackThis - Page 2

Réponse 21 / 25

sserguei Messages postés 17 Statut Membre

Bonjour

Plus d'affichage intempestifs,
Un peu lent au démarrage,
J'ai Pc Cilin comme anti virus mise à jour journalère,
A ton avis mieux supprimer a-squared?
que j'ai téléchargé essai 30 jours?
J'ai dans WINDOWS\SYSTEM32\uhfabgkr.exe 250ko du 10/07/2006
Mieux vaut le supprimer?

A quelle fréquence faut il passer Spybot, Ccleaner, ...
A +

Réponse 22 / 25

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 349

Re !

Il est temps de proteger ton pc en installant le sp1 ou le sp2 (ce sont des mises a jour windows afin de corriger les failles de XP)
Microsoft met a disposition des mises a jour afin de pouvoir corriger les failles des systemes d exploitations. Un pc correctement mis a jour est mieux protégé et a moins de chances de choper une infection :
http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=fr

Pour a² oui supprime le.Je te conseillerais de garder ewido.

Pour uhfabgkr.exe , il me semble etre infecté:

Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
WINDOWS\SYSTEM32\uhfabgkr.exe
Clik send et colle le rapport stp

Pour les programmes de securité.Si tu es en adsl et que tu surfs tres souvent, cad qu il est souvent connecté a internet, il faut deja les mettre a jour toutes les semaines, et aussi faire un scan de tes programmes tous les 3semaines environs ! (mais les mises a jour c est toutes les semaines !!)

A+

Réponse 23 / 25

sserguei Messages postés 17 Statut Membre

bonjour
ci joint le rapport virustotal pour le fichier indiqué

VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.

Select file : DistributeSSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.

STATUS: FINISHEDComplete scanning result of "uhfabgkr.exe", received in VirusTotal at 07.21.2006, 10:32:40 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.21 07.21.2006 no virus found
Authentium 4.93.8 07.20.2006 no virus found
Avast 4.7.844.0 07.19.2006 no virus found
AVG 386 07.20.2006 no virus found
BitDefender 7.2 07.21.2006 no virus found
CAT-QuickHeal 8.00 07.20.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 07.20.2006 no virus found
DrWeb 4.33 07.20.2006 no virus found
eTrust-InoculateIT 23.72.74 07.20.2006 no virus found
eTrust-Vet 12.6.2305 07.21.2006 no virus found
Ewido 4.0 07.20.2006 no virus found
Fortinet 2.77.0.0 07.20.2006 no virus found
F-Prot 3.16f 07.20.2006 no virus found
F-Prot4 4.2.1.29 07.20.2006 no virus found
Ikarus 0.2.65.0 07.21.2006 Backdoor.Win32.Iroffer.Z
Kaspersky 4.0.2.24 07.21.2006 no virus found
McAfee 4811 07.20.2006 no virus found
Microsoft 1.1508 07.21.2006 no virus found
NOD32v2 1.1671 07.20.2006 no virus found
Norman 5.90.23 07.21.2006 no virus found
Panda 9.0.0.4 07.20.2006 Suspicious file
Sophos 4.07.0 07.21.2006 no virus found
Symantec 8.0 07.21.2006 no virus found
TheHacker 5.9.8.179 07.21.2006 no virus found
UNA 1.83 07.20.2006 no virus found
VBA32 3.11.0 07.20.2006 no virus found
VirusBuster 4.3.7:9 07.21.2006 no virus found

Aditional Information
File size: 256000 bytes
MD5: dd17e83ea2b272dec5928391479c232d
SHA1: 351baba5df0572e8129f8a80c612a3d1836bc70e
packers: PecBundle, PECompact

Réponse 24 / 25

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 349

Salut

Supprime ceci:
WINDOWS\SYSTEM32\uhfabgkr.exe

Et dis moi ou en sont tes soucis?

a+

sserguei Messages postés 17 Statut Membre

bonjour
j'ai supprimer le fichier ci dessus

ça a l'air de fonctionner

je te remercie +++

a+

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 25

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 349

Salut

De rien,

Bonne continuation,

au plaisir :-)

Discussions similaires

Huawei P8 Lite "nouveau tag ajouté"

Nouveau tag ajouté - Utilité

Google Chrome " Échec de l'analyse antivirus "

Nouveau tag ajouté | Nouvelle option activé sans permission?

" Échec de l'analyse antivirus " la solution.

Discussions similaires

Newsletters