[virus] IEXPLORE.EXE un peu volange
Résolu
B2000
Messages postés
39
Statut
Membre
-
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Malgré avoir parcouru les threads sur le sujet, je n'ai toujours pas trouvé de réponse à mon soucis
j'ai un IEXPLORE.EXE ouvert en permanence dans le gestionnaire de tâches
celui ci est un peut volage et change de place tout le temps
mon cpu est au taquet en permanence et un calcul est fait en permanence a la vue de l'icone de ma souris
voici mon log hijackthis pour ceux qui savent le lire
fait après scan spybot, Adaware, et housecall online
d'avance merci :-)
Logfile of HijackThis v1.99.1
Scan saved at BLD - 14:11:17, on 01/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\crypserv.exe
D:\eTrust Antivirus\InoRpc.exe
D:\eTrust Antivirus\InoRT.exe
D:\eTrust Antivirus\InoTask.exe
D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\ups.exe
D:\ETRUST~1\realmon.exe
D:\eTrust Antivirus\eAVTrial.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Skype\Phone\Skype.exe
D:\logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
I:\- SOFTs\- ANTIVIRUS\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\- SOFTs\install temp\acrobat writer 7\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - D:\PopupPopper\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D44CCDBD-C9C1-44C7-9A6B-74B250FD070F} - C:\WINDOWS\system32\winnuts.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] D:\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [eAVTrial] D:\eTrust Antivirus\eAVTrial.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "D:\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "D:\Ahead\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PopupPopper Panneau de configuration - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - D:\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: lanH32 - lanH32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRpc.exe
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRT.exe
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe (file missing)
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Malgré avoir parcouru les threads sur le sujet, je n'ai toujours pas trouvé de réponse à mon soucis
j'ai un IEXPLORE.EXE ouvert en permanence dans le gestionnaire de tâches
celui ci est un peut volage et change de place tout le temps
mon cpu est au taquet en permanence et un calcul est fait en permanence a la vue de l'icone de ma souris
voici mon log hijackthis pour ceux qui savent le lire
fait après scan spybot, Adaware, et housecall online
d'avance merci :-)
Logfile of HijackThis v1.99.1
Scan saved at BLD - 14:11:17, on 01/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\crypserv.exe
D:\eTrust Antivirus\InoRpc.exe
D:\eTrust Antivirus\InoRT.exe
D:\eTrust Antivirus\InoTask.exe
D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\ups.exe
D:\ETRUST~1\realmon.exe
D:\eTrust Antivirus\eAVTrial.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Skype\Phone\Skype.exe
D:\logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
I:\- SOFTs\- ANTIVIRUS\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\- SOFTs\install temp\acrobat writer 7\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - D:\PopupPopper\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D44CCDBD-C9C1-44C7-9A6B-74B250FD070F} - C:\WINDOWS\system32\winnuts.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] D:\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [eAVTrial] D:\eTrust Antivirus\eAVTrial.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "D:\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "D:\Ahead\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PopupPopper Panneau de configuration - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - D:\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: lanH32 - lanH32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRpc.exe
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRT.exe
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe (file missing)
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
A voir également:
- [virus] IEXPLORE.EXE un peu volange
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
27 réponses
j'ai oublié le log
Logfile of HijackThis v1.99.1
Scan saved at BLD - 23:10:49, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\crypserv.exe
D:\ewido anti-spyware 4.0\guard.exe
D:\eTrust Antivirus\InoRpc.exe
D:\eTrust Antivirus\InoRT.exe
D:\eTrust Antivirus\InoTask.exe
D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\taskmgr.exe
D:\ETRUST~1\realmon.exe
D:\eTrust Antivirus\eAVTrial.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe
D:\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Skype\Phone\Skype.exe
D:\logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
I:\- SOFTs\- ANTIVIRUS\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\- SOFTs\install temp\acrobat writer 7\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - D:\PopupPopper\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] D:\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [eAVTrial] D:\eTrust Antivirus\eAVTrial.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "D:\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "D:\Ahead\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PopupPopper Panneau de configuration - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - D:\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRpc.exe
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRT.exe
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe (file missing)
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Logfile of HijackThis v1.99.1
Scan saved at BLD - 23:10:49, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\crypserv.exe
D:\ewido anti-spyware 4.0\guard.exe
D:\eTrust Antivirus\InoRpc.exe
D:\eTrust Antivirus\InoRT.exe
D:\eTrust Antivirus\InoTask.exe
D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\taskmgr.exe
D:\ETRUST~1\realmon.exe
D:\eTrust Antivirus\eAVTrial.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe
D:\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Skype\Phone\Skype.exe
D:\logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
I:\- SOFTs\- ANTIVIRUS\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\- SOFTs\install temp\acrobat writer 7\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - D:\PopupPopper\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] D:\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [eAVTrial] D:\eTrust Antivirus\eAVTrial.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "D:\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "D:\Ahead\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PopupPopper Panneau de configuration - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - D:\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRpc.exe
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRT.exe
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe (file missing)
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Salut;
C'est les toutes nouvelles infections, c est un trojan, tres coriace, lié surrement a ton probleme d iexplore, on va essayer comme ceci dans un premier temps:
1-télécharge : process xp ici:
http://www.sysinternals.com/files/procexpnt.zip
1bis-Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
2-Avec procexp, selectionner winlogon.exe et dans la seconde partie de la fenetre du prog, rechercher tout ce qui à trait au nom des fichiers (O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll + IEXPLORE.EXE et chaque fois faire un clic droit sur l'entrée qui contient le nom du fichier > close handle et valider
exemple:
Event \BaseNamedObjects\artm_new.dll
Event \BaseNamedObjects\artm_new1.dll
Event \BaseNamedObjects\artm_new2.dll
File C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\artm_new.dll
Process IEXPLORE.EXE
Thread IEXPLORE.EXE
Ensuite, un double-clic sur winlogon.exe puis sur thread et killer tout ce qui à trait à artm_new.dll.
Ensuite, clic droit sur EXPLORER.EXE > kill process
Fix 020 avec hijack.
Le tout dans cet ordre.
3-Rend toi ici et supprime le:
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
Redemarre et remet un log.
A+
C'est les toutes nouvelles infections, c est un trojan, tres coriace, lié surrement a ton probleme d iexplore, on va essayer comme ceci dans un premier temps:
1-télécharge : process xp ici:
http://www.sysinternals.com/files/procexpnt.zip
1bis-Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
2-Avec procexp, selectionner winlogon.exe et dans la seconde partie de la fenetre du prog, rechercher tout ce qui à trait au nom des fichiers (O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll + IEXPLORE.EXE et chaque fois faire un clic droit sur l'entrée qui contient le nom du fichier > close handle et valider
exemple:
Event \BaseNamedObjects\artm_new.dll
Event \BaseNamedObjects\artm_new1.dll
Event \BaseNamedObjects\artm_new2.dll
File C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\artm_new.dll
Process IEXPLORE.EXE
Thread IEXPLORE.EXE
Ensuite, un double-clic sur winlogon.exe puis sur thread et killer tout ce qui à trait à artm_new.dll.
Ensuite, clic droit sur EXPLORER.EXE > kill process
Fix 020 avec hijack.
Le tout dans cet ordre.
3-Rend toi ici et supprime le:
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
Redemarre et remet un log.
A+
bon j'y ai finalement fait sa fête à ce fichier d'merdeu
j'ai fait une recherche sur google
c'est fou comme ça met le boxon ce fichier
enfin
voici le log
Logfile of HijackThis v1.99.1
Scan saved at BLD - 23:35:37, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\crypserv.exe
D:\ewido anti-spyware 4.0\guard.exe
D:\eTrust Antivirus\InoRpc.exe
D:\eTrust Antivirus\InoRT.exe
D:\eTrust Antivirus\InoTask.exe
D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\Explorer.EXE
D:\ETRUST~1\realmon.exe
D:\eTrust Antivirus\eAVTrial.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe
D:\Unlocker\UnlockerAssistant.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Skype\Phone\Skype.exe
I:\- SOFTs\install temp\acrobat writer 7\Acrobat\acrobat_sl.exe
D:\logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
I:\- SOFTs\- ANTIVIRUS\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\- SOFTs\install temp\acrobat writer 7\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - D:\PopupPopper\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] D:\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [eAVTrial] D:\eTrust Antivirus\eAVTrial.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "D:\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "D:\Ahead\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PopupPopper Panneau de configuration - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - D:\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRpc.exe
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRT.exe
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe (file missing)
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
je retenterais quand même une réinstalle de IE
parceque ça me rassure pas l'état actuel là
j'ai fait une recherche sur google
c'est fou comme ça met le boxon ce fichier
enfin
voici le log
Logfile of HijackThis v1.99.1
Scan saved at BLD - 23:35:37, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\crypserv.exe
D:\ewido anti-spyware 4.0\guard.exe
D:\eTrust Antivirus\InoRpc.exe
D:\eTrust Antivirus\InoRT.exe
D:\eTrust Antivirus\InoTask.exe
D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\Explorer.EXE
D:\ETRUST~1\realmon.exe
D:\eTrust Antivirus\eAVTrial.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe
D:\Unlocker\UnlockerAssistant.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Skype\Phone\Skype.exe
I:\- SOFTs\install temp\acrobat writer 7\Acrobat\acrobat_sl.exe
D:\logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
I:\- SOFTs\- ANTIVIRUS\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\- SOFTs\install temp\acrobat writer 7\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - D:\PopupPopper\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] D:\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [eAVTrial] D:\eTrust Antivirus\eAVTrial.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "D:\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "D:\Ahead\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PopupPopper Panneau de configuration - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - D:\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRpc.exe
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRT.exe
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe (file missing)
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
je retenterais quand même une réinstalle de IE
parceque ça me rassure pas l'état actuel là
re,
T as vu mon poste au dessu?
Redemarre ton pc et remet un hijack this
PS/decris moi la procedure que tu as faites, merci
a+
T as vu mon poste au dessu?
Redemarre ton pc et remet un hijack this
PS/decris moi la procedure que tu as faites, merci
a+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ah non j'avais pas vu ton post au dessus
pour te dire rapidement comment j'ai fais
j'ai supprimé toutes les clées de registre liées à iexplore.exe
ça termine la malveillance du malware
ie fonctionne encore puisque ce coup ci j'ai pas supprimé le fichier iexplore.exe
du coup j'ai fait comme tu m'as dit
Fixe ceci
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
Supprime:
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
sauf que le artm machin truc nul voulait pas se laisser éradiquer normalement
petite recherche google comme je fais d'habitude (c'est comme ça que je suis arrivé ici) pour aboutir à des discution sur le fichiers qui datent de la mi juin et ou il conseil exactement la même chose
sauf que là il est précisé d'utiliser UNLOCKER avec un lien pour le dl
je fais et le dll disparait sans coup fait (plus) rire
avant j'ai quand même pris soin de supprimer la clée de registre de ce fichier (le dossier même)
voilà
j'ai dl le soft de ton dernier message
et je ne vois rien qui correspont à ce que tu veux que je cherche
c'est plutot bon signe
mais rien n'est gagné tant que j'ai pas réinstallé ie comme il faut
à suivre donc ...
en tout cas jusqu'ici, MERCI de ta précieuse aide
et j'ai aussi constaté que tu n'est pas le seul à agir de la sorte
et c'est tant mieux pour tout le monde :-D
pour te dire rapidement comment j'ai fais
j'ai supprimé toutes les clées de registre liées à iexplore.exe
ça termine la malveillance du malware
ie fonctionne encore puisque ce coup ci j'ai pas supprimé le fichier iexplore.exe
du coup j'ai fait comme tu m'as dit
Fixe ceci
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
Supprime:
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
sauf que le artm machin truc nul voulait pas se laisser éradiquer normalement
petite recherche google comme je fais d'habitude (c'est comme ça que je suis arrivé ici) pour aboutir à des discution sur le fichiers qui datent de la mi juin et ou il conseil exactement la même chose
sauf que là il est précisé d'utiliser UNLOCKER avec un lien pour le dl
je fais et le dll disparait sans coup fait (plus) rire
avant j'ai quand même pris soin de supprimer la clée de registre de ce fichier (le dossier même)
voilà
j'ai dl le soft de ton dernier message
et je ne vois rien qui correspont à ce que tu veux que je cherche
c'est plutot bon signe
mais rien n'est gagné tant que j'ai pas réinstallé ie comme il faut
à suivre donc ...
en tout cas jusqu'ici, MERCI de ta précieuse aide
et j'ai aussi constaté que tu n'est pas le seul à agir de la sorte
et c'est tant mieux pour tout le monde :-D
Salut
Alors des nouvelles?
Remet un Hijack this stp
a+
Alors des nouvelles?
Remet un Hijack this stp
a+
salut
j'ai pas eu trop le temps de m'en occuper
voici le rapport hijack
Logfile of HijackThis v1.99.1
Scan saved at BLD - 00:20:33, on 05/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\ETRUST~1\realmon.exe
D:\eTrust Antivirus\eAVTrial.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\ewido anti-spyware 4.0\guard.exe
D:\eTrust Antivirus\InoRpc.exe
D:\eTrust Antivirus\InoRT.exe
D:\eTrust Antivirus\InoTask.exe
D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\ups.exe
D:\logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
D:\Internet Explorer\iexplore.exe
D:\Office\Office\OUTLOOK.EXE
I:\- SOFTs\- ANTIVIRUS\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\- SOFTs\install temp\acrobat writer 7\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - D:\PopupPopper\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] D:\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [eAVTrial] D:\eTrust Antivirus\eAVTrial.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "D:\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "D:\Ahead\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PopupPopper Panneau de configuration - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - D:\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRpc.exe
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRT.exe
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe (file missing)
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
j'ai pas eu trop le temps de m'en occuper
voici le rapport hijack
Logfile of HijackThis v1.99.1
Scan saved at BLD - 00:20:33, on 05/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\ETRUST~1\realmon.exe
D:\eTrust Antivirus\eAVTrial.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\ewido anti-spyware 4.0\guard.exe
D:\eTrust Antivirus\InoRpc.exe
D:\eTrust Antivirus\InoRT.exe
D:\eTrust Antivirus\InoTask.exe
D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\ups.exe
D:\logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
D:\Internet Explorer\iexplore.exe
D:\Office\Office\OUTLOOK.EXE
I:\- SOFTs\- ANTIVIRUS\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\- SOFTs\install temp\acrobat writer 7\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - D:\PopupPopper\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] D:\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [eAVTrial] D:\eTrust Antivirus\eAVTrial.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "I:\- SOFTs\install temp\acrobat writer 7\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATICCC] "D:\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "D:\Ahead\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://I:\- SOFTs\install temp\acrobat writer 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PopupPopper Panneau de configuration - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - D:\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRpc.exe
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoRT.exe
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - D:\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe (file missing)
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - D:\3dsmax7\Brazil\Licensing\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
