Prorat.

On va verifier

Installe Ewido
Lance Ewido puis mets le à jour en cliquant sur " Update Now "
Ferme le programme.
Aide sur Ewido de Rub_Mic

Redémarre en mode sans échec

Relance Ewido puis choisis l'onglet " Scanner "
Fais un " Complete System Scan "
* Si un fichier est infecté, choisis l'option " Apply All Actions " en fin d'analyse *
Clique sur " Save Report " puis sur " Save Report As "
Enregistre ce fichier .txt sur ton bureau, Copie/Colle le ici en mode normal.

Voici le rapport Ewido :

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:29:26 08/08/2006

+ Scan result:



I:\WINDOWS\system32\winkey.dll -> Backdoor.Prorat.19.ah : Cleaned with backup (quarantined).
I:\WINDOWS\system\sservice.exe -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
:mozilla.150:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.83:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.85:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.86:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.153:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned.
:mozilla.186:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.66:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.232:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.233:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.158:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.160:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.183:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.184:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.185:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.122:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.123:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.124:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.163:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.137:I:\Documents and Settings\Dj Mardouk\Application Data\Mozilla\Firefox\Profiles\94aqhvk6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


Edit : J'ai passé un coup de spybot , il ma apparemment supprimé prorat du registre , je vais continuer à scanner avec d'autres logs.

Si ça peut aider voici un rapport ad-aware qui ma également éliminé du prorat :


Ad-Aware SE Build 1.06r1
Logfile Created on:mercredi 9 août 2006 00:29:32
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R118 07.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Backdoor.Prorat.16(TAC index:8):1 total references
MRU List(TAC index:0):5 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


09-08-2006 00:29:32 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : I:\Documents and Settings\Dj Mardouk\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-329068152-839522115-1004\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-329068152-839522115-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 544
ThreadCreationTime : 08-08-2006 21:31:19
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\I:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 08-08-2006 21:31:23
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\I:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 08-08-2006 21:31:23
BasePriority : High


#:4 [services.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 1016
ThreadCreationTime : 08-08-2006 21:31:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 1028
ThreadCreationTime : 08-08-2006 21:31:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 1196
ThreadCreationTime : 08-08-2006 21:31:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 08-08-2006 21:31:25
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : I:\WINDOWS\System32\
ProcessID : 1344
ThreadCreationTime : 08-08-2006 21:31:25
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [stylexpservice.exe]
FilePath : I:\Program Files\TGTSoft\StyleXP\
ProcessID : 1372
ThreadCreationTime : 08-08-2006 21:31:25
BasePriority : Normal
FileVersion : 0, 20, 0, 3000
ProductVersion : 0, 20, 0, 3000
ProductName : StyleXPService Module
FileDescription : StyleXPService Module
InternalName : StyleXPService
LegalCopyright : Copyright 2001
OriginalFilename : StyleXPService.EXE

#:10 [svchost.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 1500
ThreadCreationTime : 08-08-2006 21:31:25
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 1668
ThreadCreationTime : 08-08-2006 21:31:26
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 1936
ThreadCreationTime : 08-08-2006 21:31:27
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [adskscsrv.exe]
FilePath : I:\Program Files\Fichiers communs\Autodesk Shared\Service\
ProcessID : 2044
ThreadCreationTime : 08-08-2006 21:31:27
BasePriority : Normal
FileVersion : 2.66.000
ProductName : Autodesk Licensing Service
CompanyName : Autodesk
FileDescription : System Level Service Utility

#:14 [guard.exe]
FilePath : I:\Program Files\ewido anti-spyware 4.0\
ProcessID : 232
ThreadCreationTime : 08-08-2006 21:31:28
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:15 [kpf4ss.exe]
FilePath : I:\Program Files\Sunbelt Software\Personal Firewall\
ProcessID : 240
ThreadCreationTime : 08-08-2006 21:31:28
BasePriority : Normal
FileVersion : 4.3.246.0
ProductVersion : 4.3.246.0
ProductName : Sunbelt Kerio Personal Firewall
CompanyName : Sunbelt Software
FileDescription : Sunbelt Kerio Firewall Service
InternalName : kpf4ss.exe
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
LegalTrademarks : SUNBELT SOFTWARE and the "S" logo are registered trademarks of Sunbelt Software. Sunbelt Kerio Personal Firewall and SKPF are trademarks of Sunbelt Software.
OriginalFilename : kpf4ss.exe

#:16 [nod32krn.exe]
FilePath : I:\Program Files\Eset\
ProcessID : 288
ThreadCreationTime : 08-08-2006 21:31:28
BasePriority : Normal
FileVersion : 2, 50, 41
ProductVersion : 2, 50, 41
ProductName : NOD32 Antivirus System
CompanyName : Eset
FileDescription : NOD32 Kernel Service
InternalName : NOD32 Kernel
LegalCopyright : Copyright (c) 1992-2005 Eset
LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset
OriginalFilename : nod32krn.exe

#:17 [nvsvc32.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 404
ThreadCreationTime : 08-08-2006 21:31:28
BasePriority : Normal
FileVersion : 6.14.10.7189
ProductVersion : 6.14.10.7189
ProductName : NVIDIA Driver Helper Service, Version 71.89
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.89
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [slserv.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 476
ThreadCreationTime : 08-08-2006 21:31:28
BasePriority : Normal


#:19 [svchost.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 08-08-2006 21:31:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 08-08-2006 21:31:30
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [kpf4gui.exe]
FilePath : I:\Program Files\Sunbelt Software\Personal Firewall\
ProcessID : 816
ThreadCreationTime : 08-08-2006 21:31:30
BasePriority : Normal
FileVersion : 4.3.246.0
ProductVersion : 4.3.246.0
ProductName : Sunbelt Kerio Personal Firewall
CompanyName : Sunbelt Software
FileDescription : Sunbelt Kerio Firewall GUI
InternalName : kpf4gui.exe
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
LegalTrademarks : SUNBELT SOFTWARE and the "S" logo are registered trademarks of Sunbelt Software. Sunbelt Kerio Personal Firewall and SKPF are trademarks of Sunbelt Software.
OriginalFilename : kpf4gui.exe

#:22 [spysweeper.exe]
FilePath : I:\Program Files\Webroot\Spy Sweeper\
ProcessID : 832
ThreadCreationTime : 08-08-2006 21:31:30
BasePriority : Normal
FileVersion : 3,0,5,1286
ProductVersion : 3, 0
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Engine
LegalCopyright : Copyright (C) 2002 - 2006, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe

#:23 [explorer.exe]
FilePath : I:\WINDOWS\
ProcessID : 1820
ThreadCreationTime : 08-08-2006 21:31:34
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:24 [wlancfg.exe]
FilePath : I:\Program Files\Inventel\Gateway\
ProcessID : 1152
ThreadCreationTime : 08-08-2006 21:31:36
BasePriority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : Application WLANCfg
CompanyName : Inventel
FileDescription : WLANCfg
InternalName : WLANCfg
LegalCopyright : Copyright (C) 2003 - 2004 Inventel
LegalTrademarks : Inventel
OriginalFilename : WLANCfg.EXE

#:25 [soundman.exe]
FilePath : I:\WINDOWS\
ProcessID : 768
ThreadCreationTime : 08-08-2006 21:31:37
BasePriority : Normal
FileVersion : 5, 1, 0, 52
ProductVersion : 5, 1, 0, 52
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:26 [jusched.exe]
FilePath : I:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 792
ThreadCreationTime : 08-08-2006 21:31:37
BasePriority : Normal


#:27 [qttask.exe]
FilePath : I:\Program Files\QuickTime\
ProcessID : 1048
ThreadCreationTime : 08-08-2006 21:31:37
BasePriority : Normal
FileVersion : 7.0.4
ProductVersion : QuickTime 7.0.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:28 [ituneshelper.exe]
FilePath : I:\Program Files\iTunes\
ProcessID : 1032
ThreadCreationTime : 08-08-2006 21:31:37
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:29 [nod32kui.exe]
FilePath : I:\Program Files\Eset\
ProcessID : 1284
ThreadCreationTime : 08-08-2006 21:31:37
BasePriority : Normal
FileVersion : 2, 50, 41
ProductVersion : 2, 50, 41
ProductName : NOD32 Antivirus System
CompanyName : Eset
FileDescription : NOD32 Control Center GUI
InternalName : NOD32 Control Center GUI
LegalCopyright : Copyright (c) 1992-2005 Eset
LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset
OriginalFilename : nod32kui.exe

#:30 [daemon.exe]
FilePath : I:\Program Files\DAEMON Tools\
ProcessID : 1616
ThreadCreationTime : 08-08-2006 21:31:38
BasePriority : Normal


#:31 [winpooch.exe]
FilePath : I:\Program Files\Winpooch\
ProcessID : 1656
ThreadCreationTime : 08-08-2006 21:31:38
BasePriority : Normal


#:32 [spysweeperui.exe]
FilePath : I:\Program Files\Webroot\Spy Sweeper\
ProcessID : 1664
ThreadCreationTime : 08-08-2006 21:31:38
BasePriority : Normal
FileVersion : 5,0,5,1286
ProductVersion : 5, 0
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Client Executable
LegalCopyright : Copyright (C) 2002 - 2006, All Rights Reserved.
OriginalFilename : SpySweeper.exe

#:33 [ctfmon.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 1828
ThreadCreationTime : 08-08-2006 21:31:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:34 [msnmsgr.exe]
FilePath : I:\Program Files\MSN Messenger\
ProcessID : 1868
ThreadCreationTime : 08-08-2006 21:31:39
BasePriority : Normal
FileVersion : 8.0.0787.00
ProductVersion : 8.0.0787
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:35 [teatimer.exe]
FilePath : I:\Program Files\Spybot - Search & Destroy\
ProcessID : 248
ThreadCreationTime : 08-08-2006 21:31:39
BasePriority : Idle
FileVersion : 1, 4, 0, 2
ProductVersion : 1, 4, 0, 3
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:36 [fdm.exe]
FilePath : I:\Program Files\Free Download Manager\
ProcessID : 1448
ThreadCreationTime : 08-08-2006 21:31:40
BasePriority : Normal


#:37 [ipodservice.exe]
FilePath : I:\Program Files\iPod\bin\
ProcessID : 1596
ThreadCreationTime : 08-08-2006 21:31:43
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:38 [panel.exe]
FilePath : I:\Program Files\Office-Web\Office-Web Center\
ProcessID : 1636
ThreadCreationTime : 08-08-2006 21:31:43
BasePriority : Normal


#:39 [kpf4gui.exe]
FilePath : I:\Program Files\Sunbelt Software\Personal Firewall\
ProcessID : 3500
ThreadCreationTime : 08-08-2006 21:31:49
BasePriority : Normal
FileVersion : 4.3.246.0
ProductVersion : 4.3.246.0
ProductName : Sunbelt Kerio Personal Firewall
CompanyName : Sunbelt Software
FileDescription : Sunbelt Kerio Firewall GUI
InternalName : kpf4gui.exe
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
LegalTrademarks : SUNBELT SOFTWARE and the "S" logo are registered trademarks of Sunbelt Software. Sunbelt Kerio Personal Firewall and SKPF are trademarks of Sunbelt Software.
OriginalFilename : kpf4gui.exe

#:40 [svchost.exe]
FilePath : I:\WINDOWS\system32\
ProcessID : 2952
ThreadCreationTime : 08-08-2006 21:32:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:41 [firefox.exe]
FilePath : I:\Program Files\Mozilla Firefox\
ProcessID : 2772
ThreadCreationTime : 08-08-2006 22:04:59
BasePriority : Normal


#:42 [ad-aware.exe]
FilePath : I:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2424
ThreadCreationTime : 08-08-2006 22:25:16
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Backdoor.Prorat.16 Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1229272821-329068152-839522115-1004\software\microsoft\active setup\installed components\{5y99ae78-58tt-11dw-be53-y67078979y}

Windows Object Recognized!
Type : RegData
Data : "regedit.exe" "%1"
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : "regedit.exe" "%1"

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 7


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7



Deep scanning and examining files (I 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for I:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Scanning Hosts file......
Hosts file location:"I:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
3 entries scanned.
New critical objects:0
Objects found so far: 7




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

00:57:56 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:28:23.890
Objects scanned:149173
Objects identified:2
Objects ignored:0
New critical objects:2

Poste un nouveau rapport Hijackthis.

Je peut pas , le bot du forum m'en empêche.

Comment ca ?

EDIT : Mince ! Il faut que j'en parle sur le topic de la version.

Sur la nouvelle version y'a une sorte de bot anti SMS , qui empêche de poster un message qui resemble un peu à n'importe quoi , pour limité les postes illisible et comme un log hijackthis c'est pas ce qu'il y a de plus clair ba le site m'empêche de le poster....

C'est embetant =/

pour pouver suprimer les serveur de prorat a partir de prorat telecharge le www.prorat.net puis tu cliquer sur suprimer le serveur  

Enleve ce lien tout de suite !!!!

Attend il a déjà infecter mon pc , je vais pas le téléchager en plus !

Et retire ce lien !

Essaie ceci :

Met ton log Hijackthis entre [code*][/code*]

Sans les *

Logfile of HijackThis v1.99.1

Scan saved at 22:30:30, on 09/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 
Running processes:

I:\WINDOWS\System32\smss.exe

I:\WINDOWS\system32\winlogon.exe

I:\WINDOWS\system32\services.exe

I:\WINDOWS\system32\lsass.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\System32\svchost.exe

I:\WINDOWS\system32\spoolsv.exe

I:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

I:\Program Files\ewido anti-spyware 4.0\guard.exe

I:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

I:\Program Files\Eset\nod32krn.exe

I:\WINDOWS\system32\nvsvc32.exe

I:\WINDOWS\system32\slserv.exe

I:\WINDOWS\system32\svchost.exe

I:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

I:\Program Files\Inventel\Gateway\wlancfg.exe

I:\WINDOWS\Explorer.EXE

I:\WINDOWS\SOUNDMAN.EXE

I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

I:\Program Files\QuickTime\qttask.exe

I:\Program Files\iTunes\iTunesHelper.exe

I:\Program Files\Eset\nod32kui.exe

I:\Program Files\DAEMON Tools\daemon.exe

I:\Program Files\Winpooch\Winpooch.exe

I:\WINDOWS\system32\ctfmon.exe

I:\Program Files\MSN Messenger\MsnMsgr.Exe

I:\Program Files\iPod\bin\iPodService.exe

I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

I:\Program Files\Office-Web\Office-Web Center\panel.exe

I:\PROGRA~1\MOZILL~1\FIREFOX.EXE

I:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

I:\WINDOWS\system32\svchost.exe

I:\Program Files\iTunes\iTunes.exe

I:\Documents and Settings\Dj Mardouk\Bureau\HijackThis.exe

 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.wanadoo.fr" target="_blank">http://www.wanadoo.fr</a>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O1 - Hosts: 207.46.2.21 messenger.hotmail.com

O1 - Hosts: 222.111.150.111 gwgt1.joymax.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - I:\WINDOWS\system32\smiehlp.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" I:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nod32kui] "I:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [IMJPMIG8.1] "I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] "I:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] "I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

O4 - HKLM\..\Run: [PHIME2002A] "I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

O4 - HKLM\..\Run: [DAEMON Tools] "I:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Winpooch] "I:\Program Files\Winpooch\Winpooch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [SpybotSD TeaTimer] "I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: OfficeWebCenter.lnk = ?

O4 - Global Startup: SECRETMAKER.lnk = I:\Program Files\Secretmaker\secretmaker.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://I:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://I:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site with Free Download Manager - file://I:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Download with Free Download Manager - file://I:\Program Files\Free Download Manager\dllink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - <a href="http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab" target="_blank">http://messenger.zone.msn.com/binary/msgrchkr.cab31267....</a>

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - <a href="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab" target="_blank">http://messenger.zone.msn.com/binary/MessengerStatsPACl...</a>

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - <a href="http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab" target="_blank">http://messenger.zone.msn.com/binary/MineSweeper.cab312...</a>

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - <a href="http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab" target="_blank">http://messenger.zone.msn.com/binary/MessengerStatsClie...</a>

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - <a href="http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab" target="_blank">http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...</a>

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - <a href="http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab" target="_blank">http://messenger.zone.msn.com/binary/Bankshot.cab31267....</a>

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Autodesk Licensing Service - Autodesk - I:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - I:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: Freenet 0.7 darknet (freenet-darknet) - Unknown owner - I:\Program Files\freenet\bin\wrapper-windows-x86-32.exe" -s ../wrapper.conf (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - I:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - I:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - Unknown owner - I:\WINDOWS\system32\oodag.exe (file missing)

O23 - Service: SmartLinkService (SLService) - Smart Link - I:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - I:\Program Files\Inventel\Gateway\wlancfg.exe

Fixe ces deux lignes
# O1 - Hosts: 207.46.2.21 messenger.hotmail.com
# O1 - Hosts: 222.111.150.111 gwgt1.joymax.com

- Fais un scan en ligne Kaspersky
Aide pour le scan en ligne
Sauvegarde puis colle le rapport en fin d'analyse.

regard si tu veux suprimer les serveur de prorat il faut telecharger prorat 1.9

Je peut pas faire le scan en ligne ça me dit que la licence de kaspersky on line scanner est périméé

Sinon je peut passer un coup de mon antivirus et poster le rapport si il en créer un , c'est NOD32.

Ok  

NOD32 N'a rien détécté ,et j'ai fixer les ligne du rapport hijackthis , ça devrait être bon?

Quoi qu'il en soit je continu des scans avec des logs pour nettoyer mon pc.