Besoin d'aide

[megataupe]

Hijackthis est toujours à utiliser en dernier, de préférence en mode sans échec.

[Desmodus]

Desolé mais ca fonctionne pas l'antivirus en ligne

Donc je vais rebooter mon pc et scanner avec Hi jack

[Invité tesgaz]

installes antivir a jour et passes le en mode sans echec, c'est beaucoup plus efficace

 

http://www.free-av.com

 

pour le parametrer juste apres l'installation :

http://speedweb1.free.fr/frames2.php?page=tuto5

[Desmodus]

Ca y est j'ai scanné avec HiJack voici le rapport

 

Logfile of HijackThis v1.99.1

Scan saved at 23:31:58, on 18/06/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\userinit.exe

C:\WINNT\Explorer.EXE

C:\Documents and Settings\Administrateur\Mes documents\guy.mansart\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

F3 - REG:win.ini: run=C:\WINNT\inet20057\winlogon.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {8B01E89E-1DBB-40D1-9B46-A4BFA5CA3186} - C:\WINNT\system32\mlhd.dll

O2 - BHO: (no name) - {CFA18DFB-E8A6-C79B-8380-1A552B35D9A2} - C:\DOCUME~1\ADMINI~1\APPLIC~1\ACEINT~1\curb live.exe

O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba2.dll

O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll

O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)

O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba2.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrateur\Mes documents\Fichiers MSN Messenger\Nouveau dossier\MsgPlus.exe"

O4 - HKLM\..\Run: [book 16 shim film] C:\Documents and Settings\All Users\Application Data\SkipItchBook16\send ford.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [msxct] msxct.exe

O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20057\winlogon.exe

O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn64.exe rundll.dll,LoadMouseProfile

O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe

O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINNT\winsocks5.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [Manager window] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRUSTB~1\16 memo.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20057\winlogon.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab

O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1324eb2ac127f6...RdxIE601_fr.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O18 - Filter: text/html - {FE70F112-413A-48D7-86EB-81E7BD9CA5F6} - C:\WINNT\system32\mlhd.dll

O18 - Filter: text/plain - {FE70F112-413A-48D7-86EB-81E7BD9CA5F6} - C:\WINNT\system32\mlhd.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

[Desmodus]

Bon je vais aller me coucher, je reviendrai demain.

 

Merci pour votre aide, j'espere que vous serez là demain.

 

A bientot

 

Desmodus

[ipl_001]

Bonsoir Desmodus, bonsoir à tous,

 

Je te souhaite la bienvenue sur Zeb'-Sécurité ! Merci de venir sur notre forum !

 

As-tu effectué ce qu'a demandé tesgaz :

installes antivir a jour  et passes le en mode sans echec, c'est beaucoup plus efficace

 

http://www.free-av.com

 

pour le parametrer juste apres l'installation :

http://speedweb1.free.fr/frames2.php?page=tuto5

 

Je démarre une analyse de ton rapport HijackThis... réponse d'ici 15-20 minutes !

 

---édition : il y a emule installé dans ton système !

Désolé mais je ne peux pas te répondre car c'est contraire à la charte du forum que tu acceptes en postant !!!

6 - Pas de Warez, pas de cracks, rien d'illégal. Le p2p («peer to peer»), procédé permettant d'échanger tous types de fichiers entre deux ordinateurs connectés sur le réseau, n'est pas toléré !

et moi, je me suis encore fait piéger ! Je n'avais pas vu !

 

Ceci explique sans doute que tu n'aies pas eu d'analyse de ton rapport HijackThis !

Ton système est abominablement infecté !

[Desmodus]

Ca y est je viens de desinstaller emule, desolé j'avais pas vu qu'il était encore installé

 

Ca te dérange si je reviens demain car la je suis crevé merci pour ton aide et peut etre a demain

[ipl_001]

Bonjour Desmodus, bonjourr à tous,

 

Très bien d'avoir désinstallé emule ! C'est un excellent début !

(la suite de ce post a été composée hier car j'attendais quelque chose qui est arrivé ce matin)

 

 

 

- télécharge SpHjfix/SpSeHjfix de Seeker ( http://www.trojaner-info.de/cgi-bin/downlo...gi?file=sphjfix ) et installe le dans un répertoire alloué.

- télécharge DelDomains.inf de Mike Burgess ( http://www.mvps.org/winhelp2002/DelDomains.inf ) - clic droit / Enregistrer la cible sous...

 

 

 

Redémarre en mode sans échec.

 

Lance SpSeHjfix

. vider les fichiers Temp, le cache d'IE

. lancer SpSeHjfix

.. cliquer sur le bouton "start disinfection"

.. en cas d'infection sp.exe, l'ordinateur est redémarré

.. SpHjfix/SpSeHjfix reprend la main avant démarrage de Windows pour désinfection sans être gêné par les processus en cours.

. examiner, communiquer le fichier log généré

. lancer Spybot Search and Destroy pour compléter la désinfection.

 

Lance DelDomains - clic droit / Installer (pas besoin de redémarrer)

N.B. : Ceci va enlever toutes les entrées des "Sites de confiance" et de "Domaines".

 

Désinstalle ces applications (si tu trouves) dans Ajout-Suppression de programmes :

- emule

- Messenger Plus !

- ISTbar

- 180solutions

- PSGuard

 

Relance un scan HijackThis et coche les lignes en gras ci-dessous :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

F3 - REG:win.ini: run=C:\WINNT\inet20057\winlogon.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {8B01E89E-1DBB-40D1-9B46-A4BFA5CA3186} - C:\WINNT\system32\mlhd.dll

O2 - BHO: (no name) - {CFA18DFB-E8A6-C79B-8380-1A552B35D9A2} - C:\DOCUME~1\ADMINI~1\APPLIC~1\ACEINT~1\curb live.exe

O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba2.dll

O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll

O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)

O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba2.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrateur\Mes documents\Fichiers MSN Messenger\Nouveau dossier\MsgPlus.exe"

O4 - HKLM\..\Run: [book 16 shim film] C:\Documents and Settings\All Users\Application Data\SkipItchBook16\send ford.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [msxct] msxct.exe

O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20057\winlogon.exe

O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn64.exe rundll.dll,LoadMouseProfile

O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe

O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINNT\winsocks5.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [Manager window] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRUSTB~1\16 memo.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20057\winlogon.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab

O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1324eb2ac127f6...RdxIE601_fr.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O18 - Filter: text/html - {FE70F112-413A-48D7-86EB-81E7BD9CA5F6} - C:\WINNT\system32\mlhd.dll

O18 - Filter: text/plain - {FE70F112-413A-48D7-86EB-81E7BD9CA5F6} - C:\WINNT\system32\mlhd.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Ferme toutes les fenêtres sauf HijackThis et "Fix Checked".

 

Redémarre l'ordinateur en mode sans échec.

- suppression des fichiers inutiles par

Démarrer / Exécuter / tape CleanMgr et clique sur OK / OK pour accepter l'examen du disque C: / coche toutes les cases et clique sur OK / OK pour confirmer la suppression des fichiers inutiles

Lancement de l'Explorateur Windows : supprimer le contenu de C:\Temp et C:\Windows (ou WinNT)\Temp

- Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

--- C:\WINNT\inet20057\winlogon.exe

--- C:\WINNT\system32\mlhd.dll

--- C:\WINNT\pumba2.dll

--- C:\WINNT\system32\iasada.dll

--- C:\WINNT\system32\popcorn64.exe

--- C:\WINNT\winsocks5.exe

--- C:\WINNT\web\related.htm

--- C:\foo.mht

--- c:\eied_s7.cab

--- c:\ex.cab

--- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp (vide le dossier)

--- C:\DOCUME~1\ADMINI~1\APPLIC~1\ACEINT~1 (supprime le dossier)

--- C:\Documents and Settings\All Users\Application Data\SkipItchBook16 (supprime le dossier)

--- c:\program files\180solutions (supprime le dossier)

--- C:\WINNT\inet20057 (supprime le dossier)

--- C:\Program Files\PSGuard (supprime le dossier)

--- C:\Program Files\emule (supprime le dossier)

--- msxct.exe (recherche sur le disque, probablement dans System32, quelle est sa date de dernière maj ?)

En cas de difficultés, vérifier l'option d'affichage des fichiers, les attributs "Lecture seule", etc.

- suppression des fichiers inutiles par EasyCleaner-Inutile(s) de Toni Helenius sur http://personal.inet.fi/business/toniarts/ecleane.htm

- vidage des zones de quarantaine éventuelles

- nettoyage de la base de registres par EasyCleaner-Registre de Toni Helenius sur http://personal.inet.fi/business/toniarts/ecleane.htm

 

Redémarre l'ordinateur en mode normal et poste un nouveau rapport HijackThis à titre de vérification.

[Desmodus]

Bonjour je suis désolé de ne pas avoir pu revenir avant, j'avais le bac a passer.

 

Je viens de refaire un scan avec HiJack Le voici

 

Logfile of HijackThis v1.99.1

Scan saved at 18:31:16, on 22/06/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\System32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\drivers\CDAC11BA.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\Explorer.EXE

C:\WINNT\inet20057\winlogon.exe

C:\WINNT\system32\sstray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\MESSAG~1\StartMessager.exe

C:\PROGRA~1\WANADOO\CnxMon.exe

C:\PROGRA~1\WANADOO\TaskbarIcon.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\WINNT\system32\msxct.exe

C:\WINNT\winsocks5.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINNT\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

c:\progra~1\intern~1\iexplore.exe

C:\PROGRA~1\WANADOO\EspaceWanadoo.exe

C:\Program Files\Logitech\ImageStudio\LowLight.exe

C:\PROGRA~1\WANADOO\ComComp.exe

C:\PROGRA~1\WANADOO\Watch.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\Administrateur\Mes documents\guy.mansart\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fygxonjtklgyujbzkhhssn.com/UUKZ...N_ak2S5NYq/.jsp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kmzlaxoypgl.com/UUKZR3gTUgUlK6v...pXGL0UjWDQ.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

F3 - REG:win.ini: run=C:\WINNT\inet20057\winlogon.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {CFA18DFB-E8A6-C79B-8380-1A552B35D9A2} - C:\DOCUME~1\ADMINI~1\APPLIC~1\ACEINT~1\curb live.exe

O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba3.dll

O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll

O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)

O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba3.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrateur\Mes documents\Fichiers MSN Messenger\Nouveau dossier\MsgPlus.exe"

O4 - HKLM\..\Run: [book 16 shim film] C:\Documents and Settings\All Users\Application Data\SkipItchBook16\send ford.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [msxct] msxct.exe

O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20057\winlogon.exe

O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn64.exe rundll.dll,LoadMouseProfile

O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe

O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINNT\winsocks5.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [Manager window] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRUSTB~1\16 memo.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20057\winlogon.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab

O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1324eb2ac127f6...RdxIE601_fr.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{011FAB6C-412C-4CBB-8D8C-39F9956C20CA}: NameServer = 80.10.246.1 80.10.246.132

O17 - HKLM\System\CS2\Services\Tcpip\..\{011FAB6C-412C-4CBB-8D8C-39F9956C20CA}: NameServer = 80.10.246.1 80.10.246.132

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

 

 

Voici aussi le rapport de spsehjfix

 

 

 

(6/22/05 17:20:04) SPSeHjFix started v1.1.2

(6/22/05 17:20:04) OS: Win2000 Service Pack 4 (5.0.2195)

(6/22/05 17:20:04) Language: français

(6/22/05 17:20:04) Win-Path: C:\WINNT

(6/22/05 17:20:04) System-Path: C:\WINNT\system32

(6/22/05 17:20:04) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\

(6/22/05 17:20:06) Disinfection started

(6/22/05 17:20:06) Bad-Dll(IEP): c:\docume~1\admini~1\locals~1\temp\se.dll

(6/22/05 17:20:06) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINNT\system32\mlhd.dll

(6/22/05 17:20:06) Searchassistant Uninstaller - Keys Deleted

(6/22/05 17:20:06) UBF: 9 - UBB: 6 - UBR: 31

(6/22/05 17:20:06) FilterKey: HKCR\text/html (deleted)

(6/22/05 17:20:06) FilterKey: HKCR\CLSID\{FE70F112-413A-48D7-86EB-81E7BD9CA5F6} (deleted)

(6/22/05 17:20:06) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)

(6/22/05 17:20:06) FilterKey: HKCR\text/plain (deleted)

(6/22/05 17:20:06) FilterKey: HKCR\CLSID\{FE70F112-413A-48D7-86EB-81E7BD9CA5F6} (error while deleting)

(6/22/05 17:20:06) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)

(6/22/05 17:20:06) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B01E89E-1DBB-40D1-9B46-A4BFA5CA3186} (deleted)

(6/22/05 17:20:06) BHO-Key: HKCR\CLSID\{8B01E89E-1DBB-40D1-9B46-A4BFA5CA3186} (deleted)

(6/22/05 17:20:06) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall (deleted)

(6/22/05 17:20:06) UBF: 7 - UBB: 5 - UBR: 30

(6/22/05 17:20:06) Bad IE-pages:

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank

deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank

deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank

(6/22/05 17:20:06) Stealth-String not found

(6/22/05 17:20:06) File added to delete: c:\winnt\system32\mlhd.dll

(6/22/05 17:20:06) File added to delete: c:\docume~1\admini~1\locals~1\temp\se.dll

(6/22/05 17:20:06) Reboot

 

 

(6/22/05 17:21:45) SPSeHjFix started v1.1.2

(6/22/05 17:21:45) OS: Win2000 Service Pack 4 (5.0.2195)

(6/22/05 17:21:45) Language: français

(6/22/05 17:21:45) Win-Path: C:\WINNT

(6/22/05 17:21:45) System-Path: C:\WINNT\system32

(6/22/05 17:21:45) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\

(6/22/05 17:22:17) Disinfection started

(6/22/05 17:22:17) Bad-Dll(IEP): c:\docume~1\admini~1\locals~1\temp\se.dll

(6/22/05 17:22:17) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINNT\system32\mlhd.dll

(6/22/05 17:22:17) Searchassistant Uninstaller - Keys Deleted

(6/22/05 17:22:17) UBF: 9 - UBB: 6 - UBR: 31

(6/22/05 17:22:17) FilterKey: HKCR\text/html (deleted)

(6/22/05 17:22:17) FilterKey: HKCR\CLSID\{6D10722F-34A2-4AF0-BC72-53483A36B00A} (deleted)

(6/22/05 17:22:17) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)

(6/22/05 17:22:17) FilterKey: HKCR\text/plain (deleted)

(6/22/05 17:22:17) FilterKey: HKCR\CLSID\{6D10722F-34A2-4AF0-BC72-53483A36B00A} (error while deleting)

(6/22/05 17:22:17) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)

(6/22/05 17:22:17) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2263C16A-2E82-414A-B6C7-89D291373049} (deleted)

(6/22/05 17:22:17) BHO-Key: HKCR\CLSID\{2263C16A-2E82-414A-B6C7-89D291373049} (deleted)

(6/22/05 17:22:17) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall (deleted)

(6/22/05 17:22:17) UBF: 7 - UBB: 5 - UBR: 30

(6/22/05 17:22:17) Bad IE-pages:

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank

deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank

deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank

(6/22/05 17:22:17) Stealth-String not found

(6/22/05 17:22:17) File added to delete: c:\winnt\system32\mlhd.dll

(6/22/05 17:22:17) File added to delete: c:\docume~1\admini~1\locals~1\temp\se.dll

(6/22/05 17:22:17) Reboot

 

 

(6/22/05 17:44:10) SPSeHjFix started v1.1.2

(6/22/05 17:44:10) OS: Win2000 Service Pack 4 (5.0.2195)

(6/22/05 17:44:10) Language: français

(6/22/05 17:44:10) Win-Path: C:\WINNT

(6/22/05 17:44:10) System-Path: C:\WINNT\system32

(6/22/05 17:44:10) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\

(6/22/05 17:44:12) Disinfection started

(6/22/05 17:44:12) Bad-Dll(IEP): (not found)

(6/22/05 17:44:12) Bad-Dll(IEP) in BHO: (not found)

(6/22/05 17:44:12) UBF: 7 - UBB: 5 - UBR: 30

(6/22/05 17:44:12) UBF: 7 - UBB: 5 - UBR: 30

(6/22/05 17:44:12) Bad IE-pages:

deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank

(6/22/05 17:44:12) Stealth-String not found

(6/22/05 17:44:12) Not infected->END

 

 

(6/22/05 17:44:58) SPSeHjFix started v1.1.2

(6/22/05 17:44:58) OS: Win2000 Service Pack 4 (5.0.2195)

(6/22/05 17:44:58) Language: français

(6/22/05 17:44:58) Win-Path: C:\WINNT

(6/22/05 17:44:58) System-Path: C:\WINNT\system32

(6/22/05 17:44:58) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\

(6/22/05 17:44:59) Disinfection started

(6/22/05 17:44:59) Bad-Dll(IEP): (not found)

(6/22/05 17:44:59) Bad-Dll(IEP) in BHO: (not found)

(6/22/05 17:44:59) UBF: 7 - UBB: 5 - UBR: 30

(6/22/05 17:44:59) UBF: 7 - UBB: 5 - UBR: 30

(6/22/05 17:44:59) Bad IE-pages: (none)

(6/22/05 17:44:59) Stealth-String not found

(6/22/05 17:44:59) Not infected->END

 

 

(6/22/05 17:57:32) SPSeHjFix started v1.1.2

(6/22/05 17:57:32) OS: Win2000 Service Pack 4 (5.0.2195)

(6/22/05 17:57:32) Language: français

(6/22/05 17:57:32) Win-Path: C:\WINNT

(6/22/05 17:57:32) System-Path: C:\WINNT\system32

(6/22/05 17:57:32) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\

 

 

(6/22/05 18:02:09) SPSeHjFix started v1.1.2

(6/22/05 18:02:09) OS: Win2000 Service Pack 4 (5.0.2195)

(6/22/05 18:02:09) Language: français

(6/22/05 18:02:09) Win-Path: C:\WINNT

(6/22/05 18:02:09) System-Path: C:\WINNT\system32

(6/22/05 18:02:09) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\

(6/22/05 18:02:10) Disinfection started

(6/22/05 18:02:10) Bad-Dll(IEP): (not found)

(6/22/05 18:02:10) Bad-Dll(IEP) in BHO: (not found)

(6/22/05 18:02:10) UBF: 7 - UBB: 5 - UBR: 30

(6/22/05 18:02:10) UBF: 7 - UBB: 5 - UBR: 30

(6/22/05 18:02:10) Bad IE-pages: (none)

(6/22/05 18:02:10) Stealth-String not found

(6/22/05 18:02:10) Not infected->END

 

 

Merci encore pour ton aide

 

Desmodus

[Invité Stonangel]

Bonsoir, c'est assez singulier de lire encore ça:

 

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart