log Hijackthis a verifier... egaccess4_1063_XP.cab [Résolu]

Ninie62

Bonjour,

beh comme le dit le nom du sujet... Voici le rapport avec Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 16:16:38, on 07/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Packard Bell EverSafe\TrayControl.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.miely.free.fr/google_chti
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Athan] C:\Documents and Settings\stef\Mes documents\Athan\Athan.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_XP.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C'es grave docteur ?? Laughing

Merci d'avance Wink

**Marie**

Bonjour Ninie Very Happy

Relance HijackThis et coche ces 2 lignes:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_XP.cab

Ferme toutes les fenêtres d'Internet Explorer puis clique sur Fix Checked.
Confirme puis redémarre le PC.

Fais un scan en ligne chez Panda. Poste le rapport dans ta prochaine réponse.

Poste un nouveau log HijackThis.

@+

Ninie62

Re

le scan avec panda :

Incident Status Location

Dialer:dialer.b Not disinfected c:\windows\p2esocks_1049.dll
Adware:adware/navipromo Not disinfected Windows Registry
Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_classes_root\WAP6.PCheck
Adware:adware/block-checker Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.2o7.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.adtech.de/]
Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.smartadserver.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.zedo.com/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\kkyp724e.default\cookies.txt[.247realmedia.com/]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Jérémy\Application Data\name once software\cwmrqofx.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Jérémy\Application Data\name once software\lrfkwmbo.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\bis12.exe
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@as1.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@bluestreak[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@doubleclick[1].txt
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@fl01.ct2.comclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@mediaplex[1].txt
Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@smartadserver[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@tradedoubler[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@valueclick[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@weborama[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\Cookies\jérémy@zedo[2].txt
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\cz1tqe9a.exe
Dialer:Dialer.DNS Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\ICD1.tmp\EGDACCESS_1068.dll
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Jérémy\Local Settings\Temp\staB8.exe

Ninie62

Avec hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 19:20:54, on 07/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Packard Bell EverSafe\TrayControl.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.miely.free.fr/google_chti
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Athan] C:\Documents and Settings\stef\Mes documents\Athan\Athan.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

salut

**Marie**

Télécharge et installe Cleanup. C'est un programme qui permet de nettoyer les fichiers temporaires, les caches internet des navigateurs les plus connus, les cookies ....
Dans Options, vérifie que l'ascenseur est bien positionné sur Standard Cleanup. Ne le lance pas pour le moment.

Affiche les fichiers cachés. Pour afficher les fichiers cachés.
Supprime les fichiers/dossiers suivants en gras:
c:\windows\p2esocks_1049.dll
C:\Documents and Settings\Jérémy\Application Data\name once software\cwmrqofx.exe
C:\Documents and Settings\Jérémy\Application Data\name once software\lrfkwmbo.exe
Si après avoir supprimé ces 2 derniers fichiers, le répertoire name once software est vide, supprime le. Sinon, dis moi ce qui reste dedans.

Apparemment, PestPatrol est installé sur ton PC. Mets le à jour et lance le pour nettoyer le registre.

Lance Cleanup et clique sur le bouton Cleanup pour lancer le nettoyage des fichiers temporaires et des cookies. A la fin, redémarre le PC comme il te le demande.

Refais un scan Panda et poste le rapport pour qu'on s'assure que tout est parti. Wink

@+

Ninie62

Bonsoir,

voilà le rapport du scan avec panda :

Incident Status Location

Adware:adware/navipromo Not disinfected Windows Registry
Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_classes_root\WAP6.PCheck
Adware:adware/block-checker Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.2o7.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.adtech.de/]
Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.smartadserver.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[.zedo.com/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\49ljvufv.jeremy62880\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\kkyp724e.default\cookies.txt[.247realmedia.com/]

Sinon, le répertoire name once software n'est pas vide il reste :
17a6a04 fichier systeme

merci pour ton aide Very Happy

**Marie**

C'est mieux, mais il reste encore une infection dans le registre et Panda ne donne pas l'emplacement.

On va faire un scan en ligne PestPatrol en ligne.

Je sais que tu connais la procédure, mais je te la remets au cas où. Wink

Rends toi sur cette page.

Clique sur

Selon le paramétrage de ton ordinateur, une barre jaune peut apparaitre en haut de la fenêtre te prévenant que tu dois installer un contrôle Active X.
Clique sur la barre jaune puis choisis Installer.

Une boite de dialogue va s'ouvrir, clique sur Installer.

Une fois l'installation terminée, clique sur Démarrer pour lancer le scan.

Lorsque le scan est terminé clique sur le petit + devant Tout développer puis fais un copier-coller de l'intégralité de la fenêtre dans ta prochaine réponse.

@+

Ninie62

Reee !!

WinAntiVirus Pro 2006 Trojan
Trojan "WinAntiVirus Pro 2006" trouvé(s) dans:
Key "hkey_classes_root \clsid\{b2a3156e-3332-4b47-af5a-5b121503514f}"
Key "hkey_classes_root \typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}"
Key "hkey_classes_root \interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}"

eMule P2P
P2P "eMule" trouvé(s) dans:
Key "hkey_current_user \software\emule"
Key "hkey_classes_root \emule"
Key "hkey_local_machine \software\microsoft\windows\currentversion\uninstall\emule"
Key "hkey_local_machine \software\classes\ed2k"
Key "hkey_classes_root \.emulecollection"

Adtech.de Tracking Cookie
Tracking Cookie "Adtech.de" trouvé(s) dans:
Cookie "stef@adtech[2].txt" File "C:\Documents and Settings\stef\Cookies\stef@adtech[2].txt"

AtlasDMT.com Tracking Cookie
Tracking Cookie "AtlasDMT.com" trouvé(s) dans:
Cookie "stef@atdmt[2].txt" File "C:\Documents and Settings\stef\Cookies\stef@atdmt[2].txt"

HitBox.com Tracking Cookie
Tracking Cookie "HitBox.com" trouvé(s) dans:
Cookie "stef@hitbox[1].txt" File "C:\Documents and Settings\stef\Cookies\stef@hitbox[1].txt"

Mediaplex.com Tracking Cookie
Tracking Cookie "Mediaplex.com" trouvé(s) dans:
Cookie "stef@mediaplex[1].txt" File "C:\Documents and Settings\stef\Cookies\stef@mediaplex[1].txt"

Weborama Tracking Cookie
Tracking Cookie "Weborama" trouvé(s) dans:
Cookie "stef@weborama[1].txt" File "C:\Documents and Settings\stef\Cookies\stef@weborama[1].txt"

Marie elle est trooop fooorte !!! Haha

**Marie**

On est presque au bout. Very Happy

Supprime le répertoire name once software

Tu vas sauvegarder ton registre avant de le modifier.
Démarrer/Executer/saisis regedit puis OK
L'éditeur du registre s'ouvre.
Clique sur Poste de travail puis dans le menu Fichier, clique sur Exporter.
Sous Etendue de l'exportation, coche Tout.
Donne un nom à la sauvegarde (SaveReg, par exemple) et enregistre la.

On navigue dans le registre comme dans l'explorateur Windows: en cliquant sur les + à coté des dossiers.

Navigue jusqu'à la clé
hkey_classes_root \clsid\{b2a3156e-3332-4b47-af5a-5b121503514f}
Clique droit sur {b2a3156e-3332-4b47-af5a-5b121503514f} et choisis Supprimer

Navigue jusqu'à la clé
hkey_classes_root \typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}
Clique droit sur {1234890a-5e6e-4867-8136-ca6f1456b235} et choisis supprimer

Navigue jusqu'à la clé
hkey_classes_root \interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}
Clique droit sur {e18b69d0-7e9e-4c6e-bdd8-879a1fff7123} et choisis supprimer

Sors du registre par la croix en haut de la fenêtre.

Relance Cleanup pour effacer les cookies qui restent.

Ton PC doit fonctionner correctement, maintenant, non? Wink

@+

Ninie62

Bonjour !

Eh vuiii ! Nickel !

Merciiii Super Marie !!!!

**Marie**

De rien, Ninie. Contente d'avoir pu t'aider. Very Happy

----------------------------------
En attendant la réouverture du forum Sécurité et Virus d'Informastuce vous pouvez demander de l'aide pour désinfecter votre pc sur mon forum perso http://www.vista-xp.fr/forum/aide-pour-supprimer-les-virus-analyses-hijackthis-f30.html
Inscrivez-vous puis postez votre demande d'aide.
Marie