VIRUS Magic.Control

[sansnom]

Salut !

 

Après avoir 'installé' un Abobechépakoi, j'ai eu des popups du genre 'Windows Antispyware 2008'. J'ai su tout de suite que c'était des virus car j'avais deja vu ca chez qqun d'autre. Après des recherches pour supprimer le mal, j'ai utilisé Navilog1 dont voici le rapport :

 

Search Navipromo version 3.6.5 commencé le 30/08/2008 à 11:44:42,10

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis D:\Program Files\navilog1
Session actuelle : "seb" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "D:\WINDOWS2" ***

D:\WINDOWS2\mslagent trouvé !

*** Recherche dossiers dans "D:\Program Files" ***


*** Recherche dossiers dans "D:\Documents and Settings\All Users.WINDOWS2\menudm~1\progra~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\All Users.WINDOWS2\menudm~1" ***


*** Recherche dossiers dans "d:\docume~1\alluse~1.win\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\seb.SEB-5462D6492CF\applic~1" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Jo\applic~1" *** 


*** Recherche dossiers dans "D:\Documents and Settings\seb.SEB-5462D6492CF\locals~1\applic~1" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Jo\locals~1\applic~1" *** 


*** Recherche dossiers dans "D:\Documents and Settings\seb.SEB-5462D6492CF\menudm~1\progra~1" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Jo\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "D:\WINDOWS2\system32" *

* Recherche dans "D:\Documents and Settings\seb.SEB-5462D6492CF\locals~1\applic~1" * 

* Recherche dans "D:\DOCUME~1\Jo\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "D:\WINDOWS2\system32" :


* Dans "D:\Documents and Settings\seb.SEB-5462D6492CF\locals~1\applic~1" : 


* Dans "D:\DOCUME~1\Jo\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 30/08/2008 à 11:53:22,95 ***

 

J'ai aussi utilisé Malwarebytes, le rapport :

 

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1097
Windows 5.1.2600 Service Pack 2

12:20:32 30/08/2008
mbam-log-08-30-2008 (12-20-32).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 122812
Temps écoulé: 34 minute(s), 19 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 32
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 67

Processus mémoire infecté(s):
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
D:\WINDOWS2\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
D:\WINDOWS2\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\WINDOWS2\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\WINDOWS2\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS2\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080830110119265.log (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\WINDOWS2\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS2\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS2\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

 

Comme je ne sais pas analyser tout ca, je vous demande conseil pour arriver a supprimer tous ces virus !!

 

Merci d'avance.

[chrifleur]

bonjour et bienvenue

Double clique sur le raccourci Navilog1 présent sur le Bureau et laisse-toi guider.

Au menu principal, choisis 2 et valide.

 

Le fix va t'informer qu'il va alors redémarrer ton PC

Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts

Appuie sur une touche comme demandé.

(Si ton Pc ne redémarre pas automatiquement, fais-le toi-même)

Au redémarrage de ton PC, choisis ta session habituelle.

 

Patiente jusqu'au message :

*** Nettoyage Termine le ..... ***

Le bloc note va s'ouvrir.

Sauvegarde le rapport de manière à le retrouver

Referme le bloc note. Ton Bureau va réapparaître

 

PS: Si ton Bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.

Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"

Tape explorer et valide. Cela te fera apparaître ton Bureau.

 

poste un rapport hijack this

[sansnom]

Salut et merci de ton aide.

 

Voici le rapport hijack this ;

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:16, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
D:\WINDOWS2\System32\smss.exe
D:\WINDOWS2\system32\winlogon.exe
D:\WINDOWS2\system32\services.exe
D:\WINDOWS2\system32\lsass.exe
D:\WINDOWS2\system32\Ati2evxx.exe
D:\WINDOWS2\system32\svchost.exe
D:\WINDOWS2\System32\svchost.exe
D:\WINDOWS2\system32\svchost.exe
D:\WINDOWS2\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS2\Explorer.EXE
D:\WINDOWS2\system32\spoolsv.exe
D:\WINDOWS2\system32\Rundll32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS2\system32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS2\system32\firsfgrg.exe
D:\WINDOWS2\system32\PnkBstrA.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS2\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\seb.SEB-5462D6492CF\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [shmsghlp] D:\WINDOWS2\system32\firsfgrg.exe
O4 - HKLM\..\Policies\Explorer\Run: [1gI9IDoI5w] D:\Documents and Settings\seb.SEB-5462D6492CF\Bureau\AdobeFlashPlayerHD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: infochksmart - {3E8E1FEC-CF64-7976-5162-0568EC6DB46A} - D:\Program Files\fbjqah\infochksmart.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS2\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS2\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS2\system32\PnkBstrA.exe

--
End of file - 4718 bytes

[chrifleur]

suis ce tutoriel et fais examiner ces fichiers

 

D:\WINDOWS2\system32\firsfgrg.exe

D:\Program Files\fbjqah\infochksmart.dll

 

poste le rapport obtenu

Modifié le 30 août 2008 par chrifleur