Infection par virus TratBHO[Trj]

Infection par virus TratBHO[Trj] - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !

Se connecter | Inscription

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : Infection par virus TratBHO[Trj]

nini1781

Profil : IDNaute

Plus d'informations

02-05-2008 à 11:33:25

Bonjour,

Je suis également infecté par ce virus sous Windows XP.
Je vais déjà récupérer le programme Hijackthis permettant de faire le rapport d'erreur et passer le programme Combofix.exe

Est-ce déjà la bonne marche à suivre pour démarrer ?

Merci de votre aide car je n'y connais pas grand chose.

Liens sponsorisés

Inscrivez-vous ou connectez-vous pour masquer ceci.

filou691991

Profil : IDNaute

Plus d'informations

02-05-2008 à 11:34:47

Masquer

Tous le monde a l'air d'être infecté par cette merde ! ^^

nini1781

Profil : IDNaute

Plus d'informations

02-05-2008 à 16:38:10

Masquer

Re-bonjour,

Ci-joint le rapport Hijackthis avant passage de Combofix :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:03, on 02/05/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\rundll32.exe
C:\Program Files\AOL 8.0j\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\HTV6100\IRMONITOR.EXE
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\OLITEC\MOH\LtMoh.exe
C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe" 1014021
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe (User 'Default user')
O4 - Startup: MOH.lnk = C:\Program Files\OLITEC\MOH\LtMoh.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0j\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HTV6100 Remote Controller Service.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://parici.sopragroup.com/postauthI/epi.cab
O20 - Winlogon Notify: mLeCSiGY - mLeCSiGY.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9138 bytes

Le rapport Combofix :

ComboFix 08-05-01.1 - Propriétaire 2008-05-02 15:25:33.1 - NTFSx86
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Florent\Menu Démarrer\crazy girls.lnk
C:\Documents and Settings\Nathalie\Menu Démarrer\crazy girls.lnk
C:\Program Files\mailskinner
C:\Program Files\mailskinner\anim_0.gif
C:\Program Files\mailskinner\anim_help.gif
C:\Program Files\mailskinner\banner.jpg
C:\Program Files\mailskinner\emo.bmp
C:\Program Files\mailskinner\icon1.ico
C:\Program Files\mailskinner\MailSkinner.exe
C:\Program Files\mailskinner\OESkinner.dll
C:\Program Files\mailskinner\OLSkinner.dll
C:\Program Files\mailskinner\SOFTWARE LICENSE.rtf
C:\Program Files\mailskinner\Thumbs.db
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\msskinner
C:\WINDOWS\msskinner\msbackup.dat
C:\WINDOWS\pack.epk
C:\WINDOWS\rundll32.exe
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\ftpupd.exe
C:\WINDOWS\system32\msmsgs.exe
C:\WINDOWS\tmlpcert2007

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.

2008-04-26 13:58 . 2008-05-01 15:52 44,696 ---hs---- C:\lox.exe
2008-04-21 22:33 . 2008-04-21 22:33 <REP> d-------- C:\Documents and Settings\morgan.LACASSAGNE\Application Data\vlc
2008-04-16 10:50 . 2006-06-07 17:55 2,410,076 -ra------ C:\WINDOWS\system32\drivers\AGRSM.sys
2008-04-16 10:50 . 2006-06-07 17:55 88,365 --------- C:\WINDOWS\AGRSMMSG.exe
2008-04-16 10:50 . 2006-06-07 17:55 68,096 --------- C:\WINDOWS\system32\agrsmdel.exe
2008-04-16 10:50 . 2006-06-07 17:55 68,096 -ra------ C:\WINDOWS\agrsmdel.exe
2008-04-16 10:46 . 2008-04-16 10:46 <REP> d-------- C:\WINDOWS\Options
2008-04-16 10:46 . 2008-04-16 10:46 <REP> d-------- C:\Program Files\OLITEC
2008-04-14 21:55 . 2008-04-14 21:55 <REP> d-------- C:\Documents and Settings\tintin\Application Data\Samsung
2008-04-14 21:46 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-04-14 21:45 . 2008-04-14 21:45 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-04-14 21:45 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-04-14 21:45 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-04-14 21:45 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-04-14 21:45 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-04-14 21:45 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-04-14 21:45 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-04-14 21:45 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-04-14 21:45 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-14 21:44 . 2008-04-14 21:44 <REP> d-------- C:\Program Files\Samsung
2008-04-14 21:44 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-04-05 22:19 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-05 22:19 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-05 22:19 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-05 22:19 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-05 19:59 . 2008-05-02 15:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 19:59 . 2008-04-05 19:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-02 18:31 . 2008-04-02 18:31 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4
2008-04-02 18:30 . 2008-04-02 18:30 <REP> d-------- C:\Program Files\Fichiers communs\Autodata Limited Shared
2008-04-02 18:30 . 2008-04-02 19:09 <REP> d-------- C:\ADCDA2
2008-04-02 18:29 . 2008-04-02 18:29 <REP> d-------- C:\ADCDTEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 12:43 --------- d-----w C:\Program Files\AOL 8.0j
2008-05-02 12:02 --------- d-----w C:\Program Files\Telecatalog
2008-04-15 17:24 5,704 ----a-w C:\Documents and Settings\tintin\Application Data\wklnhst.dat
2008-04-14 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 06:46 9,294 ----a-w C:\Documents and Settings\Propriétaire\Application Data\wklnhst.dat
2008-03-09 16:12 --------- d-----w C:\Program Files\KONAMI
2007-03-17 09:54 3,656 ----a-w C:\Documents and Settings\morgan.LACASSAGNE\Application Data\wklnhst.dat
2006-12-31 10:39 59,352 ----a-w C:\Documents and Settings\morgan.LACASSAGNE\Application Data\GDIPFONTCACHEV1.DAT
2006-06-08 15:55 160 ----a-w C:\Documents and Settings\fly\Application Data\wklnhst.dat
2006-04-15 09:54 1,058 ----a-w C:\Documents and Settings\Florent\Application Data\wklnhst.dat
2006-04-10 20:20 164 ----a-w C:\Documents and Settings\Nathalie\Application Data\wklnhst.dat
2006-04-09 15:46 3,334 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\wklnhst.dat
2006-04-09 15:12 62,752 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT
2006-04-09 15:12 62,752 ----a-w C:\Documents and Settings\tintin\Application Data\GDIPFONTCACHEV1.DAT
2006-04-09 15:12 62,752 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2006-03-20 21:05 152 ----a-w C:\Documents and Settings\Morgan\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00 204800]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 22:25 24576]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
"Microsoft Windows Driver"="C:\WINDOWS\rundll32.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe" [2007-11-03 14:49 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07 114688]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 08:23 90112]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:56 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56 4841472]
"nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 18:49 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-05-26 21:28 26112]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-07 17:55 88365 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Oftice"="C:\WINDOWS\System32\msmsgs.exe" [ ]

C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
MOH.lnk - C:\Program Files\OLITEC\MOH\LtMoh.exe [2006-06-07 17:55:12 188416]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 8.0 Ic“ne AOL.lnk - C:\Program Files\AOL 8.0j\aoltray.exe [2005-12-11 19:35:46 36937]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 09:20:40 233472]
HTV6100 Remote Controller Service.lnk - C:\WINDOWS\HTV6100\IRMONITOR.EXE [2006-09-14 17:54:20 245760]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18 16432]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2006-08-30 21:14:18 270336]
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-01 03:57:40 176128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2006-09-14 17:55:11 241664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}"= C:\WINDOWS\System32\mLeCSiGY.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mLeCSiGY]
mLeCSiGY.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.avrn"= G:\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= G:\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= G:\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= G:\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= G:\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= G:\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= G:\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= G:\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= G:\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= G:\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"= G:\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"= G:\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= G:\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"= G:\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= G:\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= G:\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= G:\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= G:\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"= G:\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"= G:\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= G:\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= G:\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= G:\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.3ivx"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.advs"= G:\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= G:\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= G:\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= G:\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= G:\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= G:\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= G:\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= G:\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= G:\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= G:\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"= G:\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"= G:\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= G:\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= G:\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= G:\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= G:\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= G:\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= G:\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= G:\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= G:\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= G:\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= G:\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= G:\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= G:\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= G:\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= G:\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= G:\ACEMEG~1\SystemS\DivX\divx4.dll
"vidc.divx"= G:\ACEMEG~1\SystemS\DivX\DivX511.dll
"msacm.divxa32"= G:\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"= G:\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= G:\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= G:\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= G:\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= G:\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= G:\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= G:\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"= G:\ACEMEG~1\SystemS\Intel\ir50_32.dll
"vidc.ir21"= G:\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= G:\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= G:\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= G:\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= G:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= G:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= G:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= G:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= G:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= G:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= G:\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= G:\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"= G:\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"= G:\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"= G:\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"= G:\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"= G:\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"= G:\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.msvc"= G:\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= G:\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= G:\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"= G:\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.vixl"= G:\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.mjpg"= G:\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.dmb1"= G:\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.mj2c"= G:\ACEMEG~1\SystemS\MORGAN~1\M3JP2K32.dll
"vidc.tvmj"= G:\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"vidc.fljp"= G:\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"vidc.nt00"= G:\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= G:\ACEMEG~1\SystemS\OGG\vorbis.acm
"vidc.vp30"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp60"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.vp61"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.pdvc"= G:\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= G:\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= G:\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= G:\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= G:\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= G:\ACEMEG~1\SystemS\Pinnacle\MIRODV~2.DLL
"vidc.dcap"= G:\ACEMEG~1\SystemS\Pinnacle\MIRODV~2.DLL
"vidc.mjpa"= G:\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= G:\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= G:\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= G:\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= G:\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= G:\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= G:\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= G:\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= G:\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= G:\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= G:\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= G:\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= G:\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= G:\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"vidc.xvid"= G:\ACEMEG~1\SystemS\XviD\xvidvfw.dll

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 19:31]
R1 Odptdi;Odptdi;C:\WINDOWS\System32\drivers\odptdi.sys [2006-08-03 14:53]
R3 axvdkbus;axvdkbus;C:\WINDOWS\System32\DRIVERS\axvdkbus.sys [2003-02-25 21:43]
R3 axvodka;axvodka;C:\WINDOWS\System32\DRIVERS\axvodka.sys [2003-02-27 19:50]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 01:48]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
S3 HTV6100;DualTV stick;C:\WINDOWS\System32\DRIVERS\HTV6100.SYS [2006-06-09 20:16]

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-05-26 18:59:48 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 15:34:18
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-02 15:43:18
ComboFix-quarantined-files.txt 2008-05-02 13:43:13

Pre-Run: 31,864,299,520 octets libres
Post-Run: 33,237,774,336 octets libres

323

et enfin le rappot Hijackthis après passage de Combofix :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:49, on 02/05/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AOL 8.0j\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\HTV6100\IRMONITOR.EXE
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\OLITEC\MOH\LtMoh.exe
C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe" 1014021
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe (User 'Default user')
O4 - Startup: MOH.lnk = C:\Program Files\OLITEC\MOH\LtMoh.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0j\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HTV6100 Remote Controller Service.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://parici.sopragroup.com/postauthI/epi.cab
O20 - Winlogon Notify: mLeCSiGY - mLeCSiGY.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8516 bytes

Merci de me dire si tout est Ok ou si je dois encore faire des manipulations.

Une autre question par rapport aux anti-virus.
Lequel dans les gratuits est le plus sûr pour éviter de nouvelles infections de ce type

nini1781

Profil : IDNaute

Plus d'informations

05-05-2008 à 17:15:16

Masquer

Bonjour,

Je n'ai pas eu de nouvelles. Est-ce normal ?
Je m'excuse de vous relancer.

Merci.

nini1781

Profil : IDNaute

Plus d'informations

14-05-2008 à 11:02:13

Masquer

Bonjour,

C'est encore moi.
Je m'excuse d'insister.
Appremment mon problème , n'intéresse pas grand monde.
Je suis un peu dépitée.

FORUM Infos-du-Net » Sécurité - Virus » Infection par virus TratBHO[Trj]

Aller à :

Page générée en 0.530 secondes

Liens

Produits relatifs

Générique Virus - 4.90 € / 4.90 € (catégorie : Jeux vidéo)
Générique Hack Infection - 15.99 € / 15.99 € (catégorie : Jeux vidéo)

Messages similaires

Dans l'actualité

Une nouvelle variante de Nyxem attaque le Net

Le sexe moins dangereux que la musique

Un virus qui infecte YouTube

Un chat dangereux dans votre e-mail

Les téléchargements

Ressources relatives

Albums

Les derniers dossiers

Logiciels gratuits : les meilleurs converters audios

Upgrader son portable en 9 leçons

Les logiciels indispensables après un formatage

Que choisir ? Home Cinema 5.1 ou projecteur de son ?