Se connecter / S'enregistrer
Votre question

Infection par virus TratBHO[Trj]

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Mai 2008 11:33:25

Bonjour,

Je suis également infecté par ce virus sous Windows XP.
Je vais déjà récupérer le programme Hijackthis permettant de faire le rapport d'erreur et passer le programme Combofix.exe

Est-ce déjà la bonne marche à suivre pour démarrer ?

Merci de votre aide car je n'y connais pas grand chose.

Autres pages sur : infection virus tratbho trj

2 Mai 2008 11:34:47

Tous le monde a l'air d'être infecté par cette merde ! ^^
2 Mai 2008 16:38:10

Re-bonjour,

Ci-joint le rapport Hijackthis avant passage de Combofix :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:03, on 02/05/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\rundll32.exe
C:\Program Files\AOL 8.0j\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\HTV6100\IRMONITOR.EXE
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\OLITEC\MOH\LtMoh.exe
C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe" 1014021
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe (User 'Default user')
O4 - Startup: MOH.lnk = C:\Program Files\OLITEC\MOH\LtMoh.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0j\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HTV6100 Remote Controller Service.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://parici.sopragroup.com/postauthI/epi.cab
O20 - Winlogon Notify: mLeCSiGY - mLeCSiGY.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9138 bytes


Le rapport Combofix :

ComboFix 08-05-01.1 - Propriétaire 2008-05-02 15:25:33.1 - NTFSx86
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Florent\Menu Démarrer\crazy girls.lnk
C:\Documents and Settings\Nathalie\Menu Démarrer\crazy girls.lnk
C:\Program Files\mailskinner
C:\Program Files\mailskinner\anim_0.gif
C:\Program Files\mailskinner\anim_help.gif
C:\Program Files\mailskinner\banner.jpg
C:\Program Files\mailskinner\emo.bmp
C:\Program Files\mailskinner\icon1.ico
C:\Program Files\mailskinner\MailSkinner.exe
C:\Program Files\mailskinner\OESkinner.dll
C:\Program Files\mailskinner\OLSkinner.dll
C:\Program Files\mailskinner\SOFTWARE LICENSE.rtf
C:\Program Files\mailskinner\Thumbs.db
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\msskinner
C:\WINDOWS\msskinner\msbackup.dat
C:\WINDOWS\pack.epk
C:\WINDOWS\rundll32.exe
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\ftpupd.exe
C:\WINDOWS\system32\msmsgs.exe
C:\WINDOWS\tmlpcert2007

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.

2008-04-26 13:58 . 2008-05-01 15:52 44,696 ---hs---- C:\lox.exe
2008-04-21 22:33 . 2008-04-21 22:33 <REP> d-------- C:\Documents and Settings\morgan.LACASSAGNE\Application Data\vlc
2008-04-16 10:50 . 2006-06-07 17:55 2,410,076 -ra------ C:\WINDOWS\system32\drivers\AGRSM.sys
2008-04-16 10:50 . 2006-06-07 17:55 88,365 --------- C:\WINDOWS\AGRSMMSG.exe
2008-04-16 10:50 . 2006-06-07 17:55 68,096 --------- C:\WINDOWS\system32\agrsmdel.exe
2008-04-16 10:50 . 2006-06-07 17:55 68,096 -ra------ C:\WINDOWS\agrsmdel.exe
2008-04-16 10:46 . 2008-04-16 10:46 <REP> d-------- C:\WINDOWS\Options
2008-04-16 10:46 . 2008-04-16 10:46 <REP> d-------- C:\Program Files\OLITEC
2008-04-14 21:55 . 2008-04-14 21:55 <REP> d-------- C:\Documents and Settings\tintin\Application Data\Samsung
2008-04-14 21:46 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-04-14 21:45 . 2008-04-14 21:45 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-04-14 21:45 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-04-14 21:45 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-04-14 21:45 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-04-14 21:45 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-04-14 21:45 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-04-14 21:45 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-04-14 21:45 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-04-14 21:45 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-14 21:44 . 2008-04-14 21:44 <REP> d-------- C:\Program Files\Samsung
2008-04-14 21:44 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-04-05 22:19 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-05 22:19 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-05 22:19 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-05 22:19 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-05 19:59 . 2008-05-02 15:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 19:59 . 2008-04-05 19:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-02 18:31 . 2008-04-02 18:31 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4
2008-04-02 18:30 . 2008-04-02 18:30 <REP> d-------- C:\Program Files\Fichiers communs\Autodata Limited Shared
2008-04-02 18:30 . 2008-04-02 19:09 <REP> d-------- C:\ADCDA2
2008-04-02 18:29 . 2008-04-02 18:29 <REP> d-------- C:\ADCDTEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 12:43 --------- d-----w C:\Program Files\AOL 8.0j
2008-05-02 12:02 --------- d-----w C:\Program Files\Telecatalog
2008-04-15 17:24 5,704 ----a-w C:\Documents and Settings\tintin\Application Data\wklnhst.dat
2008-04-14 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 06:46 9,294 ----a-w C:\Documents and Settings\Propriétaire\Application Data\wklnhst.dat
2008-03-09 16:12 --------- d-----w C:\Program Files\KONAMI
2007-03-17 09:54 3,656 ----a-w C:\Documents and Settings\morgan.LACASSAGNE\Application Data\wklnhst.dat
2006-12-31 10:39 59,352 ----a-w C:\Documents and Settings\morgan.LACASSAGNE\Application Data\GDIPFONTCACHEV1.DAT
2006-06-08 15:55 160 ----a-w C:\Documents and Settings\fly\Application Data\wklnhst.dat
2006-04-15 09:54 1,058 ----a-w C:\Documents and Settings\Florent\Application Data\wklnhst.dat
2006-04-10 20:20 164 ----a-w C:\Documents and Settings\Nathalie\Application Data\wklnhst.dat
2006-04-09 15:46 3,334 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\wklnhst.dat
2006-04-09 15:12 62,752 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT
2006-04-09 15:12 62,752 ----a-w C:\Documents and Settings\tintin\Application Data\GDIPFONTCACHEV1.DAT
2006-04-09 15:12 62,752 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2006-03-20 21:05 152 ----a-w C:\Documents and Settings\Morgan\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00 204800]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 22:25 24576]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
"Microsoft Windows Driver"="C:\WINDOWS\rundll32.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe" [2007-11-03 14:49 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07 114688]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 08:23 90112]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:56 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56 4841472]
"nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 18:49 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-05-26 21:28 26112]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-07 17:55 88365 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Oftice"="C:\WINDOWS\System32\msmsgs.exe" [ ]

C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
MOH.lnk - C:\Program Files\OLITEC\MOH\LtMoh.exe [2006-06-07 17:55:12 188416]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 8.0 Ic“ne AOL.lnk - C:\Program Files\AOL 8.0j\aoltray.exe [2005-12-11 19:35:46 36937]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 09:20:40 233472]
HTV6100 Remote Controller Service.lnk - C:\WINDOWS\HTV6100\IRMONITOR.EXE [2006-09-14 17:54:20 245760]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18 16432]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2006-08-30 21:14:18 270336]
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-01 03:57:40 176128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2006-09-14 17:55:11 241664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}"= C:\WINDOWS\System32\mLeCSiGY.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mLeCSiGY]
mLeCSiGY.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.avrn"= G:\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= G:\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= G:\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= G:\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= G:\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= G:\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= G:\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= G:\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= G:\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= G:\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"= G:\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"= G:\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= G:\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"= G:\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= G:\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= G:\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= G:\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= G:\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"= G:\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"= G:\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= G:\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= G:\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= G:\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.3ivx"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= G:\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.advs"= G:\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= G:\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= G:\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= G:\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= G:\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= G:\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= G:\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= G:\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= G:\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= G:\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"= G:\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"= G:\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= G:\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= G:\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= G:\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= G:\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= G:\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= G:\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= G:\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= G:\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= G:\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= G:\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= G:\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= G:\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= G:\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= G:\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= G:\ACEMEG~1\SystemS\DivX\divx4.dll
"vidc.divx"= G:\ACEMEG~1\SystemS\DivX\DivX511.dll
"msacm.divxa32"= G:\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"= G:\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= G:\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= G:\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= G:\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= G:\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= G:\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= G:\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= G:\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= G:\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"= G:\ACEMEG~1\SystemS\Intel\ir50_32.dll
"vidc.ir21"= G:\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= G:\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= G:\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= G:\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= G:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= G:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= G:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= G:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= G:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= G:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= G:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= G:\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= G:\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"= G:\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"= G:\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"= G:\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"= G:\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"= G:\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"= G:\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.msvc"= G:\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= G:\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= G:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= G:\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"= G:\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.vixl"= G:\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.mjpg"= G:\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.dmb1"= G:\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.mj2c"= G:\ACEMEG~1\SystemS\MORGAN~1\M3JP2K32.dll
"vidc.tvmj"= G:\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"vidc.fljp"= G:\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"vidc.nt00"= G:\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= G:\ACEMEG~1\SystemS\OGG\vorbis.acm
"vidc.vp30"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp60"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.vp61"= G:\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.pdvc"= G:\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= G:\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= G:\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= G:\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= G:\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= G:\ACEMEG~1\SystemS\Pinnacle\MIRODV~2.DLL
"vidc.dcap"= G:\ACEMEG~1\SystemS\Pinnacle\MIRODV~2.DLL
"vidc.mjpa"= G:\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= G:\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= G:\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= G:\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= G:\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= G:\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= G:\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= G:\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= G:\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= G:\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= G:\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= G:\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= G:\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= G:\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"vidc.xvid"= G:\ACEMEG~1\SystemS\XviD\xvidvfw.dll

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 19:31]
R1 Odptdi;Odptdi;C:\WINDOWS\System32\drivers\odptdi.sys [2006-08-03 14:53]
R3 axvdkbus;axvdkbus;C:\WINDOWS\System32\DRIVERS\axvdkbus.sys [2003-02-25 21:43]
R3 axvodka;axvodka;C:\WINDOWS\System32\DRIVERS\axvodka.sys [2003-02-27 19:50]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 01:48]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
S3 HTV6100;DualTV stick;C:\WINDOWS\System32\DRIVERS\HTV6100.SYS [2006-06-09 20:16]

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-05-26 18:59:48 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 15:34:18
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-02 15:43:18
ComboFix-quarantined-files.txt 2008-05-02 13:43:13

Pre-Run: 31,864,299,520 octets libres
Post-Run: 33,237,774,336 octets libres

323


et enfin le rappot Hijackthis après passage de Combofix :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:49, on 02/05/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AOL 8.0j\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\HTV6100\IRMONITOR.EXE
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\OLITEC\MOH\LtMoh.exe
C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe" 1014021
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe (User 'Default user')
O4 - Startup: MOH.lnk = C:\Program Files\OLITEC\MOH\LtMoh.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0j\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HTV6100 Remote Controller Service.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://parici.sopragroup.com/postauthI/epi.cab
O20 - Winlogon Notify: mLeCSiGY - mLeCSiGY.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8516 bytes


Merci de me dire si tout est Ok ou si je dois encore faire des manipulations.

Une autre question par rapport aux anti-virus.
Lequel dans les gratuits est le plus sûr pour éviter de nouvelles infections de ce type
Contenus similaires
5 Mai 2008 17:15:16

Bonjour,

Je n'ai pas eu de nouvelles. Est-ce normal ?
Je m'excuse de vous relancer.

Merci.
14 Mai 2008 11:02:13

Bonjour,

C'est encore moi.
Je m'excuse d'insister.
Appremment mon problème , n'intéresse pas grand monde.
Je suis un peu dépitée.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS