virus win32:BHO-KD [Trj]... SVP de l'aide!

Question

Bonjour,
Je suis confrontée à un virus coriace qu'on ne peut pas supprimer. Son petit nom est Win32:BHO-KD. J'ai avast et je suis perdue..
Ce serait gentil de m'aider à résoudre ce problème.
Je joins le rapport de HiJackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:23, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LOGICIELS LT\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46934699-5ED2-4F9D-8988-2755823360F7} - C:\WINDOWS\system32\auth.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\LOGICIELS LT\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

g!rly · Answer

salut laetitia,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+

Laetitia · Answer

Salut et merci de m'aider.
Voilà le rapport :

ComboFix 08-01-11.1 - LAETI 2008-01-11 18:43:53.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.581 [GMT 1:00]
Running from: C:\Documents and Settings\LAETI\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\webhancer

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
.

2008-01-11 18:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 09:02 . 2008-01-11 09:02 <REP> d-------- C:\WINDOWS\LastGood
2008-01-07 20:10 . 2008-01-07 20:10 <REP> d-------- C:\Program Files\CCleaner
2008-01-06 18:54 . 2008-01-06 19:18 <REP> d-------- C:\Program Files\a-squared Free
2008-01-06 18:33 . 2008-01-06 18:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-06 18:33 . 2008-01-06 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-06 18:32 . 2008-01-06 18:32 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-06 18:05 . 2008-01-06 18:05 <REP> d-------- C:\WINDOWS\report
2008-01-06 18:05 . 2008-01-06 18:03 35,921,889 --a------ C:\WINDOWS\LPT$VPN.929
2008-01-06 18:03 . 2008-01-06 18:03 <REP> d-------- C:\WINDOWS\AU_Backup
2008-01-06 18:03 . 2008-01-06 18:03 35,921,889 --a------ C:\WINDOWS\VPTNFILE.929
2008-01-06 18:03 . 2008-01-06 18:03 1,908,478 --a------ C:\WINDOWS\tsc.ptn
2008-01-06 18:03 . 2008-01-06 18:03 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-06 18:03 . 2008-01-06 18:03 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-06 18:03 . 2008-01-06 18:03 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-06 18:03 . 2008-01-06 18:03 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-06 18:03 . 2008-01-06 18:29 823 --a------ C:\WINDOWS\tsc.ini
2008-01-06 18:02 . 2008-01-06 18:03 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-06 18:02 . 2008-01-06 18:02 <REP> d-------- C:\WINDOWS\AU_Log
2008-01-06 18:02 . 2008-01-06 18:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-06 18:02 . 2008-01-06 18:02 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-06 18:02 . 2008-01-06 18:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-06 18:02 . 2008-01-06 18:02 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-05 17:13 . 2008-01-05 17:13 <REP> d-------- C:\Program Files\Trend Micro
2008-01-03 20:29 . 2008-01-03 20:29 <REP> d-------- C:\Documents and Settings\LAETI\Application Data\U3
2008-01-02 22:04 . 2006-04-22 02:16 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-01-02 22:04 . 2006-09-24 15:58 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-02 22:04 . 2006-01-16 18:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-02 22:04 . 2006-04-22 02:16 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-01-02 22:04 . 2008-01-02 22:24 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-02 22:04 . 2006-04-22 02:16 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-02 22:04 . 2006-04-22 02:16 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-02 22:04 . 2006-01-23 16:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-02 22:04 . 2006-04-22 02:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-01-02 22:04 . 2006-04-22 02:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-01-02 22:04 . 2006-09-24 15:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-01-02 22:04 . 2006-04-22 02:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2007-12-29 18:52 . 2007-12-29 18:52 <REP> d-------- C:\Program Files\Google
2007-12-24 18:32 . 2007-12-24 18:32 <REP> dr-h----- C:\Documents and Settings\LAETI\Application Data\SecuROM
2007-12-24 18:32 . 2007-12-24 18:32 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-24 18:31 . 2007-12-24 18:31 <REP> d-------- C:\Program Files\GameShadow
2007-12-24 18:29 . 2007-12-24 18:29 <REP> d-------- C:\Program Files\Eidos
2007-12-17 19:23 . 2007-12-29 18:52 <REP> d-------- C:\Program Files\Picasa2
2007-12-17 18:37 . 19,456 C:\WINDOWS\system32\drivers\udgdszvo.dat
2007-12-16 20:17 . 2005-03-02 19:10 84,992 --a------ C:\WINDOWS\system32\auth.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 08:00 --------- d-----w C:\Program Files\Wanadoo
2008-01-07 19:33 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-07 19:33 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-05 16:25 --------- d-----w C:\Program Files\eMule
2007-12-24 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 19:17 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-29 17:54 --------- d-----w C:\Documents and Settings\LAETI\Application Data\Talkback
2007-11-16 17:14 79,875 ----a-w C:\WINDOWS\system32\adssite-remove.exe
2007-11-15 19:01 --------- d-----w C:\Program Files\DivX
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-22 11:38 34,744 ----a-w C:\Documents and Settings\LAETI\Application Data\GDIPFONTCACHEV1.DAT
2006-09-27 19:02 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46934699-5ED2-4F9D-8988-2755823360F7}]
2005-03-02 19:10 84992 --a------ C:\WINDOWS\system32\auth.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 00:32 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 23:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 11:37 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29 88203 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 14:02 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-09-15 14:19 73728 C:\WINDOWS\system32\TDispVol.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
"Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" [2005-06-27 09:21 221184]
"CFSServ.exe"="CFSServ.exe" []
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"WinampAgent"="C:\Program Files\LOGICIELS LT\Winamp\winampa.exe" [2006-10-25 06:37 35328]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-06 20:26 185896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"postSetupCheck"="C:\WINDOWS\system32\gzmrt.dll" [ ]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

R0 jwltgqyc;jwltgqyc;C:\WINDOWS\system32\drivers\udgdszvo.dat []
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77c70343-ba30-11dc-ac07-00a0d14add96}]
\Shell\AutoRun\command - E:\LaunchU3.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 18:45:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\WINDOWS\system32\TDispVol.dll
.
Completion time: 2008-01-11 18:45:57
.
2007-12-18 02:01:49 --- E O F ---

g!rly · Answer

re,

on continue :

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\drivers\udgdszvo.dat
C:\WINDOWS\system32\auth.dll
C:\WINDOWS\system32\gzmrt.dll

Driver::
jwltgqyc

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46934699-5ED2-4F9D-8988-2755823360F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"postSetupCheck"=-

Collect::
C:\WINDOWS\system32\drivers\udgdszvo.dat
C:\WINDOWS\system32\auth.dll
C:\WINDOWS\system32\gzmrt.dll

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

Laetitia · Answer

Rapport de Combofix :

ComboFix 08-01-11.1 - LAETI 2008-01-11 19:17:19.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.581 [GMT 1:00]
Running from: C:\Documents and Settings\LAETI\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\LAETI\Bureau\CFScript.txt C:\Documents and Settings\LAETI\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\auth.dll
C:\WINDOWS\system32\drivers\udgdszvo.dat
C:\WINDOWS\system32\gzmrt.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\auth.dll
C:\WINDOWS\system32\drivers\udgdszvo.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_JWLTGQYC
-------\jwltgqyc

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
.

2008-01-11 18:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 09:02 . <REP> C:\WINDOWS\LastGood.Tmp
2008-01-07 20:10 . 2008-01-07 20:10 <REP> d-------- C:\Program Files\CCleaner
2008-01-06 18:54 . 2008-01-06 19:18 <REP> d-------- C:\Program Files\a-squared Free
2008-01-06 18:33 . 2008-01-06 18:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-06 18:33 . 2008-01-06 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-06 18:32 . 2008-01-06 18:32 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-06 18:05 . 2008-01-06 18:05 <REP> d-------- C:\WINDOWS\report
2008-01-06 18:05 . 2008-01-06 18:03 35,921,889 --a------ C:\WINDOWS\LPT$VPN.929
2008-01-06 18:03 . 2008-01-06 18:03 <REP> d-------- C:\WINDOWS\AU_Backup
2008-01-06 18:03 . 2008-01-06 18:03 35,921,889 --a------ C:\WINDOWS\VPTNFILE.929
2008-01-06 18:03 . 2008-01-06 18:03 1,908,478 --a------ C:\WINDOWS\tsc.ptn
2008-01-06 18:03 . 2008-01-06 18:03 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-06 18:03 . 2008-01-06 18:03 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-06 18:03 . 2008-01-06 18:03 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-06 18:03 . 2008-01-06 18:03 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-06 18:03 . 2008-01-06 18:29 823 --a------ C:\WINDOWS\tsc.ini
2008-01-06 18:02 . 2008-01-06 18:03 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-06 18:02 . 2008-01-06 18:02 <REP> d-------- C:\WINDOWS\AU_Log
2008-01-06 18:02 . 2008-01-06 18:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-06 18:02 . 2008-01-06 18:02 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-06 18:02 . 2008-01-06 18:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-06 18:02 . 2008-01-06 18:02 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-05 17:13 . 2008-01-05 17:13 <REP> d-------- C:\Program Files\Trend Micro
2008-01-03 20:29 . 2008-01-03 20:29 <REP> d-------- C:\Documents and Settings\LAETI\Application Data\U3
2008-01-02 22:04 . 2006-04-22 02:16 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-01-02 22:04 . 2006-09-24 15:58 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-02 22:04 . 2006-01-16 18:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-02 22:04 . 2006-04-22 02:16 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-02 22:04 . 2008-01-02 22:24 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-02 22:04 . 2006-04-22 02:16 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-02 22:04 . 2006-04-22 02:16 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-02 22:04 . 2006-01-23 16:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-02 22:04 . 2006-04-22 02:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-01-02 22:04 . 2006-04-22 02:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-01-02 22:04 . 2006-09-24 15:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-01-02 22:04 . 2006-04-22 02:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2007-12-29 18:52 . 2007-12-29 18:52 <REP> d-------- C:\Program Files\Google
2007-12-24 18:32 . 2007-12-24 18:32 <REP> dr-h----- C:\Documents and Settings\LAETI\Application Data\SecuROM
2007-12-24 18:32 . 2007-12-24 18:32 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-24 18:31 . 2007-12-24 18:31 <REP> d-------- C:\Program Files\GameShadow
2007-12-24 18:29 . 2007-12-24 18:29 <REP> d-------- C:\Program Files\Eidos
2007-12-17 19:23 . 2007-12-29 18:52 <REP> d-------- C:\Program Files\Picasa2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 08:00 --------- d-----w C:\Program Files\Wanadoo
2008-01-07 19:33 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-07 19:33 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-05 16:25 --------- d-----w C:\Program Files\eMule
2007-12-24 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-29 17:54 --------- d-----w C:\Documents and Settings\LAETI\Application Data\Talkback
2007-11-15 19:01 --------- d-----w C:\Program Files\DivX
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-22 11:38 34,744 ----a-w C:\Documents and Settings\LAETI\Application Data\GDIPFONTCACHEV1.DAT
2006-09-27 19:02 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-11_18.45.40,99 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-11 17:43:36 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-11 18:17:10 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-11 17:43:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-11 18:17:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-11 17:43:36 4,452,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-11 18:17:11 4,452,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-11 17:43:36 421,888 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-11 18:17:11 421,888 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-11 17:43:36 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-11 18:17:11 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-11 17:43:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-11 18:17:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-11 18:20:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_268.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 00:32 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 23:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 11:37 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29 88203 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 14:02 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-09-15 14:19 73728 C:\WINDOWS\system32\TDispVol.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
"Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" [2005-06-27 09:21 221184]
"CFSServ.exe"="CFSServ.exe" []
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"WinampAgent"="C:\Program Files\LOGICIELS LT\Winamp\winampa.exe" [2006-10-25 06:37 35328]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-06 20:26 185896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77c70343-ba30-11dc-ac07-00a0d14add96}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 19:20:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\TDispVol.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Completion time: 2008-01-11 19:23:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-11 18:23:00
ComboFix2.txt 2008-01-11 17:45:57
.
2007-12-18 02:01:49 --- E O F ---

Laetitia · Answer

Et le rapport de HiJackthis : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:19, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LOGICIELS LT\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\LOGICIELS LT\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

g!rly · Answer

re,

c´est mieux, l´infection a ete erradiqué ;-)

il reste neanmoins quelques points a regler :

1.0
je crois avoir fait une faute de frappe pour une dll a supprimer avec combofix, peux tu rechercher et supprimer ceci, si present :

C:\WINDOWS\system32\gzmrt.dll

si tu ne la trouve pas affiche les fichiers cachés comme ceci :

Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «Ok» pour valider les changements.

Et appliquer !

1
a l´aide de hijack this coche et fix les lignes suivantes :

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

comment fixer :

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

puis

click sur demarrer > puis sur executer dans la boite de dialogue tape sc stop FTRTSVC puis valide par ok ( en respectant les espaces )

puis

demarrer/ executer tape sc delete FTRTSVC puis valide par ok"

http://komun.chez-alice.fr/Repertoire/Repertoire-F.html < pour info

1.1
ta version de java n´est pas a jour = risk d´infection
appuie simultanement sur la touche windows a droit de la barre d´espace (drapeau windows) et sur "e" ->une fois dans le post de travail click sur le disk c > program files >java ouvre le fichier java et click sur le fichier jre1.5.0_04 pour l´ouvrir puis ouvre le fichier bin et dedans tu recherche ceci : jucheck.exe tu double click dessus et effectue la mise a jour de java> tu veux la version 1.6.0_03
une fois la mise a jour effectuée tu va dans ajoute/suppression de program et tu supprime toutes les autres update de java, il ne doit te rester que celle que tu viens de faire : 1.6.0_03

1.2
ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou foxit plus léger :

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

1.3
tu pourrais te procurer firefox pour surfer = plus sur que ie, je te laisse seul juge :

http://www.firefox.fr/

2
tu n´as pas de par feu :

instales en un :

par feu : kerio

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

ou zone alarm plus facil a configurer mais moins performant

http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html

3
regarde ceci concernant avast :

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

tu auras compris qu´avast est moins performant qu´antivir.

ce que j´aimerais c´est que tu desinstal avast et que tu le remplace par antivir en vu de faire un scan avec ce dernier.

Telecharge et instal l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...

mes explications pour la configuration :

une fois la fenetre d´antivir ouverte
click sur configurer en haut a droite puis coche la case expert mode en haut a gauche puis,
click sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

ps : si tu a besoin, voila l´outil de desinstallation d´avast :

Désinstalleur Avast:
https://www.avast.com/fr-fr/uninstall-utility

4
passe ccleaner comme indiqué ci dessous :

Ccleaner:

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

https://www.commentcamarche.net/telecharger/ 168 ccleaner

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"erreurs" :

Coches toutes les cases dans les propriétés du nettoyeur de l´onglet "windows" et "applications", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

5
donc dans ta prochaine reponse post un nouveau hijack this et le rapport de scan d´antivir.

bon courrage ;-)

@+

Laetitia · Answer

Et le rapport de Antivir : 



AntiVir PersonalEdition Classic
Report file date: vendredi 11 janvier 2008  20:49

Scanning for 1027920 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         LAETI
Computer name:    LAETITIA

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95    3367424 Bytes  14/12/2007 19:17:40
ANTIVIR2.VDF : 7.0.1.205    620544 Bytes  08/01/2008 19:17:40
ANTIVIR3.VDF : 7.0.1.227    161280 Bytes  11/01/2008 19:17:40
AVEWIN32.DLL : 7.6.0.46    3084800 Bytes  11/01/2008 19:17:41
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2      360488 Bytes  11/01/2008 19:17:41
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: vendredi 11 janvier 2008  20:49

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'Toshiba.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'CFSServ.exe' - '1' Module(s) have been scanned
Scan process 'DevDetect.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'TDispVol.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'THotkey.exe' - '1' Module(s) have been scanned
Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned
Scan process 'ltmoh.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
66 processes with 66 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '42' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\LAETI\Bureau\[4]-Submit_2008-01-11@19.17.zip
  [0] Archive type: ZIP
  --> auth.dll
      [DETECTION] Is the Trojan horse TR/BHO.abo.9
  --> udgdszvo.dat
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\catchme2008-01-11_192022.40.zip
  [0] Archive type: ZIP
  --> udgdszvo.dat
      [DETECTION] Is the Trojan horse TR/Trash.Gen
  --> auth.dll.1
      [DETECTION] Is the Trojan horse TR/Trash.Gen
  --> udgdszvo.dat.1
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\auth.dll.vir
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP156\A0048517.dll
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [INFO]      The file was deleted!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: vendredi 11 janvier 2008  21:13
Used time: 24:35 min

The scan has been done completely.

   4754 Scanning directories
 216020 Files were scanned
      7 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      4 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 216013 Files not concerned
   6507 Archives were scanned
      2 Warnings
      0 Notes

g!rly · Answer

re,

bon c´est pas mal du tout ;-)

fais encore ceci car ca n´avais pas marché :

click sur demarrer > executer > dans la boite de dialogue tape : services.msc et valid par ok
dans la fenetre des services cherche France Telecom Routing Table Service (FTRTSVC) et arrete le service en clickant droit dessus et "arreter"

puis recherche et supprime : C:\WINDOWS\System32\FTRTSVC.exe

tu avais trouvé ceci ? C:\WINDOWS\system32\gzmrt.dll ?

puis fais ceci :

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique. 

ou en sont tes soucis?

@+

Virus win32:BHO-KD [Trj]... SVP de l'aide!

8 réponses

Votre réponse

Discussions similaires

Newsletters