windows security alert

Un bonjour ?

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Merci pour la réponse.
Voici le rapport Hijackthis :

------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:21, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Windows Defender\MsMpEng.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
G:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
G:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
G:\WINDOWS\system32\msanton.exe
G:\Program Files\Windows Defender\MSASCui.exe
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\QuickTime\QTTask.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
G:\Program Files\Free Download Manager\fdm.exe
G:\Program Files\RocketDock\RocketDock.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\xampp\mysql\bin\winmysqladmin.exe
G:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\xampp\mysql\bin\mysqld-nt.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\TSLLkSrv.exe
C:\xampp\apache\bin\apache.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\WINDOWS\Explorer.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe G:\WINDOWS\system32\msanton.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - G:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - G:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - G:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - G:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - G:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - G:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Trellian &Toolbar - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - G:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - G:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ChicoSys] G:\WINDOWS\system32\cc32\webtmr.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "G:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [version] G:\WINDOWS\system32\timoty.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "G:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "G:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Free Download Manager] G:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [RocketDock] "G:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [froody] G:\WINDOWS\system32\timoty.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-18 Startup: setings.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: WinMySQLadmin.lnk = C:\xampp\mysql\bin\winmysqladmin.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: setings.exe (User 'Default user')
O4 - .DEFAULT Startup: WinMySQLadmin.lnk = C:\xampp\mysql\bin\winmysqladmin.exe (User 'Default user')
O4 - Startup: setings.exe
O4 - Startup: WinMySQLadmin.lnk = C:\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: startup.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - G:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RapidShare-Download - res://G:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\more-rapid.exe/RsMenExt.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://G:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - G:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - G:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - G:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = infomed
O17 - HKLM\Software\..\Telephony: DomainName = infomed
O17 - HKLM\System\CCS\Services\Tcpip\..\{6714C48E-DC9C-42F2-8D32-92ABBB252C12}: NameServer = 193.95.66.10,193.95.67.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = infomed
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = infomed
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - G:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - G:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Transparent Screen Lock PRO Service (TSL PRO Lock Server) - e-motional.com software - G:\WINDOWS\system32\TSLLkSrv.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampp\service.exe

--
End of file - 12271 bytes

------------------------------------------------------------

Re,

Poste le rapport Smitfraudfix.

Voici le rapport Smitfraudfix :

-------------------------------------------------------------

SmitFraudFix v2.253

Rapport fait à 14:43:08.79, 21/11/2007
Executé à partir de G:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Windows Defender\MsMpEng.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
G:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
G:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
G:\WINDOWS\system32\msanton.exe
G:\Program Files\Windows Defender\MSASCui.exe
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\QuickTime\QTTask.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
G:\Program Files\Free Download Manager\fdm.exe
G:\Program Files\RocketDock\RocketDock.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\xampp\mysql\bin\winmysqladmin.exe
G:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\xampp\mysql\bin\mysqld-nt.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\TSLLkSrv.exe
C:\xampp\apache\bin\apache.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\WINDOWS\Explorer.exe
G:\WINDOWS\system32\wuauclt.exe
G:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» G:\


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» G:\Documents and Settings\Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» G:\Documents and Settings\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» G:\DOCUME~1\ADMINI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» G:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Ethernet à base ADMtek AN983 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 193.95.66.10
DNS Server Search Order: 193.95.67.22

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6714C48E-DC9C-42F2-8D32-92ABBB252C12}: NameServer=193.95.66.10,193.95.67.22
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6714C48E-DC9C-42F2-8D32-92ABBB252C12}: NameServer=193.95.66.10,193.95.67.22
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6714C48E-DC9C-42F2-8D32-92ABBB252C12}: NameServer=193.95.66.10,193.95.67.22


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

---------------------------------------------------------------

Merci.

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

Merci à vous
j'ai eu le message suivant :

---------------------------------------------------------------

Merci de lire ce qui suit
--------------------------

Veuillez svp envoyer le fichier C:\upload_moi_INFODEP.tar.gz a l'adresse
http://upload.malekal.com
Ce fichier peut contenir des fichiers infectieux collectes sur votre ordinateur
Les fichiers mal detectes seront envoyes aux editeurs d'antivirus

Lorsque vous allez appuyer sur une touche, le site d'envoi de fichiers s'ouvira
Cliquez alors sur le bouton parcourir, selectionner le fichier C:\upload_moi_INF
ODEP.tar.gz (Poste de travail / Disque C / upload_moi.Zip
Cliquez sur le bouton "Envoyer le fichier"

Merci!
Appuyez sur une touche pour continuer...

------------------------------------------------------------------


J'ai envoyé le fichier à l'dresse indiquée.
Voici l'image du contenu du fichier :

------------------------------------------------------------
# Archive G:\upload_moi_INFODEP.tar.gz
2007-11-03 17:15 5540 0 WINDOWS\System32\timoty.exe
2007-11-03 17:15 5540 0 WINDOWS\System32\msanton.exe
2007-11-02 09:12 18238072 0 WINDOWS\System32\MRT.exe
2007-10-07 13:12 2 0 WINDOWS\System32\wcpsvtr.exe
2007-11-17 17:01 60800 0 WINDOWS\System32\S32EVNT1.DLL
2007-11-03 18:53 185952 0 WINDOWS\System32\rmoc3260.dll
2007-11-03 18:53 5632 0 WINDOWS\System32\pndx5032.dll
2007-11-03 18:53 6656 0 WINDOWS\System32\pndx5016.dll
2007-11-03 18:53 278528 0 WINDOWS\System32\pncrt.dll
2007-10-30 20:55 625032 0 WINDOWS\System32\SymNeti.dll
2007-10-30 20:55 242056 0 WINDOWS\System32\SymRedir.dll
2007-10-29 17:35 121856 0 WINDOWS\System32\xpsp3res.dll
2007-10-25 18:56 8510976 0 WINDOWS\System32\shell32.dll
2007-10-07 13:12 34308 0 WINDOWS\System32\BASSMOD.dll
#
# Total Size Packed Files
# 28320950 0 14

-------------------------------------------------------------------

Je veux le rapport C:\rapport_clean.txt

rapport C:\rapport_clean.txt

-----------------------------------------------------------

23/11/2007 a 13:10:15.96

*** Recherche des fichiers dans G:
G:\autorun.inf FOUND

*** Recherche des fichiers dans G:\WINDOWS\

*** Recherche des fichiers dans G:\WINDOWS\system32

*** Recherche des fichiers dans G:\Program Files
"G:\Program Files\DaemonTools_WhenUSave_Installer\" FOUND

-----------------------------------------------------------

Supprime ce dossier :
G:\Program Files\DaemonTools_WhenUSave_Installer\

Reposte un rapport Hijackthis.

J'ai supprimé le dossier : G:\Program Files\DaemonTools_WhenUSave_Installer\

J'ai redémarré le système

Voici le rapport Hijackthis :

-----------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:21, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Windows Defender\MsMpEng.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
G:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
G:\WINDOWS\Explorer.exe
G:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
G:\WINDOWS\system32\msanton.exe
G:\Program Files\Windows Defender\MSASCui.exe
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\QuickTime\QTTask.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
G:\Program Files\Free Download Manager\fdm.exe
G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\RocketDock\RocketDock.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\xampp\mysql\bin\winmysqladmin.exe
C:\xampp\mysql\bin\mysqld-nt.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\TSLLkSrv.exe
G:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\xampp\apache\bin\apache.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\WINDOWS\system32\notepad.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe G:\WINDOWS\system32\msanton.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - G:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - G:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - G:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - G:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - G:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - G:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Trellian &Toolbar - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - G:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - G:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ChicoSys] G:\WINDOWS\system32\cc32\webtmr.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "G:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [version] G:\WINDOWS\system32\timoty.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "G:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "G:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Free Download Manager] G:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [RocketDock] "G:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [froody] G:\WINDOWS\system32\timoty.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: setings.exe
O4 - Startup: WinMySQLadmin.lnk = C:\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: startup.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Chercher avec Copernic Agent - G:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RapidShare-Download - res://G:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\more-rapid.exe/RsMenExt.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://G:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - G:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - G:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - G:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = infomed
O17 - HKLM\Software\..\Telephony: DomainName = infomed
O17 - HKLM\System\CCS\Services\Tcpip\..\{6714C48E-DC9C-42F2-8D32-92ABBB252C12}: NameServer = 193.95.66.10,193.95.67.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = infomed
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = infomed
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - G:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - G:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Transparent Screen Lock PRO Service (TSL PRO Lock Server) - e-motional.com software - G:\WINDOWS\system32\TSLLkSrv.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampp\service.exe

--
End of file - 12081 bytes

---------------------------------------------------------

Encore merci infiniment pour le suivi.

Re,

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES



Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne tous les emplacements dans le cadre ci-dessous :


---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

->Informations sur le logiciel<-

Voici le rapport demandé :

------------------------------------------------------------------

G:\WINDOWS\system32\msanton.exe moved successfully.
G:\WINDOWS\system32\timoty.exe moved successfully.

Created on 11/24/2007 12:38:43

------------------------------------------------------------------

Reposte un rapport Hijackthis.

Voici le rapport Hijackthis :

-------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:05, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Windows Defender\MsMpEng.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
G:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
G:\WINDOWS\Explorer.exe
G:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
G:\WINDOWS\system32\msanton.exe
G:\Program Files\Windows Defender\MSASCui.exe
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
G:\Program Files\Free Download Manager\fdm.exe
G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\RocketDock\RocketDock.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\xampp\mysql\bin\winmysqladmin.exe
C:\xampp\mysql\bin\mysqld-nt.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\TSLLkSrv.exe
G:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\xampp\apache\bin\apache.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
G:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - G:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - G:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - G:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - G:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - G:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - G:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Trellian &Toolbar - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - G:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - G:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ChicoSys] G:\WINDOWS\system32\cc32\webtmr.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "G:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "G:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "G:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Free Download Manager] G:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [RocketDock] "G:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-73586283-115176313-839522115-1005\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = C:\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - G:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RapidShare-Download - res://G:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\more-rapid.exe/RsMenExt.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://G:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - G:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - G:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - G:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = infomed
O17 - HKLM\Software\..\Telephony: DomainName = infomed
O17 - HKLM\System\CCS\Services\Tcpip\..\{6714C48E-DC9C-42F2-8D32-92ABBB252C12}: NameServer = 193.95.66.10,193.95.67.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = infomed
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = infomed
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - G:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - G:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - G:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Transparent Screen Lock PRO Service (TSL PRO Lock Server) - e-motional.com software - G:\WINDOWS\system32\TSLLkSrv.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampp\service.exe

--
End of file - 11891 bytes

-------------------------------------------------------------------

Toujours pareil ?

est ce qu'il y a possibilité encore de résoudre le problème.
Merci

Tu réponds pas à ma question là...

C'est toujours le même problème

Ok.

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Voici le rapport demandé :

-------------------------------------------------------

ComboFix 07-11-19.4C - Administrateur 2007-11-29 13:12:50.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.137 [GMT 1:00]
Running from: G:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\WINDOWS\system32\wcpsvtr.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))))))))
.

2007-11-22 12:46 <REP> d-------- G:\upload_moi_INFODEP
2007-11-21 13:36 <REP> d-------- G:\Program Files\Trend Micro
2007-11-20 20:55 <REP> d-------- G:\Documents and Settings\Default User\Application Data\Apple Computer
2007-11-19 11:43 <REP> d-------- G:\WINDOWS\BDOSCAN8
2007-11-17 16:22 22,112 -ra------ G:\WINDOWS\system32\drivers\COH_Mon.sys
2007-11-17 16:22 10,592 -ra------ G:\WINDOWS\system32\drivers\COH_Mon.cat
2007-11-17 16:22 705 -ra------ G:\WINDOWS\system32\drivers\COH_Mon.inf
2007-11-17 16:13 503,808 --a------ G:\WINDOWS\system32\MSVCP71.DL1
2007-11-17 16:13 348,160 --a------ G:\WINDOWS\system32\MSVCR71.DL1
2007-11-17 15:46 <REP> d-------- G:\Program Files\Norton AntiVirus
2007-11-17 15:46 60,800 --a------ G:\WINDOWS\system32\S32EVNT1.DLL
2007-11-17 15:45 <REP> d-------- G:\Program Files\Symantec
2007-11-17 15:44 <REP> d-------- G:\Program Files\Fichiers communs\Symantec Shared
2007-11-17 15:44 <REP> d-------- G:\Documents and Settings\All Users\Application Data\Symantec
2007-11-17 15:21 <REP> d-------- G:\Program Files\Yahoo!
2007-11-16 13:19 <REP> d-------- G:\Program Files\Super Flash Player Manager
2007-11-15 15:56 <REP> d-------- G:\Program Files\RegCleaner
2007-11-15 14:11 <REP> d--h----- G:\WINDOWS\system32\GroupPolicy
2007-11-15 13:48 2,400 --a------ G:\WINDOWS\system32\tmp.reg
2007-11-14 14:59 <REP> d-------- G:\Program Files\RogueRemover FREE
2007-11-14 13:01 <REP> d-------- G:\Program Files\CCleaner
2007-11-10 14:21 <REP> d-------- G:\Program Files\Fake Webcam
2007-11-08 13:29 <REP> d-------- G:\Documents and Settings\All Users\Application Data\PEERNET
2007-11-08 13:29 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\PEERNET
2007-11-08 13:27 <REP> d-------- G:\Program Files\PDF Creator Plus 4.0
2007-11-08 13:25 <REP> d-------- G:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-08 12:48 <REP> d-------- G:\Program Files\HTML Executable
2007-11-08 12:48 <REP> d-------- G:\Program Files\Fichiers communs\HTML Executable Viewer
2007-11-08 12:48 564,224 --a------ G:\WINDOWS\system32\HEViewer.exe
2007-11-08 12:48 58,468 --a------ G:\WINDOWS\system32\HEDataL.dll
2007-11-03 17:53 <REP> d-------- G:\Program Files\Real
2007-11-03 17:53 <REP> d-------- G:\Program Files\Fichiers communs\xing shared
2007-11-03 17:53 <REP> d-------- G:\Program Files\Fichiers communs\Real
2007-11-03 17:37 75 -r-hs---- G:\WINDOWS\CT4SET.BIN
2007-11-03 17:36 <REP> d-------- G:\Program Files\Reallusion
2007-11-03 17:36 <REP> d-------- G:\Program Files\Fichiers communs\Reallusion
2007-10-30 19:55 625,032 --a------ G:\WINDOWS\system32\SymNeti.dll
2007-10-30 19:55 242,056 --a------ G:\WINDOWS\system32\SymRedir.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 12:18 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\Free Download Manager
2007-11-29 12:06 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\ue_toolbar
2007-11-20 19:54 --------- d-----w G:\Program Files\iTunes
2007-11-20 19:54 --------- d-----w G:\Program Files\iPod
2007-11-17 15:01 805 ----a-w G:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-17 15:01 123,952 ----a-w G:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-17 15:01 10,740 ----a-w G:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-17 14:40 --------- d-----w G:\Program Files\Alwil Software
2007-11-17 14:24 --------- d-----w G:\Program Files\Free Download Manager
2007-11-15 02:01 --------- d-----w G:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-08 13:46 --------- d-----w G:\Program Files\PowerPonit-PPT to Flash-GIF
2007-11-03 16:55 --------- d-----w G:\Program Files\Google
2007-11-03 16:36 --------- d--h--w G:\Program Files\InstallShield Installation Information
2007-10-30 18:55 39,856 ----a-w G:\WINDOWS\system32\drivers\symids.sys
2007-10-30 18:55 37,936 ----a-w G:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 18:55 35,120 ----a-w G:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 18:55 27,696 ----a-w G:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 18:55 191,536 ----a-w G:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 18:55 145,968 ----a-w G:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 18:55 12,848 ----a-w G:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 18:24 12,963 ----a-w G:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 18:24 1,358 ----a-w G:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-30 10:33 --------- d-----w G:\Program Files\Classroom Spy Pro
2007-10-27 15:32 --------- d-----w G:\Program Files\Macromedia
2007-10-27 15:32 --------- d-----w G:\Program Files\Fichiers communs\Vbox
2007-10-27 15:32 --------- d-----w G:\Program Files\Fichiers communs\Macromedia
2007-10-27 13:41 --------- d-----w G:\Documents and Settings\test\Application Data\UE_TOOLBAR
2007-10-25 16:56 8,510,976 ------w G:\WINDOWS\system32\DllCache\shell32.dll
2007-10-22 08:38 --------- d-----w G:\Program Files\Java
2007-10-22 08:10 --------- d-----w G:\Program Files\Namo
2007-10-22 08:09 --------- d-----w G:\Program Files\Fichiers communs\Adobe
2007-10-18 14:58 --------- d-----w G:\Program Files\IDM Computer Solutions
2007-10-18 14:57 --------- d-----w G:\Program Files\ue_toolbar
2007-10-18 14:57 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\IDMComp
2007-10-12 01:00 --------- d-----w G:\Program Files\MSXML 4.0
2007-10-11 09:48 163,712 ----a-w G:\WINDOWS\system32\drivers\vidstub.sys
2007-10-10 15:00 --------- d-----w G:\Program Files\HP
2007-10-10 14:56 --------- d-----w G:\Program Files\Fichiers communs\Sonic Shared
2007-10-10 14:56 --------- d-----w G:\Documents and Settings\All Users\Application Data\Sonic
2007-10-10 14:55 --------- d-----w G:\Program Files\Fichiers communs\HP
2007-10-10 14:18 734,526 ----a-w G:\WINDOWS\Dematice.scr
2007-10-10 14:18 230,306 ----a-w G:\WINDOWS\uninstall Dematice.exe
2007-10-10 10:00 --------- d-----w G:\Program Files\Screensaver Factory 4 Enterprise
2007-10-10 09:04 890,174 ----a-w G:\WINDOWS\Dem_tice.scr
2007-10-10 09:04 230,306 ----a-w G:\WINDOWS\uninstall Dem_tice.exe
2007-10-10 08:46 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\Blumentals
2007-10-07 11:17 --------- d-----w G:\Program Files\Ultra PPT To HTML Converter
2007-10-07 11:00 --------- d-----w G:\Program Files\EduIQ.com
2007-10-01 09:11 --------- d-----w G:\Program Files\Fichiers communs\Tray
2007-10-01 09:11 --------- d-----w G:\Program Files\Fichiers communs\System Shared
2007-10-01 09:11 --------- d-----w G:\Documents and Settings\All Users\Application Data\System
2007-09-29 13:21 --------- d-----w G:\Program Files\The Logo Creator v5
2007-09-29 13:07 --------- d-----w G:\Program Files\iTunes(2)
2007-09-29 13:07 --------- d-----w G:\Program Files\iPod(2)
2007-09-29 13:06 --------- d-----w G:\Program Files\The Logo Creator v5(2)
2007-09-29 13:06 --------- d-----w G:\Program Files\rnamfler
2007-09-06 10:09 801,144 ----a-w G:\WINDOWS\system32\aswBoot.exe
2006-02-19 01:28 12,288 ----a-w G:\WINDOWS\Fonts\RandFont.dll
2007-04-18 09:53 848 --sha-w G:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="G:\Program Files\Free Download Manager\fdm.exe" [2006-08-20 23:24]
"RocketDock"="G:\Program Files\RocketDock\RocketDock.exe" [2007-03-18 23:05]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="G:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 17:20]
"DAEMON Tools"="G:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00]
"ChicoSys"="G:\WINDOWS\system32\cc32\webtmr.exe" []
"BootSkin Startup Jobs"="G:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 15:21]
"TkBellExe"="G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-03 17:53]
"ccApp"="G:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-10 06:59]
"osCheck"="G:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 08:11]
"Symantec PIF AlertEng"="G:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54]
"DWQueuedReporting"="G:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="G:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:37]

G:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
WinMySQLadmin.lnk - C:\xampp\mysql\bin\winmysqladmin.exe [2005-04-04 17:41:28]

G:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
WinMySQLadmin.lnk - C:\xampp\mysql\bin\winmysqladmin.exe [2005-04-04 17:41:28]

G:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
WinMySQLadmin.lnk - C:\xampp\mysql\bin\winmysqladmin.exe [2005-04-04 17:41:28]

G:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
"DisableClock"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=G:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=G:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=G:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=G:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=G:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=G:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
G:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 15:25 94208 --a------ G:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
G:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe /StartupJobs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 00:54 15360 --a------ G:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 --a------ G:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-14 09:00 267064 --a------ G:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2004-09-20 00:27 65536 --a------ G:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
G:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ G:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
G:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartTSL]
2006-04-09 01:07 147456 --a------ G:\WINDOWS\system32\StartTSL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-22 09:46 68856 --a------ G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-02-13 19:29 35328 --a------ G:\Program Files\Winamp\winampa.exe

R0 videX32;videX32;G:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;G:\WINDOWS\system32\DRIVERS\xfilt.sys
R2 TSL PRO Lock Server;Transparent Screen Lock PRO Service;G:\WINDOWS\system32\TSLLkSrv.exe
R3 AN983;Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X;G:\WINDOWS\system32\DRIVERS\AN983.sys
S2 XAMPP;XAMPP Service;C:\xampp\service.exe
S3 NPF;NetGroup Packet Filter Driver;G:\WINDOWS\system32\drivers\npf.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dcde87d-99f6-11dc-88a9-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL systems.com
\Shell\read\command - explorer.exe
\Shell\start\command - systems.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d845652-7d77-11dc-888a-000244bdd931}]
\Shell\Auto\command - printer.exe
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd31fe6-81ff-11dc-888c-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd31fea-81ff-11dc-888c-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a581c72-8c4a-11dc-889d-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a7d726c-5eba-11dc-887a-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e7630b8-8864-11dc-8899-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e7630ba-8864-11dc-8899-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL systems.com
\Shell\read\command - explorer.exe
\Shell\start\command - systems.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5583c154-808a-11dc-888b-000244bdd931}]
\Shell\Auto\command - printer.exe
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bea1647-74c4-11dc-8880-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f1e62f3-e8d5-11db-b73c-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8218f654-10e6-11dc-8859-000244bdd931}]
\Shell\Auto\command - printer.exe
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a022a428-fc73-11db-8844-000244bdd931}]
\Shell\Auto\command - I:\printer.exe
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a022a42f-fc73-11db-8844-000244bdd931}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4a79e3f-f329-11db-8838-000244bdd931}]
\Shell\Auto\command - printer.exe
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8190dc9-12c5-11dc-885a-000244bdd931}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8190dcc-12c5-11dc-885a-000244bdd931}]
\Shell\AutoRun\command - I:\fooool.exe
\Shell\explore\Command - I:\fooool.exe
\Shell\open\Command - I:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab0b2861-2486-11dc-8867-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6a65f56-2ec6-11dc-886c-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daac1ccc-2acf-11dc-886b-000244bdd931}]
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-23 06:28:03 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-29 00:37:27 G:\WINDOWS\Tasks\MP Scheduled Scan.job"
- G:\Program Files\Windows Defender\MpCmdRun.exe
"2007-11-27 07:53:48 G:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Administrateur.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 13:18:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 13:19:39
.
--- E O F ---

--------------------------------------------------------------

Et maintenant ?

C'est toujours le même problème

Tu as toujours Virus Alert ?

le même message d'alerte.

Supprime ta version de Smitfraudfix puis recommence.

Rapport de Smitfraudfix :

----------------------------------------------------------

SmitFraudFix v2.253

Rapport fait à 8:55:39.97, 01/12/2007
Executé à partir de G:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Windows Defender\MsMpEng.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
G:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
G:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
G:\WINDOWS\system32\msanton.exe
G:\Program Files\Windows Defender\MSASCui.exe
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
G:\Program Files\Free Download Manager\fdm.exe
G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\RocketDock\RocketDock.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\xampp\mysql\bin\winmysqladmin.exe
C:\xampp\mysql\bin\mysqld-nt.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\TSLLkSrv.exe
G:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\xampp\apache\bin\apache.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\WINDOWS\explorer.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» G:\


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» G:\Documents and Settings\Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» G:\Documents and Settings\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» G:\DOCUME~1\ADMINI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» G:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Ethernet à base ADMtek AN983 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 193.95.66.10
DNS Server Search Order: 193.95.67.22

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6714C48E-DC9C-42F2-8D32-92ABBB252C12}: NameServer=193.95.66.10,193.95.67.22
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6714C48E-DC9C-42F2-8D32-92ABBB252C12}: NameServer=193.95.66.10,193.95.67.22
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6714C48E-DC9C-42F2-8D32-92ABBB252C12}: NameServer=193.95.66.10,193.95.67.22


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

----------------------------------------------------------

J'ai dit de supprimer ta version et de recommencer.

Comment je dois supprimer la version.
Ce que j'ai fais c'est de retélécharger le fichier .exe.
Est ce que je dois faire autre chose.

Pour le supprimer : clique-droit/supprimer  

depuis le dernière action avec SmitfraudFix le problème a disparu jusqu'à nouvel ordre.