Nokia 19... AGAIN ! :@

Un bonjour ?

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

Merci de ton aide et désolé, pour le rapport :

MSNFix 1.556

C:\Documents and Settings\Propri‚taire\Bureau\MSNFix
Fix exécuté le 29/10/2007 - 11:00:44,65 By Propri‚taire
mode normal

************************ Recherche les fichiers présents

... C:\PROGRA~1\WinAble\winable.exe
... C:\WINDOWS\LBTWiz.exe
... C:\WINDOWS\tsitra1148.exe

************************ MSNCHK ***** /!\ beta test /!\



************************ Recherche les dossiers présents

... C:\PROGRA~1\WinAble\




************************ Suppression des fichiers

/!\ ... C:\PROGRA~1\WinAble\winable.exe
/!\ ... C:\WINDOWS\LBTWiz.exe
/!\ ... C:\WINDOWS\tsitra1148.exe


************************ Suppression des dossiers

/!\ ... C:\PROGRA~1\WinAble\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\PROGRA~1\WinAble\winable.exe
.. OK ... C:\WINDOWS\LBTWiz.exe
.. OK ... C:\WINDOWS\tsitra1148.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\Documents and Settings\Propriétaire\loaded.exe] D41D8CD98F00B204E9800998ECF8427E
[C:\Documents and Settings\Propriétaire\remote.exe] D41D8CD98F00B204E9800998ECF8427E

==> SVP merci d'envoyer le fichier C:\DOCUME~1\PROPRI~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 29102007_11061060.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Re,

[#ff0000]CECI EST UNE ETAPE IMPORTANTE A REALISER ![/#f]
Upload l'archive Upload_Me.zip contenant les fichiers suspects afin de développer l'outil MSNFix.
AIDE : Upload des fichiers supects pour MSNFix

Ca y est  

Pas besoin de me MP.
Reposte un rapport Hijackthis.

C'est quoi ?

Tu parles de quoi ?

Le rapport Hijackthis ?

Ce que tu as posté au début...

Pardon pour la stupidité ^^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:09, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\SansenDommagement\strpmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ISM2\ISMPack7.exe
C:\Documents and Settings\Propriétaire\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayiou.exe
C:\Program Files\Words\Words.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\Macromed\Director\SwDnld.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\EAYDF9DS\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {01A9EB7D-69BC-11D2-AB2F-204C4F4F5020} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\SansenDommagement\strpmon.exe" dm=http://sansendommagement.com; ad=http://sansendommagement.com
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Propriétaire\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Dial-Messenger.lnk = C:\Program Files\Dial-Messenger\Dial-Messenger.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Ra...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe

--
End of file - 7712 bytes

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

J'appuie sur 1 mais ça veut pas  

Tu as appuyer sur Entrée après ?  

Mdr j'halucine lol bon je t'affiche ça ^^

ComboFix 07-10-29.1 - Propriétaire 2007-10-29 11:40:55.1 - NTFSx86
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\essai\ravmonlog
C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free
C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Propriétaire\Application Data\setup_fr[1].exe
C:\Documents and Settings\Propriétaire\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Propriétaire\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Propriétaire\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\Propriétaire\err.log
C:\Documents and Settings\Propriétaire\Mes documents\FNTS~1
C:\Documents and Settings\Propriétaire\ravmonlog
C:\Documents and Settings\Propriétaire\ResErrors.log
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\ISM
C:\Program Files\ISM2
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\WinAble
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\script.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\bobsaver.exe
C:\WINDOWS\bobsaver.scr
C:\WINDOWS\mslagent
C:\WINDOWS\system32\wapiicom32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))))))))
.

2007-10-29 11:31 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2007-10-29 11:08 <REP> d----c--- C:\Program Files\Norton Security Scan
2007-10-29 07:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\sansendommagement
2007-10-29 07:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\sansendommagement
2007-10-29 07:12 <REP> d----c--- C:\Program Files\SansenDommagement
2007-10-29 07:12 <REP> d----c--- C:\Program Files\Fichiers communs\SansenDommagement
2007-10-29 07:12 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-10-26 17:49 <REP> d----c--- C:\Program Files\PhotoFiltre
2007-10-26 17:18 <REP> d----c--- C:\Program Files\CCleaner
2007-10-26 08:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\WinTouch
2007-10-26 08:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\WinTouch
2007-10-24 14:21 45 ---h-c--- C:\WINDOWS\dpre6932.dat
2007-10-23 21:24 <REP> d----c--- C:\Program Files\Veoh Networks
2007-10-10 10:02 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-03 17:21 <REP> d--h-c--- C:\WINDOWS\PIF
2007-10-01 21:08 <REP> d----c--- C:\Program Files\Fichiers communs\PCSuite
2007-10-01 20:39 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Suite
2007-10-01 20:39 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Suite
2007-10-01 20:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-01 20:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-01 20:39 50,688 --a--c--- C:\WINDOWS\system32\nmwcdcls.dll
2007-10-01 15:13 1,017,801 --a--c--- C:\WINDOWS\system32\LOST.scr
2007-10-01 15:13 1,014,754 --a--c--- C:\WINDOWS\system32\Prison Break.scr

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 10:16 --------- dc----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-27 20:47 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2007-10-27 20:27 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-10-26 16:34 --------- dc----w C:\Program Files\Yahoo!
2007-10-26 11:01 --------- dc----w C:\Program Files\Common Files
2007-10-26 07:46 10 -c--a-w C:\Program Files\.autoreg
2007-10-25 05:18 --------- dc----w C:\Program Files\Google
2007-10-22 20:05 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
2007-10-22 20:05 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
2007-10-21 18:00 --------- dc----w C:\Program Files\Windows Live Safety Center
2007-10-21 18:00 --------- dc----w C:\Program Files\Macromedia
2007-10-21 17:40 --------- dc----w C:\Program Files\Multi_Media_France
2007-10-21 12:50 --------- dc----w C:\Program Files\eMule
2007-10-15 21:48 --------- dc----w C:\Program Files\MSN Messenger
2007-10-15 21:48 --------- dc----w C:\Program Files\Messenger Plus! Live
2007-10-06 22:35 --------- dc----w C:\Program Files\DivX
2007-10-05 03:25 --------- dc----w C:\Program Files\Easy Internet signup
2007-10-05 03:24 --------- dc----w C:\Program Files\Apple Software Update
2007-10-02 19:56 --------- dc----w C:\Program Files\Gabest
2007-10-01 20:17 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Datalayer
2007-10-01 20:17 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Datalayer
2007-10-01 19:53 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Nokia
2007-10-01 19:53 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Nokia
2007-10-01 19:41 --------- dc----w C:\Program Files\DIFX
2007-09-22 21:46 --------- dc----w C:\Program Files\Spleak
2007-09-22 20:15 --------- dc----w C:\Program Files\Msncolor
2007-09-16 14:50 --------- dc----w C:\Program Files\World of Warcraft
2007-09-16 12:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-16 12:11 --------- dc----w C:\Program Files\Fichiers communs\Real
2007-09-16 03:31 --------- dc----w C:\Program Files\Project64 1.6
2007-09-16 03:31 --------- dc----w C:\Program Files\NetBattle
2007-09-04 13:43 --------- dc----w C:\Program Files\iTunes
2007-09-02 09:19 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-23 21:31 64,859 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2007-08-23 21:31 6,120 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-06-26 02:45 19,944 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-06-26 02:45 19,944 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-06-01 07:12 0 -c--a-w C:\Documents and Settings\Propriétaire\loaded.exe
2007-06-01 07:12 0 -c--a-w C:\Documents and Settings\Propriétaire\loaded.exe
2006-05-28 19:15 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-25 11:12 0 ----a-w C:\Documents and Settings\Propriétaire\remote.exe
2005-12-25 11:12 0 ----a-w C:\Documents and Settings\Propriétaire\remote.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 09:57]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 19:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2003-09-24 06:23]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 20:39]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 20:39]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 20:39]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 11:42]
"ES Current Services"="" []
"PrinterSpool"="" []
"Microsoft Windows Update"="" []
"regl1.2"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 00:29]
"ISMPack7"="C:\Program Files\ISM2\ISMPack7.exe" []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
@=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23c00c0e-0edb-11dc-a84d-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8131d056-c114-11db-a71d-000c76a9375f}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8353ac48-100f-11dc-a854-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8aa3a021-587e-11dc-a952-0007cb0000ff}]
Auto\command - H:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f614108-f4da-11db-a7c2-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdc92a5c-2bbc-11dc-a8d3-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdc92a5f-2bbc-11dc-a8d3-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

*Newly Created Service* - ZNTPORT
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-29 10:09:03 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 11:48:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-29 11:50:17 - machine was rebooted
.
--- E O F ---

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06, on 2007-10-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\EAYDF9DS\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {01A9EB7D-69BC-11D2-AB2F-204C4F4F5020} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Dial-Messenger.lnk = C:\Program Files\Dial-Messenger\Dial-Messenger.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Ra...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe

--
End of file - 6756 bytes

Refais un scan Combofix.

ComboFix 07-10-29.1 - Propriétaire 2007-10-29 12:17:06.2 - NTFSx86
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Propriétaire\Application Data\WinTouch

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))))))))
.

2007-10-29 11:31 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2007-10-29 11:08 <REP> d----c--- C:\Program Files\Norton Security Scan
2007-10-29 07:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\sansendommagement
2007-10-29 07:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\sansendommagement
2007-10-29 07:12 <REP> d----c--- C:\Program Files\SansenDommagement
2007-10-29 07:12 <REP> d----c--- C:\Program Files\Fichiers communs\SansenDommagement
2007-10-29 07:12 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-10-26 17:49 <REP> d----c--- C:\Program Files\PhotoFiltre
2007-10-26 17:18 <REP> d----c--- C:\Program Files\CCleaner
2007-10-24 14:21 45 ---h-c--- C:\WINDOWS\dpre6932.dat
2007-10-23 21:24 <REP> d----c--- C:\Program Files\Veoh Networks
2007-10-10 10:02 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-03 17:21 <REP> d--h-c--- C:\WINDOWS\PIF
2007-10-01 21:08 <REP> d----c--- C:\Program Files\Fichiers communs\PCSuite
2007-10-01 20:39 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Suite
2007-10-01 20:39 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Suite
2007-10-01 20:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-01 20:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-01 20:39 50,688 --a--c--- C:\WINDOWS\system32\nmwcdcls.dll
2007-10-01 15:13 1,017,801 --a--c--- C:\WINDOWS\system32\LOST.scr
2007-10-01 15:13 1,014,754 --a--c--- C:\WINDOWS\system32\Prison Break.scr

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 10:16 --------- dc----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-27 20:47 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2007-10-27 20:27 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-10-26 16:34 --------- dc----w C:\Program Files\Yahoo!
2007-10-26 11:01 --------- dc----w C:\Program Files\Common Files
2007-10-26 07:46 10 -c--a-w C:\Program Files\.autoreg
2007-10-25 05:18 --------- dc----w C:\Program Files\Google
2007-10-22 20:05 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
2007-10-22 20:05 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
2007-10-21 18:00 --------- dc----w C:\Program Files\Windows Live Safety Center
2007-10-21 18:00 --------- dc----w C:\Program Files\Macromedia
2007-10-21 17:40 --------- dc----w C:\Program Files\Multi_Media_France
2007-10-21 14:27 46,080 -c--a-w C:\WINDOWS\system32\ftp.exe
2007-10-21 12:50 --------- dc----w C:\Program Files\eMule
2007-10-15 21:48 --------- dc----w C:\Program Files\MSN Messenger
2007-10-15 21:48 --------- dc----w C:\Program Files\Messenger Plus! Live
2007-10-06 22:35 --------- dc----w C:\Program Files\DivX
2007-10-05 03:25 --------- dc----w C:\Program Files\Easy Internet signup
2007-10-05 03:24 --------- dc----w C:\Program Files\Apple Software Update
2007-10-02 19:56 --------- dc----w C:\Program Files\Gabest
2007-10-01 20:17 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Datalayer
2007-10-01 20:17 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Datalayer
2007-10-01 19:53 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Nokia
2007-10-01 19:53 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Nokia
2007-10-01 19:41 --------- dc----w C:\Program Files\DIFX
2007-09-22 21:46 --------- dc----w C:\Program Files\Spleak
2007-09-22 20:15 --------- dc----w C:\Program Files\Msncolor
2007-09-16 14:50 --------- dc----w C:\Program Files\World of Warcraft
2007-09-16 12:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-16 12:11 --------- dc----w C:\Program Files\Fichiers communs\Real
2007-09-16 03:31 --------- dc----w C:\Program Files\Project64 1.6
2007-09-16 03:31 --------- dc----w C:\Program Files\NetBattle
2007-09-04 13:43 --------- dc----w C:\Program Files\iTunes
2007-09-02 09:19 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-23 21:31 64,859 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2007-08-23 21:31 6,120 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-08-23 08:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-08-21 06:17 683,520 -c--a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 -c--a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 -c--a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 -c--a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 -c--a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-06-26 02:45 19,944 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-06-26 02:45 19,944 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-06-01 07:12 0 -c--a-w C:\Documents and Settings\Propriétaire\loaded.exe
2007-06-01 07:12 0 -c--a-w C:\Documents and Settings\Propriétaire\loaded.exe
2006-05-28 19:15 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-25 11:12 0 ----a-w C:\Documents and Settings\Propriétaire\remote.exe
2005-12-25 11:12 0 ----a-w C:\Documents and Settings\Propriétaire\remote.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 09:57]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 19:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2003-09-24 06:23]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 20:39]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 20:39]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 20:39]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 11:42]
"ES Current Services"="" []
"PrinterSpool"="" []
"Microsoft Windows Update"="" []
"regl1.2"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 00:29]
"ISMPack7"="C:\Program Files\ISM2\ISMPack7.exe" []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
@=

R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23c00c0e-0edb-11dc-a84d-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8131d056-c114-11db-a71d-000c76a9375f}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8353ac48-100f-11dc-a854-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8aa3a021-587e-11dc-a952-0007cb0000ff}]
Auto\command - H:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f614108-f4da-11db-a7c2-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdc92a5c-2bbc-11dc-a8d3-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdc92a5f-2bbc-11dc-a8d3-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-29 10:09:03 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 12:20:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-29 12:22:28
C:\ComboFix2.txt ... 2007-10-29 11:50
.
--- E O F ---

Arrête avec les MPS ! Tu patientes comme tout le monde !

Pour supprimer cette infection, suis cette procédure.

Et normalement c'est fini a plus ? merci  

T'as fait ce que j'ai dit ?

Le truc sur "hacked godzilla" ? oui

Refais un scan Combofix.

ComboFix 07-10-29.1 - Propriétaire 2007-10-29 13:50:27.3 - NTFSx86
Running from: C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\LKEP13YF\ComboFix[1].exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))))))))
.

2007-10-29 12:47 51,200 --a--c--- C:\WINDOWS\nircmd.exe
2007-10-29 11:08 <REP> d----c--- C:\Program Files\Norton Security Scan
2007-10-29 07:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\sansendommagement
2007-10-29 07:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\sansendommagement
2007-10-29 07:12 <REP> d----c--- C:\Program Files\SansenDommagement
2007-10-29 07:12 <REP> d----c--- C:\Program Files\Fichiers communs\SansenDommagement
2007-10-29 07:12 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-10-26 17:49 <REP> d----c--- C:\Program Files\PhotoFiltre
2007-10-26 17:18 <REP> d----c--- C:\Program Files\CCleaner
2007-10-24 14:21 45 ---h-c--- C:\WINDOWS\dpre6932.dat
2007-10-23 21:24 <REP> d----c--- C:\Program Files\Veoh Networks
2007-10-10 10:02 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-03 17:21 <REP> d--h-c--- C:\WINDOWS\PIF
2007-10-01 21:08 <REP> d----c--- C:\Program Files\Fichiers communs\PCSuite
2007-10-01 20:39 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Suite
2007-10-01 20:39 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Suite
2007-10-01 20:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-01 20:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-01 20:39 50,688 --a--c--- C:\WINDOWS\system32\nmwcdcls.dll
2007-10-01 15:13 1,017,801 --a--c--- C:\WINDOWS\system32\LOST.scr
2007-10-01 15:13 1,014,754 --a--c--- C:\WINDOWS\system32\Prison Break.scr

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 10:16 --------- dc----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-27 20:47 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2007-10-27 20:27 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-10-26 16:34 --------- dc----w C:\Program Files\Yahoo!
2007-10-26 11:01 --------- dc----w C:\Program Files\Common Files
2007-10-26 07:46 10 -c--a-w C:\Program Files\.autoreg
2007-10-25 05:18 --------- dc----w C:\Program Files\Google
2007-10-22 20:05 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
2007-10-22 20:05 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
2007-10-21 18:00 --------- dc----w C:\Program Files\Windows Live Safety Center
2007-10-21 18:00 --------- dc----w C:\Program Files\Macromedia
2007-10-21 17:40 --------- dc----w C:\Program Files\Multi_Media_France
2007-10-21 12:50 --------- dc----w C:\Program Files\eMule
2007-10-15 21:48 --------- dc----w C:\Program Files\MSN Messenger
2007-10-15 21:48 --------- dc----w C:\Program Files\Messenger Plus! Live
2007-10-06 22:35 --------- dc----w C:\Program Files\DivX
2007-10-05 03:25 --------- dc----w C:\Program Files\Easy Internet signup
2007-10-05 03:24 --------- dc----w C:\Program Files\Apple Software Update
2007-10-02 19:56 --------- dc----w C:\Program Files\Gabest
2007-10-01 20:17 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Datalayer
2007-10-01 20:17 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Datalayer
2007-10-01 19:53 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Nokia
2007-10-01 19:53 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Nokia
2007-10-01 19:41 --------- dc----w C:\Program Files\DIFX
2007-09-22 21:46 --------- dc----w C:\Program Files\Spleak
2007-09-22 20:15 --------- dc----w C:\Program Files\Msncolor
2007-09-16 14:50 --------- dc----w C:\Program Files\World of Warcraft
2007-09-16 12:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-16 12:11 --------- dc----w C:\Program Files\Fichiers communs\Real
2007-09-16 03:31 --------- dc----w C:\Program Files\Project64 1.6
2007-09-16 03:31 --------- dc----w C:\Program Files\NetBattle
2007-09-04 13:43 --------- dc----w C:\Program Files\iTunes
2007-09-02 09:19 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-23 21:31 64,859 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2007-08-23 21:31 6,120 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-06-26 02:45 19,944 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-06-26 02:45 19,944 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-06-01 07:12 0 -c--a-w C:\Documents and Settings\Propriétaire\loaded.exe
2007-06-01 07:12 0 -c--a-w C:\Documents and Settings\Propriétaire\loaded.exe
2006-05-28 19:15 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-25 11:12 0 ----a-w C:\Documents and Settings\Propriétaire\remote.exe
2005-12-25 11:12 0 ----a-w C:\Documents and Settings\Propriétaire\remote.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 09:57]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 19:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2003-09-24 06:23]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 20:39]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 20:39]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 20:39]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 11:42]
"ES Current Services"="" []
"PrinterSpool"="" []
"Microsoft Windows Update"="" []
"regl1.2"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 00:29]
"ISMPack7"="C:\Program Files\ISM2\ISMPack7.exe" []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
@=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23c00c0e-0edb-11dc-a84d-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8131d056-c114-11db-a71d-000c76a9375f}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8353ac48-100f-11dc-a854-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8aa3a021-587e-11dc-a952-0007cb0000ff}]
Auto\command - H:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f614108-f4da-11db-a7c2-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdc92a5c-2bbc-11dc-a8d3-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdc92a5f-2bbc-11dc-a8d3-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-29 10:09:03 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 13:54:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-29 13:56:54
C:\ComboFix2.txt ... 2007-10-29 12:22
C:\ComboFix3.txt ... 2007-10-29 11:50
.
--- E O F ---

Recommence Flash-Desinfector avec tes lecteurs amovibles branchés.

Flash desinfector ? :|

http://dcangeldark.blogspot.com/2007/06/hacked-by-godzi...
...

Ca a du marché j'ai plus le problème, merci  

Refais un scan Combofix  

ComboFix 07-10-29.1 - Propriétaire 2007-10-29 15:19:06.4 - NTFSx86
Running from: C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\BWDWR809\ComboFix[1].exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))))))))
.

2007-10-29 14:34 51,200 --a--c--- C:\WINDOWS\nircmd.exe
2007-10-29 11:08 <REP> d----c--- C:\Program Files\Norton Security Scan
2007-10-29 07:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\sansendommagement
2007-10-29 07:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\sansendommagement
2007-10-29 07:12 <REP> d----c--- C:\Program Files\SansenDommagement
2007-10-29 07:12 <REP> d----c--- C:\Program Files\Fichiers communs\SansenDommagement
2007-10-29 07:12 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-10-26 17:49 <REP> d----c--- C:\Program Files\PhotoFiltre
2007-10-26 17:18 <REP> d----c--- C:\Program Files\CCleaner
2007-10-24 14:21 45 ---h-c--- C:\WINDOWS\dpre6932.dat
2007-10-23 21:24 <REP> d----c--- C:\Program Files\Veoh Networks
2007-10-10 10:02 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-03 17:21 <REP> d--h-c--- C:\WINDOWS\PIF
2007-10-01 21:08 <REP> d----c--- C:\Program Files\Fichiers communs\PCSuite
2007-10-01 20:39 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Suite
2007-10-01 20:39 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Suite
2007-10-01 20:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-01 20:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-01 20:39 50,688 --a--c--- C:\WINDOWS\system32\nmwcdcls.dll
2007-10-01 15:13 1,017,801 --a--c--- C:\WINDOWS\system32\LOST.scr
2007-10-01 15:13 1,014,754 --a--c--- C:\WINDOWS\system32\Prison Break.scr

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 10:16 --------- dc----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-27 20:47 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2007-10-27 20:27 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-10-26 16:34 --------- dc----w C:\Program Files\Yahoo!
2007-10-26 11:01 --------- dc----w C:\Program Files\Common Files
2007-10-26 07:46 10 -c--a-w C:\Program Files\.autoreg
2007-10-25 05:18 --------- dc----w C:\Program Files\Google
2007-10-22 20:05 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
2007-10-22 20:05 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
2007-10-21 18:00 --------- dc----w C:\Program Files\Windows Live Safety Center
2007-10-21 18:00 --------- dc----w C:\Program Files\Macromedia
2007-10-21 17:40 --------- dc----w C:\Program Files\Multi_Media_France
2007-10-21 12:50 --------- dc----w C:\Program Files\eMule
2007-10-15 21:48 --------- dc----w C:\Program Files\MSN Messenger
2007-10-15 21:48 --------- dc----w C:\Program Files\Messenger Plus! Live
2007-10-06 22:35 --------- dc----w C:\Program Files\DivX
2007-10-05 03:25 --------- dc----w C:\Program Files\Easy Internet signup
2007-10-05 03:24 --------- dc----w C:\Program Files\Apple Software Update
2007-10-02 19:56 --------- dc----w C:\Program Files\Gabest
2007-10-01 20:17 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Datalayer
2007-10-01 20:17 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Datalayer
2007-10-01 19:53 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Nokia
2007-10-01 19:53 --------- dc----w C:\Documents and Settings\Propriétaire\Application Data\Nokia
2007-10-01 19:41 --------- dc----w C:\Program Files\DIFX
2007-09-22 21:46 --------- dc----w C:\Program Files\Spleak
2007-09-22 20:15 --------- dc----w C:\Program Files\Msncolor
2007-09-16 14:50 --------- dc----w C:\Program Files\World of Warcraft
2007-09-16 12:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-16 12:11 --------- dc----w C:\Program Files\Fichiers communs\Real
2007-09-16 03:31 --------- dc----w C:\Program Files\Project64 1.6
2007-09-16 03:31 --------- dc----w C:\Program Files\NetBattle
2007-09-04 13:43 --------- dc----w C:\Program Files\iTunes
2007-09-02 09:19 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-23 21:31 64,859 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2007-08-23 21:31 6,120 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-06-26 02:45 19,944 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-06-26 02:45 19,944 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-06-01 07:12 0 -c--a-w C:\Documents and Settings\Propriétaire\loaded.exe
2007-06-01 07:12 0 -c--a-w C:\Documents and Settings\Propriétaire\loaded.exe
2006-05-28 19:15 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-25 11:12 0 ----a-w C:\Documents and Settings\Propriétaire\remote.exe
2005-12-25 11:12 0 ----a-w C:\Documents and Settings\Propriétaire\remote.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 09:57]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 19:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2003-09-24 06:23]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 20:39]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 20:39]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 20:39]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 11:42]
"ES Current Services"="" []
"PrinterSpool"="" []
"Microsoft Windows Update"="" []
"regl1.2"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 00:29]
"ISMPack7"="C:\Program Files\ISM2\ISMPack7.exe" []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
@=

S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23c00c0e-0edb-11dc-a84d-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8131d056-c114-11db-a71d-000c76a9375f}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8353ac48-100f-11dc-a854-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8aa3a021-587e-11dc-a952-0007cb0000ff}]
Auto\command - H:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f614108-f4da-11db-a7c2-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdc92a5c-2bbc-11dc-a8d3-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdc92a5f-2bbc-11dc-a8d3-0007cb0000ff}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-29 10:09:03 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 15:23:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-29 15:26:06
C:\ComboFix2.txt ... 2007-10-29 13:56
C:\ComboFix3.txt ... 2007-10-29 12:22
.
--- E O F ---

Re,

Fais un scan en ligne Kaspersky avec Internet Explorer :

Clique sur

Clique maintenant sur J'accepte.

Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.

Patiente pendant l'installation des Mises à jour.

Choisis par la suite l'analyse du Poste de travail

Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

Ca veut pas

Tu utilises bien Internet Explorer ?
Tu peux être précis ?