ok par contre comme hier je ne pourrais pas avant 18h car je suis au boulot
Merci
A+

Re bonjour
voici le rappor comboFix5 + le log hijackthis que tu m'à demandé
merci
ComboFix 08-03-05.1 - sandrine 2008-03-05 21:45:12.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1384 [GMT 1:00]
Endroit: C:\Users\sandrine\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Adssite Games Collection
C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adssite Games Collection\BobAndBill.exe
C:\Program Files\Adssite Games Collection\CrazyBlocks.exe
C:\Program Files\Adssite Games Collection\Lines.exe
C:\Program Files\Adssite Games Collection\uninstall.exe
C:\Program Files\Adssite Games Collection\VideoPool.exe
C:\Users\sandrine\AppData\Roaming\urlredir.cfg
C:\Windows\system32\dcads-remove.exe
C:\Windows\system32\DcadsSocial-uninstall.exe
C:\Windows\system32\iebrowserc.dll
C:\Windows\system32\jusched.exe
C:\Windows\system32\nsd7918.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\poof




((((((((((((((((((((((((((((( Fichiers créés 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))))))))
.

2008-03-05 21:22 . 2008-03-05 21:22 3,273,265 --a------ C:\upload_moi_PC-de-sandrine.tar.gz
2008-03-05 20:38 . 2008-03-05 20:38 3,718 --a------ C:\Windows\System32\tmp.reg
2008-03-05 20:37 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-03-05 20:37 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-03-05 20:37 . 2008-03-01 23:12 86,016 --a------ C:\Windows\System32\VACFix.exe
2008-03-05 20:37 . 2008-02-29 23:48 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-03-05 20:37 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-03-05 20:37 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-03-05 20:37 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-03-03 10:53 . 2008-03-03 10:55 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-03-02 11:04 . 2008-03-02 11:25 <REP> d-------- C:\Program Files\LimeWire
2008-03-02 10:51 . 2008-03-03 10:47 <REP> dr------- C:\Users\sandrine\Searches
2008-03-01 11:58 . 2008-03-05 21:43 <REP> d-------- C:\Program Files\ContextEnhancer
2008-03-01 10:50 . 2008-03-01 10:50 84,761 --a------ C:\Windows\System32\mysidesearch_sidebar_uninstall.exe
2008-02-28 17:57 . 2008-03-02 11:05 <REP> d-------- C:\Users\sandrine\AppData\Roaming\LimeWire
2008-02-25 15:34 . 2008-02-25 15:34 339,968 --a------ C:\Windows\System32\mysidesearch_sidebar.dll
2008-02-23 12:37 . 2008-02-23 12:37 <REP> d-------- C:\Users\sandrine\AppData\Roaming\WinBatch
2008-02-16 17:56 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 03:12 . 2008-02-14 03:12 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 03:12 . 2008-02-14 03:12 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 03:07 . 2008-02-14 03:07 3,505,720 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 03:07 . 2008-02-14 03:07 3,471,928 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 03:07 . 2008-02-14 03:07 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 03:07 . 2008-02-14 03:07 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-14 03:07 . 2008-02-14 03:07 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-14 03:07 . 2008-02-14 03:07 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-14 03:07 . 2008-02-14 03:07 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-14 03:06 . 2008-02-14 03:06 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 03:06 . 2008-02-14 03:06 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 03:06 . 2008-02-14 03:06 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 03:06 . 2008-02-14 03:06 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 03:06 . 2008-02-14 03:06 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-14 03:05 . 2008-02-14 03:05 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:05 . 2008-02-14 03:05 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-06 21:26 . 2008-02-09 12:17 <REP> d-------- C:\Users\sandrine\AppData\Roaming\???????sAppData
2008-02-05 20:06 . 2008-02-05 20:06 97,216 --a------ C:\Windows\System32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 17:55 --------- d-----w C:\ProgramData\Symantec
2008-03-04 21:13 --------- d-----w C:\Users\sandrine\AppData\Roaming\uTorrent
2008-03-04 21:13 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-04 21:13 --------- d-----w C:\Program Files\Microsoft Works
2008-03-04 21:13 --------- d-----w C:\Program Files\Google
2008-03-04 21:13 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-03-04 20:55 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-04 20:54 --------- d-----w C:\ProgramData\Nero
2008-03-02 09:59 --------- d-----w C:\Users\sandrine\AppData\Roaming\Shareaza
2008-03-01 10:28 --------- d-----w C:\Users\sandrine\AppData\Roaming\Ahead
2008-02-25 10:21 --------- d-----w C:\Program Files\Nero
2008-02-15 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-14 02:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 22:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 11:31 --------- d-----w C:\ProgramData\Roxio
2008-02-09 11:17 --------- d-----w C:\Users\sandrine\AppData\Roaming\???????sAppData
2008-02-09 10:47 --------- d-----w C:\Users\sandrine\AppData\Roaming\Roxio
2008-02-06 19:28 --------- d-----w C:\ProgramData\DVD Shrink
2008-02-03 19:07 --------- d-----w C:\Users\sandrine\AppData\Roaming\Elaborate Bytes
2008-02-03 19:03 --------- d-----w C:\Program Files\Elaborate Bytes
2008-02-03 18:26 --------- d-----w C:\Program Files\SlySoft
2008-02-03 17:44 --------- d-----w C:\ProgramData\Elaborate Bytes
2008-02-03 09:17 --------- d-----w C:\Users\sandrine\AppData\Roaming\Nero
2008-02-02 19:02 --------- d-----w C:\ProgramData\Ahead
2008-02-02 09:39 --------- d-----w C:\Program Files\uTorrent
2008-02-02 09:21 --------- d-----w C:\Program Files\Azureus
2008-02-01 15:36 --------- d-----w C:\Program Files\HomePlayer1.5
2008-02-01 14:20 --------- d-----w C:\ProgramData\LightScribe
2008-02-01 14:16 --------- d-----w C:\Users\sandrine\AppData\Roaming\Azureus
2008-02-01 09:49 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-01 09:34 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-02-01 09:34 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-02-01 09:34 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-02-01 09:34 --------- d-----w C:\Program Files\Symantec
2008-01-31 18:03 --------- d-----w C:\Program Files\DivX
2008-01-31 18:00 --------- d-----w C:\Users\sandrine\AppData\Roaming\DivX
2008-01-31 17:56 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-01-31 13:28 32,390 ----a-w C:\Windows\king-uninstall.exe
2008-01-31 12:58 --------- d-----w C:\ProgramData\Azureus
2008-01-31 12:02 --------- d-----w C:\ProgramData\SlySoft
2008-01-31 11:37 --------- d-----w C:\Program Files\DVD Shrink
2008-01-31 11:27 --------- d-----w C:\Program Files\MSBuild
2008-01-31 11:26 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-31 11:24 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-31 10:19 --------- d-----w C:\Users\sandrine\AppData\Roaming\Symantec
2008-01-31 10:09 174 --sha-w C:\Program Files\desktop.ini
2008-01-31 10:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-31 10:06 --------- d-----w C:\Program Files\Windows Mail
2008-01-31 10:06 --------- d-----w C:\Program Files\Windows Calendar
2008-01-31 10:00 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-31 10:00 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-31 10:00 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-31 10:00 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-31 10:00 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-31 10:00 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-31 10:00 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-31 10:00 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-31 10:00 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-31 10:00 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-31 10:00 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-01-31 09:58 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-31 09:58 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-31 09:58 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-31 09:58 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-31 09:56 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-31 09:56 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-31 09:56 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-01-31 09:56 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-01-31 09:56 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-01-31 09:56 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-01-31 09:56 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-01-31 09:56 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-01-31 09:56 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-31 09:55 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-31 09:55 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-31 09:54 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-31 09:54 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-31 09:54 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-31 09:54 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-31 09:54 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-31 09:54 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-31 09:52 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-31 09:50 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-31 09:50 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-31 09:50 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-31 09:50 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-31 09:50 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-31 09:50 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-31 09:49 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-31 09:48 --------- d--h--w C:\ProgramData\CanonBJ
2008-01-31 09:47 --------- d-----w C:\Users\sandrine\AppData\Roaming\Hewlett-Packard
2008-01-31 09:47 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-01-31 09:46 --------- d-----w C:\Users\sandrine\AppData\Roaming\ATI
.

((((((((((((((((((((((((((((( snapshot@2008-03-05_21.40.35.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-05 20:38:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-05 20:46:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-05 20:46:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-05 20:24:39 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-05 20:43:10 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-05 20:24:39 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-03-05 20:43:10 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-03-05 20:24:39 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-05 20:43:10 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-05 20:24:39 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-03-05 20:43:10 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-03-05 20:21:49 5,792 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1017998519-953618848-1121065845-1000_UserData.bin
+ 2008-03-05 20:40:40 6,064 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1017998519-953618848-1121065845-1000_UserData.bin
- 2008-03-05 20:21:49 55,734 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-05 20:40:40 55,790 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C6C4BA2-1646-0F3A-1FAE-B393C162C92E}]
2007-12-30 21:48 1019904 --a------ C:\Program Files\ContextEnhancer\ContextEnhancer-1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 11:41 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DDFA1356-E6ED-42a5-9D62-93211D424A90}]
2008-02-25 15:34 339968 --a------ C:\Windows\system32\mysidesearch_sidebar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-02-06 11:06 1682368]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-15 07:20 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 16:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 12:06 4669440 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 12:13 71176]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 01:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6C1F8FB3-8252-42B9-9296-69B1498CBE3F}"= UDP:6346:shareaza
"{2CAC91C3-EDA9-4206-AFA4-3B659C470058}"= TCP:6346:shareaza
"{68F9E2BD-B6BD-4CC5-B9EF-C527308B8FE4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8A0DDBA5-4777-42E8-B0A2-095F3C47A419}"= UDP:8080:homeplayer
"{8469D0AD-0ECD-4A40-849B-F90E8A41BE4D}"= TCP:8080:homeplayer
"{7E9A3FEC-223C-4ACA-9195-0D14B6B15300}"= UDP:62770:utorrent
"{BD703C1A-FFFB-4C51-AA26-70308700AAD8}"= TCP:62770:utorrent
"{47DF1BE7-CD51-43A8-ADA2-B65D6F3411FE}"= Disabled:UDP:4:82.243.170.2
"{A792F460-B2C4-4BED-AFF7-F7F29DCE1A4B}"= Disabled:UDP:3620:82.243.170.2
"{A39E1F71-C6D0-4CBF-B3F2-4D4F04A5AA80}"= Disabled:TCP:4:82.243.170.2
"{0A92365B-35E5-4CEF-9825-71F5FFE3975E}"= Disabled:TCP:1316:82.243.170.2
"TCP Query User{ECD4B7AF-55E3-4A0B-BD15-4A4C8ED47294}C:\program files\homeplayer1.5\homeplayer.exe"= UDP:C:\program files\homeplayer1.5\homeplayer.exe:HomePlayer|Desc=HomePlayer
"UDP Query User{9DCB4CC3-229F-4BEB-904F-4BC9F9B02357}C:\program files\homeplayer1.5\homeplayer.exe"= TCP:C:\program files\homeplayer1.5\homeplayer.exe:HomePlayer|Desc=HomePlayer
"{C72D4E48-EAA9-4BEE-BD51-97E97A70B085}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E493CCC6-D9DD-43A0-B41E-574868DA9E09}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080305.001\IDSvix86.sys [2008-02-13 17:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-13 23:07]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 22:28]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 13:50]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-03 20:54:31 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - sandrine.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-02-15 14:51:42 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 21:46:18
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-05 21:46:57
ComboFix-quarantined-files.txt 2008-03-05 20:46:55
.
2008-03-03 09:55:46 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:59, on 06/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sandrine\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContextEnhancer - {4C6C4BA2-1646-0F3A-1FAE-B393C162C92E} - C:\Program Files\ContextEnhancer\ContextEnhancer-1.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\Windows\system32\mysidesearch_sidebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7466 bytes

Il y a eu un pépin avec le script, mais il y a eu déjà un coup de balai. On continue.

• Télécharge BTFix de Bibi26.
• Dézippe l'archive sur ton Bureau.
• Ouvre le dossier BTFix.
• Fais clic droit sur BTfix.exe, exécuter en tant que... "administrateur".
• Double clique sur BTFix.exe.
• Clique sur Rechercher.
• Un rapport va apparaître, copie/colle-le dans ta prochaine réponse, ne netoie pas directement, nous devons vérifier ce qui est listé.

cela donne ça
BTFix 1.083 (par bibi26) - 06/03/2008 17:31:55 - Analyse
Lancé depuis C:\Users\sandrine\Desktop\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\Windows\system32\mysidesearch_sidebar_uninstall.exe
- C:\Windows\system32\WhoisCL.exe
- C:\Windows\system32\mysidesearch_sidebar.dll
- C:\Program Files\ContextEnhancer\

---> Analyse terminée

Ok, merci.

• Fais un clic droit sur BTFix.exe, "exécuter en tant que..." "administrateur".
• Clique sur Nettoyer.
• Un rapport va apparaître, copie/colle-le dans ta prochaine réponse, avec un nouveau log HijackThis stp.

voila les deux rapports

BTFix 1.083 (par bibi26) - 06/03/2008 17:39:16 - Nettoyage - Mode normal
Lancé depuis C:\Users\sandrine\Desktop\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés
- C:\Windows\system32\mysidesearch_sidebar_uninstall.exe
- C:\Windows\system32\WhoisCL.exe
- C:\Windows\system32\mysidesearch_sidebar.dll
- C:\Program Files\ContextEnhancer\

---> Nettoyage terminé


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:12, on 06/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\sandrine\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6651 bytes

Super, on progresse bien.

Relance Hijackthis par clic droit, exécuter en tant que, adminisrateur.

Coche cette ligne :

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

Clique sur le bouton "fix checked" en bas à gauche.

Redémarre et poste un (dernier peut-être) rapport HijackThis.

voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:48, on 06/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\KbdStub.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\sandrine\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6369 bytes

Ta machine est propre.

Tes malheurs viennent des cracks et du p2p, c'est par là que sont arrivés ces parasites, et Norton a laissé passer tout ça.
Voici un papier qui récapitule les conseils pour éviter surtout que ça se reproduise et t'épargner ces désagréments, il y a des précautions simples et faciles à prendre, d'autres plus élaborées. Je te laisse voir.

Eviter les infections :
http://www.libellules.ch/phpBB2/prevention-comment-eviter-bien-des-infections-t24540.html

je te remercie énormement et je vais lire tout de suite ces informations car je ne comprend pas pourquoi je paye norton à l'année et qu'il ne me protège pas mais il est vrai que je n'ai surement pas fait ce qu'il faut.
Grand merci à toi je ne saurais jamais comment te remercier pour tout ce que tu as fait
une chose est sûre c'est que je reviendrai régulièrement en essayant d'apporter le peu de connaissance que je pourrais partager.
encore un énorme merci Falkra.

Pas de quoi, ça fait plaisir.
Les antivirus ne s'occupent pas de tous les parasites, certains étaient plutôt de type spyware, il faut voir du côté de ta configuration logicielle côté sécurité, ton Antispyware notamment.

Cette étape de sécurisation est aussi importante que le nettoyage, donc si tu as des questions à ce sujet, n'hésite pas.
Il te faut un logiciel antispyware, au minimum. On peut étudier ça aussi bien sûr.

ok je vois tout ca et je te tiens au courant
merci beaucoup