Aide SVP PC très lent et qui plante

Salut !  

Tiens voilà un lien vers un sujet qui pourrait t'intéresser : un sujet de jajatopcool, qui voulait remettre son pc en forme. Lis mon 1er message, j'y explique un tas de truc pour régler tout ca.

Préviens moi quand tu auras terminé avec cette partie, que je te donne quelques conseils en plus (indispensables   )

http://www.presence-pc.com/forum/ppc/Logiciels/rame-suj...

Pas faux, j'ai vu aussi plusieurs services pour le moins douteux, mais je me suis pas vraiment penché dessus.

Ca devait être la part2   = services au démarrage et processus !

On va voir tout ca !

Bonne soirée à vous 2

 

Comment as-tu fait pour avoir une telle pagaille dans les services ??  

Vire ceci:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSo [...] =CT2297893

puis toutes les lignes (et il y en a) entre

O1 - Hosts: 209.85.225.99 www.incodesolutions.com et O1 - Hosts: 209.85.225.99 www.kztechs.com

Ensuite:

O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)

O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)

O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll

O3 - Toolbar: Kiwee Toolbar - {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe

O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\betty\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O8 - Extra context menu item: &Search - ?p=ZNfox000

O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\betty\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)

O20 - Winlogon Notify: __c006F304 - C:\WINDOWS\system32\__c006F304.dat (file missing)

O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe

O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)

Le plus gros est là, mais il y a beaucoup de fignolage à faire ensuite....

Ba tu vois katiaff, masterthiefgarrett a pensé a toi et s'occupe de tout niveau services !  

Tiens nous au courant

A+

Merci beaucoup pour votre temps et votre aide, LX-Nvidia, masterthiefgarrett et dylandu13.
Je suis en train de faire le scan Malwarebytes.
Je voudrais effacer tous les fichiers indiqués par masterthiefgarrett, mais je ne sais pas comment faire pour les suivants, je ne sais pas où ils se trouvent.
PS/ Ne jamais laisser son pc entre les mains de ses petites soeurs  

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSo [...] =CT2297893

puis toutes les lignes (et il y en a) entre

O1 - Hosts: 209.85.225.99 www.incodesolutions.com et O1 - Hosts: 209.85.225.99 www.kztechs.com

Ensuite:

O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O3 - Toolbar: Kiwee Toolbar - {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll (file missing)
O8 - Extra context menu item: &Search - ?p=ZNfox000

Merci encore!!

Voici le nouveau log, après effacement mais avant la fin de Malwarebytes.
J'espère que c'est "moins pire"...
Merci!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:19, on 28/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\HCWemmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://es.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://es.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wikyware.com/es/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://es.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 209.85.225.99 msnfix.changelog.fr
O1 - Hosts: 209.85.225.99 www.incodesolutions.com
O1 - Hosts: 209.85.225.99 virusinfo.prevx.com
O1 - Hosts: 209.85.225.99 download.bleepingcomputer.com
O1 - Hosts: 209.85.225.99 www.dazhizhu.cn
O1 - Hosts: 209.85.225.99 foro.noticias3d.com
O1 - Hosts: 209.85.225.99 www.spybotupdates.com
O1 - Hosts: 209.85.225.99 www.nabble.com
O1 - Hosts: 209.85.225.99 lurker.clamav.net
O1 - Hosts: 209.85.225.99 lexikon.ikarus.at
O1 - Hosts: 209.85.225.99 research.sunbelt-software.com
O1 - Hosts: 209.85.225.99 www.virusdoctor.jp
O1 - Hosts: 209.85.225.99 www.elitepvpers.de
O1 - Hosts: 209.85.225.99 guru.avg.com
O1 - Hosts: 209.85.225.99 downloads.sophos.com
O1 - Hosts: 209.85.225.99 www.superuser.co.kr
O1 - Hosts: 209.85.225.99 ntfaq.co.kr
O1 - Hosts: 209.85.225.99 v.dreamwiz.com
O1 - Hosts: 209.85.225.99 cit.kookmin.ac.kr
O1 - Hosts: 209.85.225.99 forums.whatthetech.com
O1 - Hosts: 209.85.225.99 forum.hijackthis.de
O1 - Hosts: 209.85.225.99 avg.vo.llnwd.net
O1 - Hosts: 209.85.225.99 ftp.drweb.com
O1 - Hosts: 209.85.225.99 www.zonealarm.com
O1 - Hosts: 209.85.225.99 www.huaifai.go.th
O1 - Hosts: 209.85.225.99 www.mostz.com
O1 - Hosts: 209.85.225.99 www.krupunmai.com
O1 - Hosts: 209.85.225.99 www.cddchiangmai.net
O1 - Hosts: 209.85.225.99 forum.malekal.com
O1 - Hosts: 209.85.225.99 tech.pantip.com
O1 - Hosts: 209.85.225.99 sapcupgrades.com
O1 - Hosts: 209.85.225.99 www.elguruinformatico.com
O1 - Hosts: 209.85.225.99 www.247fixes.com
O1 - Hosts: 209.85.225.99 forum.sysinternals.com
O1 - Hosts: 209.85.225.99 forum.telecharger.01net.com
O1 - Hosts: 209.85.225.99 sophos.com
O1 - Hosts: 209.85.225.99 foros.softonic.com
O1 - Hosts: 209.85.225.99 avast-home.uptodown.com
O1 - Hosts: 209.85.225.99 dr-web-cureit.softonic.com
O1 - Hosts: 209.85.225.99 www.f-secure.com
O1 - Hosts: 209.85.225.99 www.chkrootkit.org
O1 - Hosts: 209.85.225.99 diamondcs.com.au
O1 - Hosts: 209.85.225.99 www.rootkit.nl
O1 - Hosts: 209.85.225.99 www.sysinternals.com
O1 - Hosts: 209.85.225.99 z-oleg.com
O1 - Hosts: 209.85.225.99 espanol.dir.groups.yahoo.com
O1 - Hosts: 209.85.225.99 ftp01net.telechargement.fr
O1 - Hosts: 209.85.225.99 www.castlecrops.com
O1 - Hosts: 209.85.225.99 www.misec.net
O1 - Hosts: 209.85.225.99 safecomputing.umn.edu
O1 - Hosts: 209.85.225.99 www.antirootkit.com
O1 - Hosts: 209.85.225.99 www.greatis.com
O1 - Hosts: 209.85.225.99 ar.answers.yahoo.com
O1 - Hosts: 209.85.225.99 www.elhacker.org
O1 - Hosts: 209.85.225.99 research.pandasecurity.com
O1 - Hosts: 209.85.225.99 www.rootkit.com
O1 - Hosts: 209.85.225.99 www.pctools.com
O1 - Hosts: 209.85.225.99 www.pcsupportadvisor.com
O1 - Hosts: 209.85.225.99 www.resplendence.com
O1 - Hosts: 209.85.225.99 www.personal.psu.edu
O1 - Hosts: 209.85.225.99 foro.ethek.com
O1 - Hosts: 209.85.225.99 foro.elhacker.net
O1 - Hosts: 209.85.225.99 download.zonealarm.com
O1 - Hosts: 209.85.225.99 vil.nail.com
O1 - Hosts: 209.85.225.99 search.mcafee.com
O1 - Hosts: 209.85.225.99 wwww.mcafee.com
O1 - Hosts: 209.85.225.99 download.nai.com
O1 - Hosts: 209.85.225.99 wwww.experts-exchange.com
O1 - Hosts: 209.85.225.99 www.bakunos.com
O1 - Hosts: 209.85.225.99 www.darkclockers.com
O1 - Hosts: 209.85.225.99 www2.gmer.net
O1 - Hosts: 209.85.225.99 ariefew.com
O1 - Hosts: 209.85.225.99 www.Merijn.org
O1 - Hosts: 209.85.225.99 www.spywareinfo.com
O1 - Hosts: 209.85.225.99 www.spybot.info
O1 - Hosts: 209.85.225.99 www.viruslist.com
O1 - Hosts: 209.85.225.99 www.hijackthis.de
O1 - Hosts: 209.85.225.99 ftp.f-secure.com
O1 - Hosts: 209.85.225.99 forum.kaspersky.com
O1 - Hosts: 209.85.225.99 es.trendmicro-europe.com
O1 - Hosts: 209.85.225.99 www.hvaonline.net
O1 - Hosts: 209.85.225.99 majorgeeks.com
O1 - Hosts: 209.85.225.99 www.avp.com
O1 - Hosts: 209.85.225.99 www.virustotal.com
O1 - Hosts: 209.85.225.99 www.sophos.com
O1 - Hosts: 209.85.225.99 linhadefensiva.uol.com.br
O1 - Hosts: 209.85.225.99 cmmings.cn
O1 - Hosts: 209.85.225.99 www.sergiwa.com
O1 - Hosts: 209.85.225.99 www.el-hacker.com
O1 - Hosts: 209.85.225.99 dl2.agnitum.com
O1 - Hosts: 209.85.225.99 www.avg-antivirus.net
O1 - Hosts: 209.85.225.99 www.kaspersky-labs.com
O1 - Hosts: 209.85.225.99 www.kaspersky.com
O1 - Hosts: 209.85.225.99 www.bleepingcomputer.com
O1 - Hosts: 209.85.225.99 www.free.grisoft.com
O1 - Hosts: 209.85.225.99 alerta-antivirus.inteco.es
O1 - Hosts: 209.85.225.99 greatis.com
O1 - Hosts: 209.85.225.99 securityresponse.symantec.com
O1 - Hosts: 209.85.225.99 www.analysis.seclab.tuwien.ac.at
O1 - Hosts: 209.85.225.99 www.symantec.com
O1 - Hosts: 209.85.225.99 www.kztechs.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: BrowserHelper Class - {5C4E8E46-33DC-4314-A4F5-832205B9ECDE} - C:\DOCUME~1\ashley\LOCALS~1\Temp\GLFE8\blackbox.dll
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera V
O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\HALLOW~1\\trioService.exe "
O4 - HKLM\..\Run: [readmetraysetupflaw] C:\Documents and Settings\All Users\Application Data\skip boob readme tray\FlapTool.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [xzxyoesuar] c:\windows\system32\xzxyoesuar.exe xzxyoesuar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lillcjaf] c:\windows\system32\lillcjaf.exe lillcjaf
O4 - HKLM\..\Run: [erlwcroa] c:\windows\system32\erlwcroa.exe erlwcroa
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [tsbxpxb] c:\windows\system32\tsbxpxb.exe tsbxpxb
O4 - HKLM\..\Run: [wykjiipno] c:\windows\system32\wykjiipno.exe wykjiipno
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\betty\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [HCWemmon] HCWemmon.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [A00FB299DC.exe] C:\DOCUME~1\nereida\LOCALS~1\Temp\_A00FB299DC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [owgfnvwe] "c:\documents and settings\nereida\local settings\application data\owgfnvwe.exe" owgfnvwe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Documents and Settings\nereida\Application Data\IMVUClient\IMVUClient.exe
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Startup: Y'z Toolbar.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\betty\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/Gam...
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: Service Google Update (gupdate1c9f7deeab3bfbe) (gupdate1c9f7deeab3bfbe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 21194 bytes

mais pourquoi n'as-tu pas fixé les lignes indiquées ?

Je suis désolée masterthiefgarrett!!
Je ne savais pas que l'ordre avait une importance!!
Je pensais devoir effacer les fichiers indiqués et scan scanner avec Malwarebytes.
J'espère que c'est récupérable...

Merci Dylandu13, effectivement, je n'avais pas compris, merci pour toutes les précisions.
Voici tout d'abord le log de Malwarebytes.

Décidément...  

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4150

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28/05/2010 12:45:55
mbam-log-2010-05-28 (12-45-55).txt

Type d'examen: Examen complet (C:\|D:\|G:\|H:\|I:\|K:\|)
Elément(s) analysé(s): 330012
Temps écoulé: 10 heure(s), 4 minute(s), 0 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 157

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c4e8e46-33dc-4314-a4f5-832205b9ecde} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c4e8e46-33dc-4314-a4f5-832205b9ecde} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.norton2009reset (Trojan.Hacktool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\bisoft (Worm.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kernelx86 (Backdoor.RixoBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srosa (Worm.Bagle) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owgfnvwe (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fb299dc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Worm.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avg antivirus (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\nereida\Application Data\drivers\downld (Worm.Bagle) -> Files: 491 -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\DivoCodec (Trojan.Downloader) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\betty\Local Settings\Application Data\dzwtjfda_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\betty\Local Settings\Application Data\dzwtjfda_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\betty\Local Settings\Application Data\dzwtjfda.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\betty\Local Settings\Application Data\hanis_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\betty\Local Settings\Application Data\hanis_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\betty\Local Settings\Application Data\hanis.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Local Settings\Application Data\owgfnvwe_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Local Settings\Application Data\owgfnvwe_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Local Settings\Application Data\owgfnvwe.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\ashley\Local Settings\Temp\GLFE8\blackbox.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\517112E0-57B9-4FF7-97FD-19E5A1\228D99DD-886C-439C-B979-2CED5A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\517112E0-57B9-4FF7-97FD-19E5A1\BDD05595-9788-4C60-8775-440499 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\517112E0-57B9-4FF7-97FD-19E5A1\4F146DE3-31A8-4008-B41B-C4AC3D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\517112E0-57B9-4FF7-97FD-19E5A1\FCCB6E2B-CA6E-4215-96E4-D89955 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\517112E0-57B9-4FF7-97FD-19E5A1\FD5A8BB5-E4EE-46C2-8158-73AE33 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\517112E0-57B9-4FF7-97FD-19E5A1\AE4AC077-B971-463A-B3EA-ABE76F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00ABBE2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\kernelx86.sys (Rootkit.HackTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\1 Click Safe PC 1.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\3D Angel Fish 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\ABC Backup 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\ABC Coloring Book I 2.01.0242.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Absolute Log Analyzer 2.3.95.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Absurd Terminator 2.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\ActiveXplorer 4.0.204.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\ADShareit Video to SWF Converter Pro 3.1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Aid System Restorer 2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Alice DVD to Mac iPhone Converter 5.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Amazon S3 Firefox Organizer(S3Fox) 0.4.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\APicViewer 5.5.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Assniffe 0.2 Alpha.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\AutoHide 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Avg.Anti-Virus.Professional.Single.Edition.7.1.375.Build.690.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Backup2007 Synchronizer 6.7.317.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Bonita 3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Butterfly 1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Chilkat Spider ActiveX 1.1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\CNCEditMan 1.1.110.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\ColorGrab 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\CruiseCalc 4.3.122.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\CSDialUp API 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Daily Tarot 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Database VE 3.0.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\DesktopForecast 3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Diabetes Tracker 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\DiskOnMail 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\DotNetPanel 2.1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\DUStat 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Earth (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Earth from Space - Germany Screen Saver 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\eComm PRO 2.09.003.4361.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Eupinion Kolumnist 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\ewido-v400172H.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Fantom DVD Professional 1.8.11 Build 13.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Fast Document Viewer 1.79.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\FastFolders 4.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Film Grain 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Fixres Beta 1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Free Folder Hider 10.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\FreeStar Free DVD Ripper 1.0.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Handybits Voice Mail 5.5.0.178.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Hero's Journey Monomyth Software Program 3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\History Clean 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Hot or Not (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Index.dat Scanner 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Industrial Flash Template 1.0 build 2007.01.12.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\InstantNavigator for OneNote 0.7.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Internet Browser Eraser 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Intrinsic Value Investing Training Wizard 3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Iris Network Traffic Analyzer 4.07.1 With KeyGen.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Joboshare iPhone Rip 2.2.0.1202.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Joy DVD To MP4 Converter 3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Kahli Deskmate 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Kaspersky.Antivirus.Personal.v5.0.227.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\KDE 3.5 beta 1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Keyloger Finder 1.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Keyword Market Value Analyzer 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Koala Screen Saver 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Lemonade Forum 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\LingvoSoft Picture Dictionary 2008 English - Arabic 1.2.25.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\LingvoSoft Suite Deluxe 2008 English - Italian 2.1.26.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Logitech MouseWare Advanced Utility.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Macro Wizard Keyboard Mouse Recorder 4.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Map This 0.1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Mcafee.Antispyware.2006.Keygen.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Mcafee.Antivirus2007.Keygen.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\McAfee.Internet.Security.Suite.2007.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\MICRO EGG TIMER 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Midi Virtuoso Guitar Edition 1.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\MidiToX 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Mini Timer 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\MovieCal 2.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\MP3 File Renamer 6.92.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\MP3 to CD Burners Pro 2.50.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\MSN Recorder Max 2.1.4.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Munchy Screen Saver 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\My Thumbnailer 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\MyLife Organized 2.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\NetServer 0.1 beta5-build3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\NextInstaller 2.81.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\NM Desktop Utils 1.0.3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\NOD32.Anti-Virus.System.Personal.v.2.51.26.Français.+.Crack.NOD.Fix.v.2.1_DnGnMsTr.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Nod32_2.51.12_XP-2k3-x64_SLO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Now Tracker Pro 1.0.02305.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Office Password Recovery Toolbox 3.0.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Organic Studio 1.1.130.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\PDF Ripper 2.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Ping Monster 1.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\PLOUTAB 2.31.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Point Cloud 1.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\PopupMe 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Potaro 1.1.0.9 Beta.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Presenter 0.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\ProTraderFX .Net Station 1.0.2712.30215.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\QuickTileViewer 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\QuickTime MOV Files Converter 3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Radar8 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\rc4wa 2.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Registry Cleaner and Fixer 1.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Rename 123 1.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\RU Translit 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Scheduling Employees 2000 3.0.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Screenie 1.77.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Simple News 0.9 beta.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Sinus Wavewrapper 1198.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\SiteShoter 1.21.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Smart Dialer 1.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Space 1 Screensaver.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\SqueezeFox 0.8.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Start Menu Cleaner 1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\StartupXPert 2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Sticker Book 3 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\SunSys Screensaver 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Symantec.Norton.GoBack.v4.0.Retail.REPACK-SSG.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Terminal Services Log 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\TestFonts 1.4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Tiger II Tools 1.1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Timezone Expert World Time Zone Clock 2.8.01 Build 624.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Toby's WAV-Merger 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\TotalNotes Portable 1.1.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Universal Inbox 0.92.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\ViewonLog for Visual Studio 2008 1.2 Build 181.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Virtual Metronome 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Webcam Toolkit 3.06.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Word of the Day 1.0.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\WorldSave!.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nereida\Application Data\m\shared\Zona.Alarm.antivirus.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Norton2009Reset.exe (Trojan.Hacktool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byrkbmkq_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\segeucagky_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byrkbmkq_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\segeucagky_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer.vbk (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

une pousette immatriculé " bob 13" est garée en double file !!!!

Tout d'abord, voici le log Hijack suite au fix checked.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:15, on 28/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\HCWemmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://es.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://es.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wikyware.com/es/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://es.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera V
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\HALLOW~1\\trioService.exe "
O4 - HKLM\..\Run: [readmetraysetupflaw] C:\Documents and Settings\All Users\Application Data\skip boob readme tray\FlapTool.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [xzxyoesuar] c:\windows\system32\xzxyoesuar.exe xzxyoesuar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lillcjaf] c:\windows\system32\lillcjaf.exe lillcjaf
O4 - HKLM\..\Run: [erlwcroa] c:\windows\system32\erlwcroa.exe erlwcroa
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [tsbxpxb] c:\windows\system32\tsbxpxb.exe tsbxpxb
O4 - HKLM\..\Run: [wykjiipno] c:\windows\system32\wykjiipno.exe wykjiipno
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\betty\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [HCWemmon] HCWemmon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Documents and Settings\nereida\Application Data\IMVUClient\IMVUClient.exe
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Startup: Y'z Toolbar.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/Gam...
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: Service Google Update (gupdate1c9f7deeab3bfbe) (gupdate1c9f7deeab3bfbe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 14569 bytes

Qui cherche ...


... Trouve

 

Voici le log Malwarebytes.
Je n'y connais pas grand chose mais il a l'air moins chargé que le précédent...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4150

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28/05/2010 14:08:21
mbam-log-2010-05-28 (14-08-21).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 160126
Temps écoulé: 29 minute(s), 38 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Merci Dylandu13, oui; j'ai bien supprimé la sélection.
Voici les deux liens de logs otl.

http://www.cijoint.fr/cjlink.php?file=cj201005/cijl4iNG...
http://www.cijoint.fr/cjlink.php?file=cj201005/cij4GETi...

Merci, ça à l'air rassurant.
Manip Defogger faite comme indiqué.