Ordi lent

Salut merci pour ton aide,

voici le rapport de log.txt:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Sylvie PHILIPPE at 2009-01-12 10:51:58
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 65 GB (70%) free of 93 GB
Total RAM: 959 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:25, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Iconix\IconixService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Iconix\OEAddOn\OEdmn_4.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\LeapFrog\LeapFrog Connect Tag\bin\TagMonitor.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\PROGRA~1\MAGENTIC\bin\MgApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sylvie PHILIPPE\Bureau\RSIT.exe
C:\Program Files\trend micro\Sylvie PHILIPPE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_37.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_4.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [TagMonitor] "C:\Program Files\LeapFrog\LeapFrog Connect Tag\bin\TagMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-3654143760-2950387367-1212085495-1012\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'marie')
O4 - HKUS\S-1-5-21-3654143760-2950387367-1212085495-1012\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'marie')
O4 - HKUS\S-1-5-21-3654143760-2950387367-1212085495-1012\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'marie')
O4 - HKUS\S-1-5-21-3654143760-2950387367-1212085495-1012\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE (User 'marie')
O4 - HKUS\S-1-5-21-3654143760-2950387367-1212085495-1013\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Sylvie Internet')
O4 - HKUS\S-1-5-21-3654143760-2950387367-1212085495-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrateur')
O4 - HKUS\S-1-5-21-3654143760-2950387367-1212085495-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Invité')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: Email ID Préférences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_37.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: À propos de Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_37.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Avira Premium Security Suite Pare-feu (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Planificateur Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Service d'assistance Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Fichiers communs\Iconix\IconixService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Réparez et Protégez votre PC Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Voici les rapports demandés.

D'abord celui de Virustotal pour le fichier C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe

Fichier MemCheck.exe reçu le 2007.11.28 03:35:15 (CET)
Situation actuelle: terminé
Résultat: 1/32 (3.12%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious Self Modifying File
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: bb3348af6f0e50065dc6a71d4f9f9499
SHA1: 815334996b2b0a367b808ed6a5e48a7649eefb23
SHA256: 090ec20874195208c061bcb87a147ab1fa6bc9f37e1b50da621b138be33ea751
SHA512: 9a7ed608a09b9b4eccf2474229d779c2334473cd1eec289ed491112c7f6c5c976bdc080a31d0a30640e860c701b2695e6c11eb159695b528937bfbcaefb5590f
-----------------------------------------------------------------------
Et voici celui de MalwareByte's Anti-Malware :

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1645
Windows 5.1.2600 Service Pack 3

12/01/2009 12:13:46
mbam-log-2009-01-12 (12-13-46).txt

Type de recherche: Examen complet (C:\|D:\|J:\|)
Eléments examinés: 167834
Temps écoulé: 58 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

---------------------------------------------------

Et concernant VirusScannerPro, je ne sais pas ce que c'est, sûrement un logiciel téléchargé de je ne sais où.

Voici le rapport de OTMovelt :

Error: Unable to interpret <:processus> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Oberon Media\Jigsaw Puzzle 2 Mix\Albums\Mix moved successfully.
C:\Documents and Settings\All Users\Application Data\Oberon Media\Jigsaw Puzzle 2 Mix\Albums moved successfully.
C:\Documents and Settings\All Users\Application Data\Oberon Media\Jigsaw Puzzle 2 Mix moved successfully.
C:\Documents and Settings\All Users\Application Data\Oberon Media moved successfully.
C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VirusScannerPro deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\~DF48B7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\~DF811E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\etilqs_ubJv9tJh2lZoiOepIXBw scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\XUL.mfl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01122009_122320

Files moved on Reboot...
C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\~DF48B7.tmp moved successfully.
C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\~DF811E.tmp moved successfully.
File C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\etilqs_ubJv9tJh2lZoiOepIXBw not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\XUL.mfl moved successfully.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\urlclassifier3.sqlite moved successfully.

--------------------------------------------------------------------------------------------

Et voici celui de AD-Remover :


------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------

# START AT: 12:30:02 | Lun 12/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: SYLVIE | USER: Sylvie PHILIPPE ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: FAT32)
- D:\ (File System: FAT32)
- J:\ (File System: FAT32)
# System Drive: C:\
# Windows Directory: C:\WINDOWS\
# System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 53

+--------------------| Boonty/Boonty Games Elements found :

.
.

+--------------------| Eorezo Elements found :

.
HKCU\SOFTWARE\EoRezo
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
.
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo\db
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo\ConfMedia.cyp
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo\host.cyp
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo\cmhost.cyp
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo\user.cyp
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo\db\cat.cyp
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo\eoDesktop\userConfig.xml
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo\eoDesktop\config.xml

+--------------------| Everest Casino/Everest Poker Elements found :

.
.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
.

+--------------------| It's TV Elements found :

.

+--------------------| Sweetim Elements found :

.
.

+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\kfprvv9j.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine: "Google"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "http://lo.st#"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"

.
FOUND - user_pref("browser.startup.homepage", "http://lo.st#");

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/
Start Page : hxxp://services.aol.fr/webmail/neuf/\0http

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/
Start Page : hxxp://www.live.com/\0\0

+---------------------------------------------------------------------------+

[~3691 bytes] - "C:\AD-report-Scan-12.01.2009.log"

# END at: 12:31:24 | 12/01/2009 - Time elapsed: 81.7 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 78 lines ]
+---------------------------------------------------------------------------+

Voici le rapport de AD-Remover :


------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------

*** Limited to ***

Eorezo

******************

# START AT: 12:40:02 | Lun 12/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: SYLVIE | USER: Sylvie PHILIPPE ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: FAT32)
- D:\ (File System: FAT32)
- J:\ (File System: FAT32)
# System Drive: C:\
# Windows Directory: C:\WINDOWS\
# System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 50

(!) ---- IE start pages reset

+--------------------| Eorezo Elements Deleted :

.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
HKCU\SOFTWARE\EoRezo
HKLM\SOFTWARE\EoRezo
.
C:\Documents and Settings\Sylvie PHILIPPE\Application Data\EoRezo

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\kfprvv9j.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine: "Google"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "http://lo.st#"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"
* Browser Startup HomePage: "https://www.msn.com/fr-fr"

.
REMOVED - user_pref("browser.startup.homepage", "http://lo.st#");

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page : hxxp://services.aol.fr/webmail/neuf/\0http

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/
Start Page : hxxp://www.live.com/\0\0

+---------------------------------------------------------------------------+

[~4025 bytes] - "C:\AD-report-Scan-12.01.2009.log"
[~2788 bytes] - "C:\AD-report-Clean-12.01.2009.log"

# END at: 12:40:24 | 12/01/2009 - Time elapsed: 22.2 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 60 lines ]
+---------------------------------------------------------------------------+

-------------------------------------------------------------------------------------------------

Et celui de Toolbar :


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 3.06GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Sylvie PHILIPPE ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Avira Premium Security Suite 8.0.1.30 (Activated)
Firewall : Avira Pare-feu 8.0.1.30 (Activated)
C:\ (Local Disk) - FAT32 - Total:90 Go (Free:63 Go)
D:\ (Local Disk) - FAT32 - Total:91 Go (Free:86 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (Local Disk) - FAT32 - Total:149 Go (Free:138 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 12/01/2009|12:41 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(Sylvie PHILIPPE) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Sylvie PHILIPPE) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="https://www.msn.com/fr-fr"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/?p=us"
"Default_Search_URL"="https://actus.sfr.fr"
"Start Page"="https://www.msn.com/fr-fr"


--------------------\\ Recherche d'autres infections

C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Website.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Confidentialit‚.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Conditions g‚n‚rales.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\InternetGameBox
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\InternetGameBox\Website.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\InternetGameBox\Confidentialit‚.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\InternetGameBox\Conditions g‚n‚rales.url
[b]==> EGDACCESS <==/b

--------------------\\ ROGUES ..

C:\DOCUME~1\SYLVIE~1\MENUD~1\PROGRA~1\Spyware-Secure




1 - "C:\ToolBar SD\TB_1.txt" - 12/01/2009|12:43 - Option : [1]

-----------\\ Fin du rapport a 12:43:05,79

Et voici le rapport de Navilog :

Search Navipromo version 3.7.1 commencé le 12/01/2009 à 12:56:08,98

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 3.06GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Sylvie PHILIPPE ( Not Administrator ! )
BOOT : Normal boot

Antivirus : Avira Premium Security Suite 8.0.1.30 (Activated)
Firewall : Avira Pare-feu 8.0.1.30 (Activated)

C:\ (Local Disk) - FAT32 - Total:90 Go (Free:63 Go)
D:\ (Local Disk) - FAT32 - Total:91 Go (Free:86 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (Local Disk) - FAT32 - Total:149 Go (Free:138 Go)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Sylvie PHILIPPE\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\marie\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\INVITÉ\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\SYLVIE~2\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\SYLVIE~1.SYL\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.SYL\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Sylvie PHILIPPE\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\marie\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\SYLVIE~2\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\SYLVIE~1.SYL\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.SYL\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Sylvie PHILIPPE\menud+~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Sylvie PHILIPPE\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\marie\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\SYLVIE~2\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\SYLVIE~1.SYL\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1.SYL\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Sylvie PHILIPPE\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\marie\locals~1\applic~1" :


* Dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" :


* Dans "C:\DOCUME~1\SYLVIE~2\locals~1\applic~1" :


* Dans "C:\DOCUME~1\SYLVIE~1.SYL\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1.SYL\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 12/01/2009 à 12:59:14,75 ***

Et voici le rapport de OTMovelt :

========== FILES ==========
File/Folder C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner not found.
File/Folder C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Webs­ite.url not found.
File/Folder C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Conf­identialit‚.url not found.
File/Folder C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Cond­itions g‚n‚rales.url not found.
File/Folder C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\InternetGameBox not found.
File/Folder C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\InternetGameBox\Websi­te.url not found.
File/Folder C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\InternetGameBox\Confi­dentialit‚.url not found.
File/Folder C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\InternetGameBox\Condi­tions g‚n‚rales.url not found.
File/Folder C:\DOCUME~1\SYLVIE~1\MENUD~1\PROGRA~1\Spyware-Secure not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\~DF9A9C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\~DF4DC8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\etilqs_OgycFta02w8JoLmDI8ln scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\XUL.mfl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01122009_130739

Files moved on Reboot...
C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\~DF9A9C.tmp moved successfully.
C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\~DF4DC8.tmp moved successfully.
File C:\DOCUME~1\SYLVIE~1\LOCALS~1\Temp\etilqs_OgycFta02w8JoLmDI8ln not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\XUL.mfl moved successfully.
C:\Documents and Settings\Sylvie PHILIPPE\Local Settings\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\urlclassifier3.sqlite moved successfully.

Et voici le rapport de ToolsCleaner :

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\fixnavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Sylvie PHILIPPE\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\Sylvie PHILIPPE\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Sylvie PHILIPPE\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Sylvie PHILIPPE\Bureau\Rsit.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\VCOM\Fix-It\LSPFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Sylvie PHILIPPE\Bureau\Navilog1.exe: supprimé !
C:\Documents and Settings\Sylvie PHILIPPE\Bureau\ToolBarSD.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\VCOM\Fix-It\LSPFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\fixnavi.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\Sylvie PHILIPPE\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Sylvie PHILIPPE\Bureau\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
Sauvegarde du registre crée !
Point de restauration crée !

--------------------------------------------------------

Je te remercie pour ta disponibilité et ton aide. Mon ordi est plus réactif.
Juste une dernière question : y-a-t'il des logiciels que j'ai téléchargé à supprimer (AD-R.exe, Ad-remover, OTMovelt3(2).exe et ToolsCleaner) ou que je dois utiliser à l'occasion pour nettoyer mon ordi ?

Je crois que j'ai criée victoire trop tôt, il m'est un temps fous pour télécharger les pages et pourtant je n'ai que 2 onglets d'ouvert.

Autrement comme anti-virus j'ai déjà Avira Premium Sécurity Suite, MalwareByte's Anti-Malware, SPYWAREBLASTER et je navigue qu'avec Mozilla firefox

J'ai tout ce qu'il faut pour protéger mon ordi, non ?

Et voici le rapport de ComboFix :

ComboFix 09-01-11.03 - Sylvie PHILIPPE 2009-01-12 14:03:17.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.959.570 [GMT 1:00]
Lancé depuis: c:\documents and settings\Sylvie PHILIPPE\Bureau\ComboFix.exe
AV: Avira Premium Security Suite *On-access scanning disabled* (Outdated)
FW: Avira Pare-feu *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Website.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Website.url
c:\documents and settings\Sylvie PHILIPPE\Menu Démarrer\Programmes\Spyware-Secure
c:\documents and settings\Sylvie PHILIPPE\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk
D:\install.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-12 au 2009-01-12 ))))))))))))))))))))))))))))))))))))
.

2009-01-12 13:21 . 2009-01-12 13:21 108,461,592 --a------ C:\Sauv.reg
2009-01-12 12:29 . 2009-01-12 12:29 <REP> d-------- c:\program files\Ad-remover
2009-01-11 10:06 . 2009-01-11 10:06 <REP> d-------- c:\program files\Windows Live Favorites
2009-01-11 10:06 . 2009-01-11 10:06 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2009-01-11 10:06 . 2009-01-11 10:06 <REP> d-------- c:\documents and settings\All Users\Application Data\agi
2009-01-11 10:05 . 2009-01-11 10:05 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-11 10:05 . 2009-01-11 10:05 <REP> d-------- c:\documents and settings\marie\Application Data\VCOM
2009-01-10 15:41 . 2009-01-10 15:41 <REP> d-------- c:\documents and settings\Sylvie PHILIPPE\Application Data\agi
2009-01-10 14:57 . 2009-01-10 17:30 2,117,632 --a------ c:\windows\system32\python25.dll
2009-01-10 14:57 . 2009-01-10 17:30 339,968 --a------ c:\windows\system32\pythoncom25.dll
2009-01-10 14:57 . 2009-01-10 17:30 114,688 --a------ c:\windows\system32\pywintypes25.dll
2009-01-10 14:56 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip
2009-01-10 14:41 . 2009-01-10 14:41 <REP> d-------- c:\program files\AGI
2009-01-09 16:24 . 2009-01-09 16:24 <REP> d-------- c:\documents and settings\Sylvie PHILIPPE\Application Data\MSNInstaller
2009-01-09 16:16 . 2009-01-09 16:16 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-01-03 16:04 . 2009-01-03 16:04 <REP> d-------- c:\documents and settings\Sylvie PHILIPPE\Tracing
2009-01-03 15:49 . 2009-01-03 15:49 <REP> d-------- c:\program files\Microsoft
2009-01-03 15:34 . 2009-01-03 15:34 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-31 10:04 . 2008-12-31 10:05 8,192 --ahs---- c:\windows\Thumbs.db
2008-12-28 10:55 . 2008-12-28 10:55 <REP> d-------- C:\Driver Backup 12-28-2008-105410
2008-12-26 19:23 . 2008-12-26 19:23 <REP> d-------- c:\program files\DIFX
2008-12-26 19:22 . 2008-07-14 16:40 18,560 --a------ c:\windows\system32\drivers\FlyUsb.sys
2008-12-26 19:22 . 2008-12-27 11:05 558 --a------ C:\logfile.dat
2008-12-26 19:20 . 2008-12-26 19:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Leapfrog
2008-12-26 19:20 . 2008-12-26 19:22 488 --a------ c:\windows\{687EAE16-F2E7-4B96-B58C-AC09F9119B8C}_WiseFW.ini
2008-12-26 18:58 . 2008-12-26 18:58 <REP> d-------- c:\program files\LeapFrog
2008-12-26 10:54 . 2008-12-26 10:54 <REP> d-------- c:\documents and settings\Sylvie Internet.SYLVIE\Application Data\Iconix
2008-12-26 10:54 . 2008-12-26 10:55 308 --a------ c:\windows\wininit.ini
2008-12-26 10:52 . 2008-12-26 10:52 <REP> d-------- c:\documents and settings\Sylvie Internet.SYLVIE\Application Data\VCOM
2008-12-24 10:54 . 2008-12-24 10:54 <REP> d-------- c:\documents and settings\LocalService\Application Data\VCOM
2008-12-24 10:53 . 2008-12-24 10:54 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-21 11:11 . 2008-12-21 11:11 <REP> d-------- c:\program files\Western Digital
2008-12-18 11:48 . 2008-12-13 07:37 3,593,216 --a------ c:\windows\system32\SET23.tmp
2008-12-12 11:37 . 2008-12-12 11:37 <REP> d-------- c:\documents and settings\Sylvie PHILIPPE\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 11:35 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 14:51 --------- d-----w c:\program files\Avira
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-12-01 11:36 --------- d-----w c:\program files\PDFCreator
2008-11-27 13:28 --------- d-----w c:\documents and settings\Sylvie PHILIPPE\Application Data\Facebook
2008-11-19 15:02 --------- d-----w c:\documents and settings\Sylvie PHILIPPE\Application Data\OpenOffice.org
2008-11-19 14:50 --------- d-----w c:\program files\OpenOffice.org 3
2008-11-15 10:57 --------- d-----w c:\program files\Microsoft Baseline Security Analyzer 2
2008-11-15 10:50 --------- d-----w c:\program files\RogueRemover FREE
2008-11-12 09:38 --------- d-----w c:\documents and settings\Sylvie PHILIPPE\Application Data\Iconix
2008-11-12 09:38 --------- d-----w c:\documents and settings\All Users\Application Data\Iconix
2008-11-12 09:37 --------- d-----w c:\program files\Iconix
2008-11-12 09:37 --------- d-----w c:\program files\Fichiers communs\Iconix
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\SET1F.tmp
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-09-08 11:54 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-05-21 19:59 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-21 13:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008052120080522\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Magentic"="c:\progra~1\MAGENTIC\bin\Magentic.exe" [2008-03-09 480648]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-21 68856]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-21 29744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_4.exe" [2008-11-10 333584]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"TagMonitor"="c:\program files\LeapFrog\LeapFrog Connect Tag\bin\TagMonitor.exe" [2008-07-14 886088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SiSPower"="SiSPower.dll" [2005-07-13 c:\windows\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

c:\documents and settings\Sylvie PHILIPPE\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2008-04-10 479232]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-07-06 262144]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-08-29 118784]
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2008-04-10 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.NSPAC"= NSPAC32.ACM
"MSACM.voxacm118"= vdk32118.acm
"MSACM.NSX83"= NSX83P32.ACM
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\documents and settings\Sylvie PHILIPPE\Application Data\Facebook\facebook.exe"= c:\documents and settings\Sylvie PHILIPPE\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\LeapFrog\\LeapFrog Connect Tag\\bin\\TAGMonitor.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect Tag\\bin\\LeapFrogConnectTag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2008-12-11 71592]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2008-12-11 71464]
R4 AntiVirFirewallService;Avira Premium Security Suite Pare-feu;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-12-11 344321]
R4 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\avwebgrd.exe [2008-12-11 258305]
R4 AVEService;Service d'assistance Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2008-12-11 41217]
R4 IconixService;Iconix Update Service;c:\program files\Fichiers communs\Iconix\IconixService.exe [2008-11-12 258832]
R4 Réparez et Protégez votre PC Task Manager;Réparez et Protégez votre PC Task Manager;c:\progra~1\VCOM\Fix-It\mxtask.exe -Service --> c:\progra~1\VCOM\Fix-It\mxtask.exe -Service [?]
R4 tmpreflt;tmpreflt;c:\progra~1\VCOM\Fix-It\tmpreflt.sys [2007-08-15 32528]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-26 18560]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-21 29744]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);c:\windows\system32\drivers\se57bus.sys [2008-01-07 61536]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;c:\windows\system32\drivers\se57mdfl.sys [2008-01-07 9360]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;c:\windows\system32\drivers\se57mdm.sys [2008-01-07 97088]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se57mgmt.sys [2008-01-07 88624]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);c:\windows\system32\drivers\se57nd5.sys [2008-01-07 18704]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;c:\windows\system32\drivers\se57obex.sys [2008-01-07 86432]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);c:\windows\system32\drivers\se57unic.sys [2008-01-07 90800]
S4 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [2008-12-11 164097]
S4 bsaspi32;bsaspi32; [x]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
LSP: c:\program files\VCOM\Fix-It\MxAVLsp.dll
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Sylvie PHILIPPE\Application Data\Mozilla\Firefox\Profiles\kfprvv9j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
userœ÷FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npIconixProxy3.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\np32dsw.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npaudio.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npavi32.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npcosmop.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\NPEvery.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\nplau32.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\NPMetaStream3.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npnul32.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\NPSWF32.dll
FF - plugin: c:\program files\Netscape\Navigator\Program\Plugins\npwmsdrm.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 14:08:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3654143760-2950387367-1212085495-1006\Software\AFW Applications\Plus de 200 000 Cliparts et Photos\Wizard Background*]
"???????e??r"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(796)
c:\program files\VCOM\Fix-It\MxAVLsp.dll
c:\program files\VCOM\Fix-It\MXPM.DLL
c:\windows\system32\avsda.dll
c:\program files\VCOM\Fix-It\MXR.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVIRA\AVIRA PREMIUM SECURITY SUITE\SCHED.EXE
c:\program files\AVIRA\AVIRA PREMIUM SECURITY SUITE\AVGUARD.EXE
c:\windows\SYSTEM32\E_S00RP1.EXE
c:\program files\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\VCOM\FIX-IT\MXTASK.EXE
c:\windows\SYSTEM32\SAGENT4.EXE
c:\program files\VCOM\FIX-IT\MXTASK.EXE
c:\progra~1\MAGENTIC\bin\MgApp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Heure de fin: 2009-01-12 14:11:20 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-12 13:11:18

Avant-CF: 67 953 819 648 octets libres
Après-CF: 68,003,692,544 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

305 --- E O F --- 2008-12-19 08:48:34

J'ai pas l'impression que ça a suffit, il a fallu 4 minutes pour qu'il me charge ta réponse!!!!!!!!!!!
Widows Live Hotmail rame dur pour m'ouvrir mes messages

Et en plus avec Combofix j'ai internet explore qui s'est installé sur mon bureau. Et il y a toujours AD-R.exe, Ad-remover, OTMovelts3.exe et ToolsCleaner2.exe sur mon bureau suite aux manipulations de tout à l'heure. Je dois peut-être les enlever ?

Est-ce que je peux également virer Microsoft Internet Explorer Administration kit 5 dans le panneau de configuration ?
Autrement super, de retour rapide. Merci pour la disponibilité et de tout ce temps passé à m'aider.

C'est OK tout fonctionne comme il faut, je te remercie pour ton aide.